[sr-dev] git:5.0:368a7ca5: tsilo: fix deadlock in ts_append()
Federico Cabiddu
federico.cabiddu at gmail.com
Mon May 29 11:13:22 CEST 2017
Module: kamailio
Branch: 5.0
Commit: 368a7ca57bb3caf2a26d3840177f96fe8ed5f034
URL: https://github.com/kamailio/kamailio/commit/368a7ca57bb3caf2a26d3840177f96fe8ed5f034
Author: Vitaliy Aleksandrov <vitalik.voip at gmail.com>
Committer: Federico Cabiddu <federico.cabiddu at gmail.com>
Date: 2017-05-29T11:13:09+02:00
tsilo: fix deadlock in ts_append()
Copy ruri parameter into pkg mem before calling ts_append().
Value saved in a static buffer from pv_get_buffer() can be corrupted if
a new branch adds an additional SIP header in its branch_route
(cherry picked from commit bd57cd59c2936e62f6e231cac4ba42920eb109b3)
---
Modified: src/modules/tsilo/tsilo.c
---
Diff: https://github.com/kamailio/kamailio/commit/368a7ca57bb3caf2a26d3840177f96fe8ed5f034.diff
Patch: https://github.com/kamailio/kamailio/commit/368a7ca57bb3caf2a26d3840177f96fe8ed5f034.patch
---
diff --git a/src/modules/tsilo/tsilo.c b/src/modules/tsilo/tsilo.c
index f622fdcd98..f5b1732e89 100644
--- a/src/modules/tsilo/tsilo.c
+++ b/src/modules/tsilo/tsilo.c
@@ -250,15 +250,25 @@ static int fixup_ts_append(void** param, int param_no)
*/
static int w_ts_append(struct sip_msg* _msg, char *_table, char *_ruri)
{
- str ruri = {0};
+ str tmp = STR_NULL;
+ str ruri = STR_NULL;
+ int rc;
- if(_ruri==NULL || (fixup_get_svalue(_msg, (gparam_p)_ruri, &ruri)!=0 || ruri.len<=0)) {
+ if(_ruri==NULL || (fixup_get_svalue(_msg, (gparam_p)_ruri, &tmp)!=0 || tmp.len<=0)) {
LM_ERR("invalid ruri parameter\n");
return -1;
}
- if(ts_check_uri(&ruri)<0)
+ if(ts_check_uri(&tmp)<0)
return -1;
- return ts_append(_msg, &ruri, _table);
+
+ if (pkg_str_dup(&ruri, &tmp) < 0)
+ return -1;
+
+ rc = ts_append(_msg, &ruri, _table);
+
+ pkg_free(ruri.s);
+
+ return rc;
}
/**
*
More information about the sr-dev
mailing list