[sr-dev] git:3.3: tcp: fix _wbufq_insert bug
Daniel-Constantin Mierla
miconda at gmail.com
Fri Oct 5 16:24:27 CEST 2012
Module: sip-router
Branch: 3.3
Commit: 8732b63bf5371914ba0267a22f45aacefe062ad4
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=8732b63bf5371914ba0267a22f45aacefe062ad4
Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Mon Oct 1 11:55:16 2012 +0200
tcp: fix _wbufq_insert bug
When _wbufq_insert was called on a connection that had already
some data added to the write buffer (another process was faster
and added some data before the process that created the connection
had a chance to do it), a wrong size was used in a memmove.
This could lead either to corrupted messages or even crashes (if
the messages were big enough to cause a buffer overflow).
Many thanks to Jijo for debugging it.
Reported-by: Jijo
(cherry picked from commit 745e30c92336bfc3f8682b2c23e02862db688d9e)
---
tcp_main.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tcp_main.c b/tcp_main.c
index d629647..cc78878 100644
--- a/tcp_main.c
+++ b/tcp_main.c
@@ -808,7 +808,7 @@ inline static int _wbufq_insert(struct tcp_connection* c, const char* data,
}
if ((q->first==q->last) && ((q->last->b_size-q->last_used)>=size)){
/* one block with enough space in it for size bytes */
- memmove(q->first->buf+size, q->first->buf, size);
+ memmove(q->first->buf+size, q->first->buf, q->last_used);
memcpy(q->first->buf, data, size);
q->last_used+=size;
}else{
More information about the sr-dev
mailing list