[asterisk-bugs] [Asterisk 0014682]: [patch] Race condition in ast_db_get()

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Mar 16 22:25:29 CDT 2009 

The following issue requires your FEEDBACK. 
====================================================================== 
http://bugs.digium.com/view.php?id=14682 
====================================================================== 
Reported By:                makoto
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   14682
Category:                   Core/General
Reproducibility:            sometimes
Severity:                   minor
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.2.X 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-03-16 20:07 CDT
Last Modified:              2009-03-16 22:25 CDT
====================================================================== 
Summary:                    [patch] Race condition in ast_db_get()
Description: 
ast_db_get() may retrieve a wrong value because the data are copied
to the variable value after dblock is unlocked.
The copy should be done before unlock.

This can be reproduced on our cutomer's environment which is based on
Asterisk 1.2.18. I don't test it on the 1.4.x yet, but I believe that
this can be reproduced also on Asterisk 1.4 or later.

Attached patch will fix the problem.

====================================================================== 

---------------------------------------------------------------------- 
 (0101835) tilghman (administrator) - 2009-03-16 22:25
 http://bugs.digium.com/view.php?id=14682#c101835 
---------------------------------------------------------------------- 
There is no such problem.  The data is being copied from a buffer on the
local stack.  If that buffer is being overwritten by anything, you have
other problems. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-03-16 22:25 tilghman       Note Added: 0101835                          
2009-03-16 22:25 tilghman       Status                   new => feedback     
======================================================================

More information about the asterisk-bugs mailing list