[sr-dev] [kamailio/kamailio] tsilo: deadlock in ts_append() (#1138)

[vitalikvoip]

vitalikvoip commented on this pull request.



> @@ -250,15 +250,25 @@ static int fixup_ts_append(void** param, int param_no)
  */
 static int w_ts_append(struct sip_msg* _msg, char *_table, char *_ruri)
 {
-	str ruri = {0};
+	str tmp  = STR_NULL;

Well, ts_append() receives "$tu" from the incoming REGISTER requests. "_ruri" parameter name is a bit confusing in this sense. What about the branch route, it works with an outgoing INVITE, while ts_append() is called for REGISTER. It can be moved to ts_append() to be closer to a new branch creation, but this fix works in both cases.

Just FYI, here is what happens in details:
REGISTER comes and we call ts_append(). w_ts_append() calls fixup_get_svalue() which saves the real value to a static buffer from pv_get_buffer(). Then we create a new branch for the previously saved INVITE transaction and its branch route performs script actions and some of them can internally use the same static buffer of this tcp worker process. When branch route returns, we get back to our REGISTER processing and expect that variable "ruri" has the same value, but it's not... So, in a nutshell, the first script invocation (REGISTER) was interrupted by the second script invocation (branch_route of a new INVITE branch) though is wasn't reentrant.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1138#discussion_r118673289
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20170526/2eee84d0/attachment.html>