[sr-dev] git:4.1: acc: clear new parsed headers when evaluating acc attributes
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jun 12 12:18:59 CEST 2014
Module: sip-router
Branch: 4.1
Commit: b634dbace0d0f8ecf061252423374a24288f9fe2
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b634dbace0d0f8ecf061252423374a24288f9fe2
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Thu Jun 12 12:12:02 2014 +0200
acc: clear new parsed headers when evaluating acc attributes
- the structures are in pkg, while request is taken from shm clone, can
cause reference to the space of another process
- reported by Igor Potjevlesch
(cherry picked from commit e6c0c2f9871eab5a73371d48dfa24e4ece2512d8)
---
modules/acc/acc_logic.c | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/modules/acc/acc_logic.c b/modules/acc/acc_logic.c
index 3353bcd..fa6cd8c 100644
--- a/modules/acc/acc_logic.c
+++ b/modules/acc/acc_logic.c
@@ -426,6 +426,7 @@ static inline void acc_onreply( struct cell* t, struct sip_msg *req,
{
str new_uri_bk;
int br = -1;
+ hdr_field_t *hdr;
/* acc_onreply is bound to TMCB_REPLY which may be called
from _reply, like when FR hits; we should not miss this
@@ -488,6 +489,19 @@ static inline void acc_onreply( struct cell* t, struct sip_msg *req,
req->new_uri = new_uri_bk;
req->parsed_uri_ok = 0;
}
+
+ /* free header's parsed structures that were added by resolving acc attributes */
+ for( hdr=req->headers ; hdr ; hdr=hdr->next ) {
+ if ( hdr->parsed && hdr_allocs_parse(hdr) &&
+ (hdr->parsed<(void*)t->uas.request ||
+ hdr->parsed>=(void*)t->uas.end_request)) {
+ /* header parsed filed doesn't point inside uas.request memory
+ * chunck -> it was added by resolving acc attributes -> free it as pkg */
+ DBG("removing hdr->parsed %d\n", hdr->type);
+ clean_hdr_field(hdr);
+ hdr->parsed = 0;
+ }
+ }
}
More information about the sr-dev
mailing list