[asterisk-commits] seanbright: branch 1.4 r323559 - /branches/1.4/main/manager.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Jun 15 10:15:36 CDT 2011
Author: seanbright
Date: Wed Jun 15 10:15:30 2011
New Revision: 323559
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=323559
Log:
Resolve a segfault/bus error when we try to map memory that falls on a page
boundary.
The fix for ASTERISK-15359 was incorrect in that it added 1 to the length of the
mmap'd region. The problem with this is that reading/writing to that extra byte
outside of the bounds of the underlying fd causes a bus error.
The real issue is that we are working with both a FILE * and the raw fd
underneath it and not synchronizing between them. The code that was removed in
ASTERISK-15359 was correct, but we weren't flushing the FILE * before mapping
the fd.
Looking at the manager code in 1.4 reveals that the FILE * in 'struct
mansession' is never used except to create a temporary file that we immediately
fdopen. This means we just need to write a 0 byte to the fd and everything will
just work. The other branches require a call to fflush() which, while not a
guaranteed fix, should reduce the likelihood of a crash.
This all makes sense in my head.
(closes issue ASTERISK-16460)
Reported by: Ravelomanantsoa Hoby (hoby)
Patches:
issue17747_1.4_svn_markII.patch uploaded by Sean Bright (license #5060)
Modified:
branches/1.4/main/manager.c
Modified: branches/1.4/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/main/manager.c?view=diff&rev=323559&r1=323558&r2=323559
==============================================================================
--- branches/1.4/main/manager.c (original)
+++ branches/1.4/main/manager.c Wed Jun 15 10:15:30 2011
@@ -2895,6 +2895,7 @@
char *c = workspace;
char *retval = NULL;
struct ast_variable *v;
+ char template[] = "/tmp/ast-http-XXXXXX";
for (v = params; v; v = v->next) {
if (!strcasecmp(v->name, "mansession_id")) {
@@ -2942,8 +2943,9 @@
ss.session = s;
ast_mutex_unlock(&s->__lock);
- ss.f = tmpfile();
- ss.fd = fileno(ss.f);
+ if ((ss.fd = mkstemp(template)) > -1) {
+ unlink(template);
+ }
if (s) {
struct message m = { 0 };
@@ -2989,13 +2991,21 @@
if (ss.fd > -1) {
char *buf;
size_t l;
-
- if ((l = lseek(ss.fd, 0, SEEK_END)) > 0) {
- if (MAP_FAILED == (buf = mmap(NULL, l + 1, PROT_READ | PROT_WRITE, MAP_SHARED, ss.fd, 0))) {
+ ssize_t res;
+
+ /* Make sure that our buffer is NULL terminated */
+ while ((res = write(ss.fd, "", 1)) < 1) {
+ if (res == -1) {
+ ast_log(LOG_ERROR, "Failed to terminate manager response output: %s\n", strerror(errno));
+ break;
+ }
+ }
+
+ if (res == 1 && (l = lseek(ss.fd, 0, SEEK_END)) > 0) {
+ if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_SHARED, ss.fd, 0))) {
ast_log(LOG_WARNING, "mmap failed. Manager request output was not processed\n");
} else {
char *tmpbuf;
- buf[l] = '\0';
if (format == FORMAT_XML)
tmpbuf = xml_translate(buf, params);
else if (format == FORMAT_HTML)
@@ -3016,11 +3026,10 @@
free(tmpbuf);
free(s->outputstr);
s->outputstr = NULL;
- munmap(buf, l + 1);
+ munmap(buf, l);
}
}
- fclose(ss.f);
- ss.f = NULL;
+ close(ss.fd);
ss.fd = -1;
} else if (s->outputstr) {
char *tmp;
More information about the asterisk-commits
mailing list