[Asterisk-code-review] Fix invalid pointer dereference on module load (asterisk[1.8])

Emmanuel Dreyfus asteriskteam at digium.com
Thu May 7 09:39:27 CDT 2015 

Emmanuel Dreyfus has uploaded a new change for review.

  https://gerrit.asterisk.org/393

Change subject: Fix invalid pointer dereference on module load
......................................................................

Fix invalid pointer dereference on module load

After upgrading asterisk, the daemon crashes on startup if the
autoload=yes option iis not enabled in modules.conf's modules
section.

This happens because of invalid pointer dereference during module
loading. Here is the technical analysis:

If a module once failed to load with globally exposed symbols, the
DSO is unloaded while the struct ast_module remains valid and
referenced,  with just mod->lib being NULL.

If the module is later attempted to be loaded again, typically on
a second attempt without globally exposed symbols, we get an
unpleasant crash because mod->lib is used.

Proposed fix in this patch is to check mod->lib and if it is NULL,
we call load_dynamic_module() again to reload the DSO.

Wa also add an additional test that mod->lib is not NULL to make
sure code path using it will not be used if something still goes
wrong.

ASTERISK-25021

Change-Id: Ib26f971f37cb5c19351ced9dccf052813cb899ba
---
M main/loader.c
1 file changed, 7 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/93/393/1

diff --git a/main/loader.c b/main/loader.c
index c5fb163..6e1b3c0 100644
--- a/main/loader.c
+++ b/main/loader.c
@@ -895,7 +895,7 @@
 	struct ast_module *mod;
 	enum ast_module_load_result res = AST_MODULE_LOAD_SUCCESS;
 
-	if ((mod = find_resource(resource_name, 0))) {
+	if ((mod = find_resource(resource_name, 0)) && (mod->lib != NULL)) {
 		if (mod->flags.running) {
 			ast_log(LOG_WARNING, "Module '%s' already exists.\n", resource_name);
 			return AST_MODULE_LOAD_DECLINE;
@@ -919,6 +919,12 @@
 #endif
 	}
 
+	if (mod->lib == NULL) {
+		ast_log(LOG_ERROR, "Module '%s' was unloaded.\n", resource_name);
+		return required ? AST_MODULE_LOAD_FAILURE : AST_MODULE_LOAD_DECLINE;
+	}
+
+
 	if (inspect_module(mod)) {
 		ast_log(LOG_WARNING, "Module '%s' could not be loaded.\n", resource_name);
 #ifdef LOADABLE_MODULES

-- 
To view, visit https://gerrit.asterisk.org/393
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib26f971f37cb5c19351ced9dccf052813cb899ba
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 1.8
Gerrit-Owner: Emmanuel Dreyfus <manu at netbsd.org>

More information about the asterisk-code-review mailing list