[asterisk-dev] AST-2008-010: Asterisk IAX 'POKE' resource exhaustion
Tilghman Lesher
tilghman at mail.jeffandtilghman.com
Wed Jul 23 22:44:25 CDT 2008
On Wednesday 23 July 2008 19:22:55 Nic Bellamy wrote:
> Tilghman Lesher wrote:
> > On Wednesday 23 July 2008 16:30:23 Nic Bellamy wrote:
> >> However, in find_callno() when we allocate a new callno...
> >>
> >> start = 1 + (rand() % (TRUNK_CALL_START - 1));
> >> for (x = start; 1; x++) {
> >> ...
> >> }
> >>
> >> As rand() gives us a number between 0 and RAND_MAX, does this not leave
> >> a small but non-zero chance that we'll pick a callno of #1 for our side,
> >> that will then have all its ACKs ignored?
> >>
> >> (I'm completely open to the possibility that other code paths prevent
> >> this, but I didn't see them :-)
> >
> > You quoted chunk 4 of the patch, but you missed chunk 2. Chunk 2 does
> > what you think we've missed.
>
> I presume you're meaning this part in find_callno():
Aha. You're talking about 1.2. In 1.4, this routine is __find_callno().
Yes, you're correct, that version was not correctly patched. We'll have to
make a new release to fix that.
--
Tilghman
More information about the asterisk-dev
mailing list