[asterisk-bugs] [Asterisk 0012162]: sipsock_read using unsafe structure
noreply at bugs.digium.com
noreply at bugs.digium.com
Fri Jun 27 17:36:41 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12162
======================================================================
Reported By: norman
Assigned To: svnbot
======================================================================
Project: Asterisk
Issue ID: 12162
Category: Channels/chan_sip/General
Reproducibility: random
Severity: minor
Priority: normal
Status: closed
Asterisk Version: 1.4.18
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 03-06-2008 13:09 CST
Last Modified: 06-27-2008 17:36 CDT
======================================================================
Summary: sipsock_read using unsafe structure
Description:
While trying to track down a series of crashes after
http://bugs.digium.com/view.php?id=12063 was closed, I
noticed a crash happened after I saw this on the console:
We could NOT get the channel lock for SIPstation032-06d12ea0!
Running under valgrind, I noticed that sipsock_read was trying to lock
p->owner (via ast_channel_trylock in the loop), and when this failed, it
unlocks "p" then proceeds to use "p" and even p->owner (also unlocked and
potentially free'd.) Valgrind noted, in the case of the crash, this section
of code was accessing unallocated memory.
I believe this happens rarely, when a channel has been closed at an
inconvient time. After I applied this quick patch and the patch from
http://bugs.digium.com/view.php?id=11940, I've never seen this problem while
under valgrind after over a week
of testing.
======================================================================
----------------------------------------------------------------------
svnbot - 06-27-08 17:36
----------------------------------------------------------------------
Repository: asterisk
Revision: 126112
_U branches/1.6.0/
------------------------------------------------------------------------
r126112 | tilghman | 2008-06-27 17:36:14 -0500 (Fri, 27 Jun 2008) | 286
lines
Blocked revisions
114174,114298,115258,115518,117524,117812,118059,119077,120063,120372,120672,120732,121993,122315,122434,122616,122664,124744,124909,125894
via svnmerge
................
r114174 | qwell | 2008-04-16 12:31:02 -0500 (Wed, 16 Apr 2008) | 14 lines
Blocked revisions 114173 via svnmerge
........
r114173 | qwell | 2008-04-16 12:30:09 -0500 (Wed, 16 Apr 2008) | 7 lines
Fix "fallthrough" behavior here, so config options in a previously
configured user don't override settings in general.
(closes issue http://bugs.digium.com/view.php?id=12458)
Reported by: tzafrir
Patches:
chanzap_users_sections.diff uploaded by tzafrir (license 46)
........
................
r114298 | tilghman | 2008-04-19 08:53:38 -0500 (Sat, 19 Apr 2008) | 11
lines
Blocked revisions 114297 via svnmerge
........
r114297 | tilghman | 2008-04-19 08:49:50 -0500 (Sat, 19 Apr 2008) | 4
lines
MOH usage information needs a terminating newline, or else
"asterisk -rx 'help moh reload'" will hang. Reported via
-dev list, fixed by me.
........
................
r115258 | bbryant | 2008-05-02 15:26:00 -0500 (Fri, 02 May 2008) | 9 lines
Blocked revisions 115257 via svnmerge
........
r115257 | bbryant | 2008-05-02 15:25:42 -0500 (Fri, 02 May 2008) | 2 lines
Add new "pri show version" command to show the libpri version for support
reasons.
........
................
r115518 | russell | 2008-05-07 13:17:43 -0500 (Wed, 07 May 2008) | 12
lines
Blocked revisions 115517 via svnmerge
........
r115517 | russell | 2008-05-07 13:17:19 -0500 (Wed, 07 May 2008) | 5 lines
Track peer references when stored in the sip_pvt struct as the peer
related to
a qualify ping or a subscription. This fixes some realtime related
crashes.
(closes issue http://bugs.digium.com/view.php?id=12588)
(closes issue http://bugs.digium.com/view.php?id=12555)
........
................
r117524 | tilghman | 2008-05-21 13:45:26 -0500 (Wed, 21 May 2008) | 9
lines
Blocked revisions 117523 via svnmerge
........
r117523 | tilghman | 2008-05-21 13:44:53 -0500 (Wed, 21 May 2008) | 2
lines
Revert accidental commit of the last change
........
................
r117812 | tilghman | 2008-05-22 11:50:32 -0500 (Thu, 22 May 2008) | 13
lines
Blocked revisions 117809 via svnmerge
........
r117809 | tilghman | 2008-05-22 11:47:03 -0500 (Thu, 22 May 2008) | 6
lines
Take into account the length of delimiters when calculating result string
length.
(closes issue http://bugs.digium.com/view.php?id=12696)
Reported by: adomjan
Patches:
func_realtime.c-longdelimiter.patch uploaded by adomjan (license
487)
........
................
r118059 | tilghman | 2008-05-23 08:20:13 -0500 (Fri, 23 May 2008) | 9
lines
Blocked revisions 118055 via svnmerge
........
r118055 | tilghman | 2008-05-23 08:18:44 -0500 (Fri, 23 May 2008) | 2
lines
Add format type checking for recently de-inlined function
........
................
r119077 | russell | 2008-05-29 15:49:48 -0500 (Thu, 29 May 2008) | 10
lines
Blocked revisions 119076 via svnmerge
........
r119076 | russell | 2008-05-29 15:48:33 -0500 (Thu, 29 May 2008) | 3 lines
Oddly enough, all of the contents of audiohook.h were in there twice. I
have
removed the second copy.
........
................
r120063 | tilghman | 2008-06-03 13:24:14 -0500 (Tue, 03 Jun 2008) | 15
lines
Blocked revisions 120061 via svnmerge
........
r120061 | tilghman | 2008-06-03 13:23:32 -0500 (Tue, 03 Jun 2008) | 8
lines
When listing the manager users, managers in users.conf are not shown, even
though they are allowed to connect.
