[Kamailio-Devel] [ openser-Bugs-2092890 ] nathelper concurrency issue

SourceForge.net noreply at sourceforge.net
Thu Sep 11 15:38:26 CEST 2008


Bugs item #2092890, was opened at 2008-09-04 09:55
Message generated for change (Comment added) made by henningw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2092890&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: modules
>Group: ver 1.4.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Henning Westerholt (henningw)
Summary: nathelper concurrency issue

Initial Comment:
nathelper.c:child_init

the following piece of code is unsafe. pnode->rn_address is written to without proper precaution.

the code causes SIGCHLD when:
- process A removes the colon
- process B detects there is no colon (because A removed it)
- process A restores the colon
- process B invokes getaddrinfo on the restored string, which is an invalid hostname

i suggest creating a temp variable to hold the hostname (without colon)

-- code --

old_colon = cp = strrchr(pnode->rn_address, ':');
if (cp != NULL) {
	old_colon = cp;
	*cp = '\0';
	cp++;
}
if (cp == NULL || *cp == '\0')
	cp = CPORT;

memset(&hints, 0, sizeof(hints));
hints.ai_flags = 0;
hints.ai_family = (pnode->rn_umode == 6) ? AF_INET6 : AF_INET;
hints.ai_socktype = SOCK_DGRAM;
if ((n = getaddrinfo(pnode->rn_address, cp, &hints, &res)) != 0) {
	LM_ERR("%s\n", gai_strerror(n));
	return -1;
}
if (old_colon)
	*old_colon = ':'; /* restore rn_address */

----------------------------------------------------------------------

>Comment By: Henning Westerholt (henningw)
Date: 2008-09-11 13:38

Message:
Hi,

do you think the fix from #2105556 should be backported to the 1.3 and 1.4
branches? How frequent this problem happens in your installation?
 
Henning

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2092890&group_id=139143



More information about the Devel mailing list