sr-dev September 2009

sr-dev@lists.kamailio.org

32 participants
207 discussions

[ openser-Bugs-2851214 ] Registrar leaks contacts from unrelated users

by SourceForge.net

Bugs item #2851214, was opened at 2009-09-04 14:26 Message generated for change (Settings changed) made by henningw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2851214&group_… Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: modules Group: ver 1.5.x >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Alex Hermann (axlh) >Assigned to: Henning Westerholt (henningw) Summary: Registrar leaks contacts from unrelated users Initial Comment: When an AOR with no active registrations queries for its current bindings (Contact: *, Expires: 0), the registrar returns the bindings of the AOR who was last handled by the same process instead of returning an empty list. Attached patch fixes this. Applies to 1.4 as well as 1.5. Btw, why does every caller of get_urecord() check for negative return code??? The function can only return 0 or 1. ---------------------------------------------------------------------- >Comment By: Henning Westerholt (henningw) Date: 2009-09-04 16:13 Message: Thanks for the patch Alex, i've applied it to the 1.3, 1.4 and 1.5 branches. With regards to your question, indeed this is strange. Perhaps in the past the function used to return a negative return value? Patches for this (against the sr master branch) are ok course welcome. :-) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2851214&group_…

15 years, 3 months

SF.net SVN: openser:[5923] branches

by Henning Westerholt

Revision: 5923 http://openser.svn.sourceforge.net/openser/?rev=5923&view=rev Author: henningw Date: 2009-09-04 16:10:01 +0000 (Fri, 04 Sep 2009) Log Message: ----------- - fix information leak bug in registrar: When an AOR with no active registrations queries for its current bindings (Contact: *, Expires: 0), the registrar returns the bindings of the AOR who was last handled by the same process instead of returning an empty list. - closes #2851214, patch from Alex Hermann Modified Paths: -------------- branches/1.3/modules/registrar/save.c branches/1.4/modules/registrar/save.c branches/1.5/modules/registrar/save.c This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

15 years, 3 months

git:master: userblacklist(k): add new function 'check_user_whitelist'

by Henning Westerholt

Module: sip-router Branch: master Commit: 9a0b182593cd4709cc73c463a916de6a78aa7ccc URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9a0b182… Author: Henning Westerholt <henning.westerholt(a)1und1.de> Committer: Henning Westerholt <henning.westerholt(a)1und1.de> Date: Fri Sep 4 17:44:43 2009 +0200 userblacklist(k): add new function 'check_user_whitelist' - add new function 'check_user whitelist' - patch from Alexandr Dubovikov, Alexandr dot Dubovikov at qsc dot de - works like the existing check_user_blacklist, but return -1 when not the user is not found --- modules_k/userblacklist/README | 353 ++++++++++++-------- .../userblacklist/doc/userblacklist_admin.xml | 35 ++- modules_k/userblacklist/userblacklist.c | 29 ++- 3 files changed, 272 insertions(+), 145 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=9a0…

15 years, 3 months

git:master: userblacklist(k): fix error in check_user_blacklist DB code

by Henning Westerholt

Module: sip-router Branch: master Commit: 9566b04be793c5a4219cd0ebb55f95b7659d2e41 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9566b04… Author: Henning Westerholt <henning.westerholt(a)1und1.de> Committer: Henning Westerholt <henning.westerholt(a)1und1.de> Date: Fri Sep 4 17:56:31 2009 +0200 userblacklist(k): fix error in check_user_blacklist DB code - fix an error in the check_user_blacklist DB code, we need to return the WHITELIST node when we found a value != zero - reported from Alexandr Dubovikov, Alexandr dot Dubovikov at qsc dot de --- modules_k/userblacklist/db.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/modules_k/userblacklist/db.c b/modules_k/userblacklist/db.c index c2613c1..fc8c915 100644 --- a/modules_k/userblacklist/db.c +++ b/modules_k/userblacklist/db.c @@ -78,7 +78,11 @@ int db_build_userbl_tree(const str *username, const str *domain, const str *tabl /* LM_DBG("insert into tree prefix %s, whitelist %d", RES_ROWS(res)[i].values[0].val.string_val, RES_ROWS(res)[i].values[1].val.int_val); */ - if (RES_ROWS(res)[i].values[1].val.int_val == 0) nodeflags=(void *)MARK_BLACKLIST; + if (RES_ROWS(res)[i].values[1].val.int_val == 0) { + nodeflags=(void *)MARK_BLACKLIST; + } else { + nodeflags=(void *)MARK_WHITELIST; + } if (dtrie_insert(root, RES_ROWS(res)[i].values[0].val.string_val, strlen(RES_ROWS(res)[i].values[0].val.string_val), nodeflags, 10) < 0) LM_ERR("could not insert values into trie.\n"); n++;

