[OpenSIPS-Devel] [OpenSIPS/opensips] 44a73d: parse_via(): Fix out-of-bounds read edge-case (OSS...
Liviu Chircu
noreply at github.com
Tue Nov 8 14:09:40 UTC 2022
Branch: refs/heads/3.2
Home: https://github.com/OpenSIPS/opensips
Commit: 44a73d39ebf3f537800355082a3417b1f8ea6a1b
https://github.com/OpenSIPS/opensips/commit/44a73d39ebf3f537800355082a3417b1f8ea6a1b
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M parser/parse_via.c
M parser/test/test_parser.c
Log Message:
-----------
parse_via(): Fix out-of-bounds read edge-case (OSS-Fuzz)
This patch fixes a possible off-by-one read overflow while parsing the
Via buffer. Even so, the error was mostly harmless, as the supplied
buffer is typically much larger and is guaranteed to be NULL-terminated
(see udp_read_req(), for example).
Severity: Low
Fixes OSS-Fuzz#52326
(cherry picked from commit 5e9f72d3d90e8fc9cb20578a95c891631b4d91da)
Commit: 7e7035148a7338df9ccf63b58ec0116fa81bcac4
https://github.com/OpenSIPS/opensips/commit/7e7035148a7338df9ccf63b58ec0116fa81bcac4
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M modules/db_flatstore/flat_mi.c
M modules/db_flatstore/flat_mi.h
M modules/db_flatstore/flatstore.c
M modules/db_flatstore/flatstore_mod.c
Log Message:
-----------
db_flatstore: Fix missing CDRs due to 'flat_rotate' race conditions
This commit simply adds R/W locking around the 'flat_rotate' MI command,
and all the SIP worker processes. The race condition was as follows:
* SIP worker checks the 'flat_rotate' stamp and proceeds to write CDR
* 'flat_rotate' is ran (timestamp++)
* external process scans & fully reads the rotated file (with deletion
to follow later as well, but this is irrelevant)
* SIP worker finally writes the CDR using flushed/vector'ed I/O
(too late at this point, CDR is forever lost)
(cherry picked from commit d3b1463ee115a8b7d4d6b9658c8b07b9ef3d0549)
Commit: 4ba077c68308650956239851bdd8d4fb981e14ac
https://github.com/OpenSIPS/opensips/commit/4ba077c68308650956239851bdd8d4fb981e14ac
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M modules/db_flatstore/flat_mi.c
M modules/db_flatstore/flatstore.c
M modules/db_flatstore/flatstore_mod.c
M modules/db_flatstore/flatstore_mod.h
Log Message:
-----------
db_flatstore: Fix another race condition around MI 'flat_rotate'
This race condition was related to invoking 'flat_rotate' 2+ times
during the same second (UNIX timestamp). Due to the way the
timestamping logic was implemented, this could lead to files NOT being
rotated at all on the 2nd 'flat_rotate', which falls in the same second.
Although very rare, this race condition could lead to massive CDR loss,
since all CDRs between 2nd and 3rd 'flat_rotate' commands have a great
chance of being fully lost (unread and discarded).
(cherry picked from commit e180b1536e89e7bc8d6e2dd3264786e8531c71d7)
Commit: 592694bfb82efe6ae331fb04b9c417c590c973c7
https://github.com/OpenSIPS/opensips/commit/592694bfb82efe6ae331fb04b9c417c590c973c7
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-11-08 (Tue, 08 Nov 2022)
Changed paths:
M parser/parse_via.c
M parser/test/test_parser.c
Log Message:
-----------
parse_via_param(): Fix out-of-bounds read edge-case (OSS-Fuzz)
Similar to 5e9f72d3d, but for the parse_via_param() function.
Severity: Low
Fixes OSS-Fuzz#53080
(cherry picked from commit 6135ff05d0897342ca5c81585cef5a650eae67b9)
Compare: https://github.com/OpenSIPS/opensips/compare/d9942fbcfd07...592694bfb82e
More information about the Devel
mailing list