[SR-Users] q_malloc crash
Daniel-Constantin Mierla
miconda at gmail.com
Thu May 15 15:03:16 CEST 2014
On 15/05/14 14:14, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>
>> The issue was with previous fragment (misread the log message in the
>> first place). But was easy to spot what could be the previous fragment
>> and I think I fixed with commit:
>>
>> -
>> http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7992a2b8d42bb7e8bcf1738cf042013ed126a47a
>>
>> If you can give it a try, then it can be backported (I had no option to
>> try it here for now).
> daniel,
>
> thanks for spotting the bug. the problem with testing is that i not
> managed to reproduce it in master, but need to wait for the attacker to
> do the testing in my 4.1 setup.
>
> the patch is very simple (allocate one more byte of space) and i cannot
> see how it would cause any problems. it is clear by reading the code
> that if no modifications are done, there is no space in the buffer for
> '\0'.
>
> so i would suggest that the patch is cherry-picked to 4.1 now and i'll
> then keep watch on syslog for this attack in my 4.1 setup.
Indeed, it is simple patch, but being in a hurry at that time I wanted
to be sure there was no stupid mistake and cherry-pick some bug to
stable branch. As you reviewed as well, I will backport shortly.
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-users
mailing list