15 years, 3 months

SF.net SVN: openser:[5922] branches/1.5/modules/userblacklist/db.c

by Henning Westerholt

Revision: 5922 http://openser.svn.sourceforge.net/openser/?rev=5922&view=rev Author: henningw Date: 2009-09-04 15:58:17 +0000 (Fri, 04 Sep 2009) Log Message: ----------- - port from git 9566b04be79: fix error in check_user_blacklist DB code Modified Paths: -------------- branches/1.5/modules/userblacklist/db.c This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

15 years, 3 months

[ openser-Bugs-2851214 ] Registrar leaks contacts from unrelated users

by SourceForge.net

Bugs item #2851214, was opened at 2009-09-04 16:26 Message generated for change (Tracker Item Submitted) made by axlh You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2851214&group_… Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: modules Group: ver 1.5.x Status: Open Resolution: None Priority: 5 Private: No Submitted By: Alex Hermann (axlh) Assigned to: Nobody/Anonymous (nobody) Summary: Registrar leaks contacts from unrelated users Initial Comment: When an AOR with no active registrations queries for its current bindings (Contact: *, Expires: 0), the registrar returns the bindings of the AOR who was last handled by the same process instead of returning an empty list. Attached patch fixes this. Applies to 1.4 as well as 1.5. Btw, why does every caller of get_urecord() check for negative return code??? The function can only return 0 or 1. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2851214&group_…

15 years, 3 months

SF.net SVN: openser:[5921] branches/1.5/modules/siputils

by Henning Westerholt

Revision: 5921 http://openser.svn.sourceforge.net/openser/?rev=5921&view=rev Author: henningw Date: 2009-09-04 13:04:06 +0000 (Fri, 04 Sep 2009) Log Message: ----------- - small docs clarification related to ring_insert_callid function Modified Paths: -------------- branches/1.5/modules/siputils/README branches/1.5/modules/siputils/doc/siputils_admin.xml This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

15 years, 3 months

test if $var has been give a value

by jh＠tutpro.com

why does test if ($var(test)) ... fail even when $var(test) has a non-empty string value? the test works, if i do it like this: if ($var(test) != 0) ... i'm pretty sure that in k also the first version of the test works. -- juha

15 years, 3 months

git:master: oob cfg: merged changes from last SIPit

by Nils Ohlmeier

Module: sip-router Branch: master Commit: 3e493f4d363966db93bc32bca62c10ca6a14b927 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=3e493f4… Author: Nils Ohlmeier <lando(a)bespin.rfc3261.net> Committer: Nils Ohlmeier <lando(a)bespin.rfc3261.net> Date: Thu Sep 3 16:22:48 2009 +0200 oob cfg: merged changes from last SIPit This version of sip-router-oob.cfg was successfully tested at SIPit 24. The changes are: - re-organzied the NAT detection - added lots of comments about NAT detection - renamed the record- and loose-routes - added an inactive ENUM route - activated DNS NAPTR and SRV options - disabled TCP async to allow usage of TLS - disabled the files limit as this prevents the usage of the config as non-root user on most systems --- etc/sip-router-oob.cfg | 176 ++++++++++++++++++++++++++++++++++-------------- 1 files changed, 126 insertions(+), 50 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=3e4…

15 years, 3 months

git:master: domain(k): regenerated readme

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: c92d65efc7ea5abb4c4a718ff5e90e2ec7ad6cb3 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c92d65e… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Thu Sep 3 14:43:29 2009 +0200 domain(k): regenerated readme - include new parameter 'register_myself' --- modules_k/domain/README | 235 +++++++++++++++++++++++++++++------------------ 1 files changed, 144 insertions(+), 91 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=c92…

15 years, 3 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev September 2009