[SR-Users] proposed patch for the registrar module - crash fix

Daniel-Constantin Mierla miconda at gmail.com
Fri Feb 28 08:44:09 CET 2014 

Hello,

I applied slightly different version of your patch -- I took it from 4.1 
(where this issue was fixed in a combined commit), because should make 
life easier with future backports, as the patches should match better 
same piece of code between various branches.

Let me know if works ok.

Cheers,
Daniel

On 27/02/14 14:49, Dragos Oancea wrote:
> Hi
>
> We think that we found and fix a bug in the registrar module. The bug 
> is hard to reproduce, and it crashes our Kamailio from time to time 
> (once at 2-3 weeks for us) .
>
> In save.c, function update_contacts() there are two places where we 
> free() a pointer and then we reuse it, line 700 and line 730:
>
> while(ptr){
>
>         ptr0 = ptr;
>         if(ptr!=c)
>            ul.delete_ucontact(_r, ptr);
>         ptr=ptr0->next;
> }
>
>
> And then from inside delete_ucontact(_r,ptr) we call 
> mem_delete_ucontact(_r, _c) which calls
> free_ucontact(_c) , which calls shm_free(_c) . _c is actually our ptr.
>
> If another process writes at the location pointed by ptr during the 
> "while" loop , the current process will crash.
>
> The bug affects 4.0.4, 4.0.5 and maybe older versions.
>
> We keep the location table in memory, no database backend, and we do 
> alot of REGISTER/un-REGISTER in our environment,
> and maybe that's why this bug was not spotted by the community before.
>
> Just to clarify, this fix is in relation with this post:
> http://lists.sip-router.org/pipermail/sr-dev/2014-February/022934.html
>
> Please take into consideration the attached patch provided by the 
> Libon Voice Team.
>
> Regards,
> Dragos Oancea
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140228/6437ad87/attachment.html>

More information about the sr-users mailing list