[sr-dev] git:4.4:9aae641c: rtpengine: init rtp engine sockets array after allocation

Mon Jul 11 18:19:23 CEST 2016

Module: kamailio
Branch: 4.4
Commit: 9aae641cd6e9fcb28d1f4a7b1c9bb8be1adcf7ef
URL: https://github.com/kamailio/kamailio/commit/9aae641cd6e9fcb28d1f4a7b1c9bb8be1adcf7ef

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2016-07-11T18:01:28+02:00

rtpengine: init rtp engine sockets array after allocation

- it can result in closing the random values found in memory, which can
  overlap with valid sockets, due to follow up execution of
  build_rtpp_socks()
- do not init sockets for PROC_MAIN (for for=yes) and PROC_INIT to avoid
  duplicating sockets with child processed

(cherry picked from commit d76761bf95a5745240d655ee63241b8d4652611d)

---

Modified: modules/rtpengine/rtpengine.c

---

Diff:  https://github.com/kamailio/kamailio/commit/9aae641cd6e9fcb28d1f4a7b1c9bb8be1adcf7ef.diff
Patch: https://github.com/kamailio/kamailio/commit/9aae641cd6e9fcb28d1f4a7b1c9bb8be1adcf7ef.patch

---

diff --git a/modules/rtpengine/rtpengine.c b/modules/rtpengine/rtpengine.c
index 5fe83b0..afb9315 100644
--- a/modules/rtpengine/rtpengine.c
+++ b/modules/rtpengine/rtpengine.c
@@ -1809,6 +1809,7 @@ static int build_rtpp_socks(unsigned int current_rtpp_no) {
 	for (i = 0; i < rtpp_socks_size; i++) {
 		if (rtpp_socks[i] >= 0) {
 			close(rtpp_socks[i]);
+			rtpp_socks[i] = -1;
 		}
 	}
 
@@ -1818,6 +1819,7 @@ static int build_rtpp_socks(unsigned int current_rtpp_no) {
 		LM_ERR("no more pkg memory for rtpp_socks\n");
 		return -1;
 	}
+	memset(rtpp_socks, -1, sizeof(int)*(rtpp_socks_size));
 
 	lock_get(rtpp_set_list->rset_head_lock);
 	for (rtpp_list = rtpp_set_list->rset_first; rtpp_list != 0;
@@ -1911,6 +1913,11 @@ child_init(int rank)
 	if(!rtpp_set_list)
 		return 0;
 
+	/* do not init sockets for PROC_INIT and main process when fork=yes */
+	if(rank==PROC_INIT || (rank==PROC_MAIN && dont_fork==0)) {
+		return 0;
+	}
+
 	mypid = getpid();
 
 	lock_get(rtpp_no_lock);
@@ -1921,6 +1928,7 @@ child_init(int rank)
 	if (!rtpp_socks) {
 		return -1;
 	}
+	memset(rtpp_socks, -1, sizeof(int)*(rtpp_socks_size));
 
 	// vector of pointers to queried nodes
 	queried_nodes_ptr = (struct rtpp_node**)pkg_malloc(queried_nodes_limit * sizeof(struct rtpp_node*));


