[Kamailio-Devel] [ openser-Bugs-2092890 ] nathelper concurrency issue
SourceForge.net
noreply at sourceforge.net
Thu Sep 4 11:55:25 CEST 2008
Bugs item #2092890, was opened at 2008-09-04 09:55
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2092890&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: nathelper concurrency issue
Initial Comment:
nathelper.c:child_init
the following piece of code is unsafe. pnode->rn_address is written to without proper precaution.
the code causes SIGCHLD when:
- process A removes the colon
- process B detects there is no colon (because A removed it)
- process A restores the colon
- process B invokes getaddrinfo on the restored string, which is an invalid hostname
i suggest creating a temp variable to hold the hostname (without colon)
-- code --
old_colon = cp = strrchr(pnode->rn_address, ':');
if (cp != NULL) {
old_colon = cp;
*cp = '\0';
cp++;
}
if (cp == NULL || *cp == '\0')
cp = CPORT;
memset(&hints, 0, sizeof(hints));
hints.ai_flags = 0;
hints.ai_family = (pnode->rn_umode == 6) ? AF_INET6 : AF_INET;
hints.ai_socktype = SOCK_DGRAM;
if ((n = getaddrinfo(pnode->rn_address, cp, &hints, &res)) != 0) {
LM_ERR("%s\n", gai_strerror(n));
return -1;
}
if (old_colon)
*old_colon = ':'; /* restore rn_address */
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2092890&group_id=139143
More information about the Devel
mailing list