Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
…saction
doc/ subfolder, the README file is autogenerated)When the UAC is used to send an outbound REGISTER message to an endpoint and has an incorrect password resulting in all messages with or without an authorization header being responded to with a 401/407 it is possible and likely that shared memory will be corrupted resulting in core dumps.
The response to the initial register calls into the uac modules uac_send_tm_callback where it generates the authorization constructs a a new request info that has a reference to the existing tp. As a result the 2 transactions and associated timers will have race conditions and ultimately can both attempt to deallocate the shared tp object in either uac_send_tm_callback or uac_resend_tm_callback.
As a solution I use the existing clone function uac_r.cbp = (void *)uac_send_info_clone(tp); which allows each transaction to use and deallocate only their own copy.
In addition to this a sanity check was also added around the to object where it was being used after a possible deallocation.
https://github.com/kamailio/kamailio/pull/4210
(1 file)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.