[sr-dev] [tracker] Comment added: Double Free -- Crash/Coredump and possible security vulnerability

[sip-router]

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has a new comment added:

FS#173 - Double Free -- Crash/Coredump and possible security vulnerability
User who did this - Bayan Towfiq (btowfiq)

----------
Timo, just a note:
on the unpatched 3.2 (not including the new patches/branch/ or workaround solution) changing the config file stopped it from crashing.  Here is the diff.  Do you think it may have something to do with the dlg variables in branch_route or the dlg_manage changing to setflag(4)?

 1 --- natproxy.cfg.old    2011-11-22 09:17:31.888043699 +0000
 2 +++ natproxy.cfg    2011-11-22 08:30:52.182372274 +0000
 3 @@ -94,11 +95,13 @@
 4 
 5  modparam("ctl", "binrpc", "/tmp/ser_ctl")
 6 
 7  modparam("sanity", "autodrop", 0)
 8 
 9  include_file "/usr/local/etc/kamailio/natproxy-modulesconfig.cfg"
10 
11 -flags inbound_call, hash_id, hash_entry;
12 +flags inbound_call;
13 
14 
15  route{
16 @@ -172,10 +175,7 @@
17      }
18 
19      if(allow_trusted() && is_method("INVITE")) {
20 -        dlg_manage();
21 -        $avp(hash_entry) = $dlg(h_entry);
22 -        $avp(hash_id) = $dlg(h_id);
23 +        setflag(4);
24          $dlg_ctx(timeout_bye) = 1;
25          setflag(inbound_call);
26          if(is_present_hf("X-Reject")) {
27 @@ -690,8 +687,7 @@
28 
29  onreply_route[1] {
30      if($rm == "INVITE" && isflagset(inbound_call)) {
31 -        append_hf("X-Hash: $avp(hash_entry):$avp(hash_id)\r\n"); #Appending hash in onreply_route here
32          append_hf("X-XMLRPC: $sel(cfg_get.xmlrpc.hostport)\r\n");
33      };
34  }
35 @@ -765,12 +761,7 @@
36  }
37 
38  branch_route[1] {
39 -    if($avp(s:dlghash1) == $null) {
40 -        $avp(s:dlghash1) = $dlg(h_entry);
41 -        $avp(s:dlghash2) = $dlg(h_id);
42 -    };
43 -    append_hf("X-Hash: $avp(s:dlghash1):$avp(s:dlghash2)\r\n"); #Appending hash in branch_route here
44      append_hf("X-XMLRPC: $sel(cfg_get.xmlrpc.hostport)\r\n");
45  }
46 

----------

More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=173#comment382

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.