(closes issue http://bugs.digium.com/view.php?id=12594)
Reported by: bkruse
Patches:
12594-managerusers-2.diff uploaded by qwell (license 4)
Tested by: bkruse
........
................
r120372 | russell | 2008-06-04 11:28:37 -0500 (Wed, 04 Jun 2008) | 11
lines
Blocked revisions 120371 via svnmerge
........
r120371 | russell | 2008-06-04 11:26:43 -0500 (Wed, 04 Jun 2008) | 4 lines
Make the "dialplan remove include" CLI command actually work. Also, tweak
some formatting, and make the success message a little bit more clear.
(closes AST-52)
........
................
r120672 | russell | 2008-06-05 11:39:25 -0500 (Thu, 05 Jun 2008) | 12
lines
Blocked revisions 120671 via svnmerge
........
r120671 | russell | 2008-06-05 11:38:52 -0500 (Thu, 05 Jun 2008) | 5 lines
It turns out that searching on the forwarding station isn't very useful
for
most people, so pull in the changes that allow searching for SMDI messages
based on other components of the SMDI message. Also, update the SMDI
documentation.
........
................
r120732 | russell | 2008-06-05 13:01:45 -0500 (Thu, 05 Jun 2008) | 9 lines
Blocked revisions 120731 via svnmerge
........
r120731 | russell | 2008-06-05 13:01:25 -0500 (Thu, 05 Jun 2008) | 2 lines
Add the UPGRADE.txt file from Asterisk 1.2, for handy reference.
........
................
r121993 | twilson | 2008-06-11 18:48:38 -0500 (Wed, 11 Jun 2008) | 9 lines
Blocked revisions 121992 via svnmerge
........
r121992 | twilson | 2008-06-11 18:47:23 -0500 (Wed, 11 Jun 2008) | 2 lines
Backport fix for 11520--for some reason I didn't do this back in February
when I patched for trunk.
........
................
r122315 | jpeeler | 2008-06-12 14:11:23 -0500 (Thu, 12 Jun 2008) | 9 lines
Blocked revisions 122314 via svnmerge
........
r122314 | jpeeler | 2008-06-12 14:08:20 -0500 (Thu, 12 Jun 2008) | 2 lines
Adds DAHDI support alongside Zaptel. DAHDI usage favored, but all Zap
stuff should continue working. Release announcement to follow.
........
................
r122434 | jpeeler | 2008-06-12 18:09:16 -0500 (Thu, 12 Jun 2008) | 12
lines
Blocked revisions 122208 via svnmerge
........
r122208 | jpeeler | 2008-06-12 10:46:08 -0500 (Thu, 12 Jun 2008) | 5 lines
(closes issue http://bugs.digium.com/view.php?id=12193)
Reported by: davidw
Patch by: Corydon76, modified by me to work properly with ParkAndAnnounce
app
........
................
r122616 | jpeeler | 2008-06-13 12:38:28 -0500 (Fri, 13 Jun 2008) | 13
lines
Blocked revisions 122613 via svnmerge
........
r122613 | jpeeler | 2008-06-13 12:36:56 -0500 (Fri, 13 Jun 2008) | 6 lines
(closes issue http://bugs.digium.com/view.php?id=12846)
Reported by: Netview
Tested by: jpeeler
Use correct location to search for tonezone.
........
................
r122664 | jpeeler | 2008-06-13 13:58:29 -0500 (Fri, 13 Jun 2008) | 8 lines
Blocked revisions 122663 via svnmerge
........
r122663 | jpeeler | 2008-06-13 13:57:24 -0500 (Fri, 13 Jun 2008) | 1 line
fixed dahdi compatability header from assuming either dahdi or zaptel is
installed (may not have either)
........
................
r124744 | kpfleming | 2008-06-23 16:24:34 -0500 (Mon, 23 Jun 2008) | 10
lines
Blocked revisions 124743 via svnmerge
........
r124743 | kpfleming | 2008-06-23 16:22:08 -0500 (Mon, 23 Jun 2008) | 3
lines
emit a warning if the old IAX2 call searching code finds a call when the
new code did not... so that we can get rid of the old code in 2-3 months
........
................
r124909 | tilghman | 2008-06-24 15:55:06 -0500 (Tue, 24 Jun 2008) | 13
lines
Blocked revisions 124908 via svnmerge
........
r124908 | tilghman | 2008-06-24 15:52:43 -0500 (Tue, 24 Jun 2008) | 6
lines
Don't access the pvt structure if unable to acquire the lock.
(closes issue http://bugs.digium.com/view.php?id=12162)
Reported by: norman
Patches:
12162-lockfail.diff uploaded by qwell (license 4)
........
................
r125894 | tilghman | 2008-06-27 11:48:05 -0500 (Fri, 27 Jun 2008) | 14
lines
Blocked revisions 125893 via svnmerge
........
r125893 | tilghman | 2008-06-27 11:46:05 -0500 (Fri, 27 Jun 2008) | 7
lines
Since HAVE_DAHDI is defined to HAVE_ZAPTEL in dahdi_compat.h, we must
first
check for HAVE_ZAPTEL.
(closes issue http://bugs.digium.com/view.php?id=12938)
Reported by: opticron
Patches:
tonezone_compat.diff uploaded by opticron (license 267)
........
................
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=126112
Issue History
Date Modified Username Field Change
======================================================================
06-27-08 17:36 svnbot Checkin
06-27-08 17:36 svnbot Note Added: 0089392
======================================================================
More information about the asterisk-bugs
mailing list