[sr-dev] [tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability
sip-router
admin at sip-router.org
Mon Nov 7 23:53:21 CET 2011
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#173 - Double Free -- Crash/Coredump and possible security vulnerability
User who did this - Timo Reimann (tr)
----------
I applied patches to master (commit 8ca6de5) and 3.2 (commit baed41) branches that fix a problem with the usage of dialog variables.
Details: The flag to indicate that a dialog variable was changed (DLG_FLAG_CHANGED_VARS) was set with the wrong operator (&= as opposed to |=). This caused all other dialog flags to reset, including DLG_FLAG_TM introduced to master/3.2 in order to improve dialog handling of stateless responses. With DLG_FLAG_TM effectively rendered useless, the reference counter would be decremented too many times, thereby causing a double-free.
Have you been using dialog variables (possibly indirectly by means of CDR generation in the acc module)? If so, could you try to verify that the bug is fixed in the latest 3.2 branch?
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=173#comment334
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the sr-dev
mailing list