[SR-Users] q_malloc crash
Juha Heinanen
jh at tutpro.com
Thu May 15 14:14:08 CEST 2014
Daniel-Constantin Mierla writes:
> The issue was with previous fragment (misread the log message in the
> first place). But was easy to spot what could be the previous fragment
> and I think I fixed with commit:
>
> -
> http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7992a2b8d42bb7e8bcf1738cf042013ed126a47a
>
> If you can give it a try, then it can be backported (I had no option to
> try it here for now).
daniel,
thanks for spotting the bug. the problem with testing is that i not
managed to reproduce it in master, but need to wait for the attacker to
do the testing in my 4.1 setup.
the patch is very simple (allocate one more byte of space) and i cannot
see how it would cause any problems. it is clear by reading the code
that if no modifications are done, there is no space in the buffer for
'\0'.
so i would suggest that the patch is cherry-picked to 4.1 now and i'll
then keep watch on syslog for this attack in my 4.1 setup.
-- juha
More information about the sr-users
mailing list