[OpenSIPS-Devel] [OpenSIPS/opensips] 891ebc: cachedb_memcached: fix NULL deref when memcached_c...
Ravitez Dondeti
noreply at github.com
Tue Apr 7 15:48:14 UTC 2026
Branch: refs/heads/3.4
Home: https://github.com/OpenSIPS/opensips
Commit: 891ebc9a510e66b9d2ec7beec73b29e91819616e
https://github.com/OpenSIPS/opensips/commit/891ebc9a510e66b9d2ec7beec73b29e91819616e
Author: rdondeti <ravitez.dondeti at gmail.com>
Date: 2026-04-07 (Tue, 07 Apr 2026)
Changed paths:
M modules/cachedb_memcached/cachedb_memcached.c
Log Message:
-----------
cachedb_memcached: fix NULL deref when memcached_create() returns NULL
memcached_create(NULL) can return NULL on allocation failure. The existing
code never checks the return value, so a NULL memc pointer falls through to
memcached_server_push(NULL, ...) which dereferences the NULL pointer.
Add an explicit NULL check after memcached_create(), following the existing
error-handling pattern in the function (pkg_free + return 0).
Found during a systematic audit of cachedb backends following the
cachedb_redis NULL-deref fix in commit 8fb569cb3.
(cherry picked from commit 9fea57eeaf5c687f49a952692b2b7530ec66a7ee)
Commit: d133b7aed69982eabec0a074687d1de73f55e860
https://github.com/OpenSIPS/opensips/commit/d133b7aed69982eabec0a074687d1de73f55e860
Author: rdondeti <ravitez.dondeti at gmail.com>
Date: 2026-04-07 (Tue, 07 Apr 2026)
Changed paths:
M modules/cachedb_cassandra/cachedb_cassandra_dbase.c
Log Message:
-----------
cachedb_cassandra: fix NULL deref when cass_cluster_new() returns NULL
cass_cluster_new() can return NULL on allocation failure. The existing code
has a NULL check, but it comes after cass_cluster_set_credentials() already
uses the pointer (when credentials are configured), so a NULL return causes
a crash before the check is reached.
Move the NULL check to immediately after cass_cluster_new(), before any use
of the returned pointer.
Found during a systematic audit of cachedb backends following the
cachedb_redis NULL-deref fix in commit 8fb569cb3.
(cherry picked from commit 8f959e73c79bf42d06ce2ee7406a80ab9edb8ca1)
Commit: 6f712264d7b5b207202a02f97c550906035c737f
https://github.com/OpenSIPS/opensips/commit/6f712264d7b5b207202a02f97c550906035c737f
Author: rdondeti <ravitez.dondeti at gmail.com>
Date: 2026-04-07 (Tue, 07 Apr 2026)
Changed paths:
M modules/jsonrpc/jsonrpc.c
Log Message:
-----------
jsonrpc: fix NULL deref and object leak in jsonrpc_handle_cmd()
cJSON_Print() can return NULL on allocation failure. The existing code
passes the return value directly to strlen() without a NULL check,
causing a crash on two separate code paths (error and result handling).
Add NULL checks after both cJSON_Print() calls.
Additionally, the cJSON tree allocated by cJSON_Parse() at the start of
the function is never freed. Add cJSON_Delete(obj) to the cleanup path.
Found during a systematic audit of cJSON return value handling across
modules, following the janus leak fixes in commit f9fb3ea3e.
(cherry picked from commit 6fc6acac8e8a669655d92346a8ad61af16671274)
Commit: 1ec9abcaafe0966189c72586dd568fc6860ba0c6
https://github.com/OpenSIPS/opensips/commit/1ec9abcaafe0966189c72586dd568fc6860ba0c6
Author: rdondeti <ravitez.dondeti at gmail.com>
Date: 2026-04-07 (Tue, 07 Apr 2026)
Changed paths:
M modules/rtpengine/rtpengine.c
Log Message:
-----------
rtpengine: fix NULL deref from unchecked cJSON_PrintUnformatted()
In rtpengine_raise_event(), cJSON_PrintUnformatted() can return NULL on
allocation failure. The return value is passed directly to strlen() and
then to cJSON_PurgeString(), both of which will crash on a NULL pointer.
Add a NULL check before using the return value, and skip the parameter
on failure.
Found during a systematic audit of cJSON return value handling across
modules, following the janus leak fixes in commit f9fb3ea3e.
(cherry picked from commit cf5fb629cc08fc4c20b105df0a6131f5574e7f66)
Compare: https://github.com/OpenSIPS/opensips/compare/bfff514480c5...1ec9abcaafe0
To unsubscribe from these emails, change your notification settings at https://github.com/OpenSIPS/opensips/settings/notifications
More information about the Devel
mailing list