[SR-Users] q_malloc crash

Daniel-Constantin Mierla miconda at gmail.com
Thu May 15 15:03:16 CEST 2014

On 15/05/14 14:14, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>> The issue was with previous fragment (misread the log message in the
>> first place). But was easy to spot what could be the previous fragment
>> and I think I fixed with commit:
>> -
>> http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7992a2b8d42bb7e8bcf1738cf042013ed126a47a
>> If you can give it a try, then it can be backported (I had no option to
>> try it here for now).
> daniel,
> thanks for spotting the bug.  the problem with testing is that i not
> managed to reproduce it in master, but need to wait for the attacker to
> do the testing in my 4.1 setup.
> the patch is very simple (allocate one more byte of space) and i cannot
> see how it would cause any problems.  it is clear by reading the code
> that if no modifications are done, there is no space in the buffer for
> '\0'.
> so i would suggest that the patch is cherry-picked to 4.1 now and i'll
> then keep watch on syslog for this attack in my 4.1 setup.
Indeed, it is simple patch, but being in a hurry at that time I wanted 
to be sure there was no stupid mistake and cherry-pick some bug to 
stable branch. As you reviewed as well, I will backport shortly.


Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list