[asterisk-dev] Gtalk memory leak

Philippe Sultan philippe.sultan at gmail.com
Mon Nov 3 07:44:38 CST 2008 

Hi Vadim,

GnuTLS was used in Asterisk by one module : res_jabber (which
chan_gtalk and chan_jingle rely on). res_jabber uses the iksemel API,
which uses GnuTLS.

Other Asterisk modules that need security features provided by SSL/TLS
use OpenSSL. So the main reason was to keep res_jabber consistent with
the choice made for other modules.

Apart from that, it also appeared that iksemel doesn't properly
implement the timeouts in its network reception wrapping function.
Indeed, the timeout value passed to this function was used *only* if
the XMPP connection was not encrypted, and simply ignored if not. As
res_jabber makes an actual use of timeouts to handle XMPP connections
(be they secured or not), there was a need to fix this problem in
Asterisk.

This piece of code taken from iksemel-1.3's source (file stream.c)
will certainly be more explicit :
int iks_recv (iksparser *prs, int timeout)
{
        struct stream_data *data = iks_user_data (prs);
        int len, ret;

        while (1) {
#ifdef HAVE_GNUTLS
                if (data->flags & SF_SECURE) {
                        len = gnutls_record_recv (data->sess,
data->buf, NET_IO_BUF_SIZE - 1);
                } else
#endif
                {
                        len = data->trans->recv (data->sock,
data->buf, NET_IO_BUF_SIZE - 1, timeout);
                }
                if (len < 0) return IKS_NET_RWERR;
                if (len == 0) break;
                data->buf[len] = '\0';
                if (data->logHook) data->logHook (data->user_data,
data->buf, len, 1);
                ret = iks_parse (prs, data->buf, len, 0);
                if (ret != IKS_OK) return ret;
                if (!data->trans) {
                        /* stream hook called iks_disconnect */
                        return IKS_NET_NOCONN;
                }
                timeout = 0;
        }
        return IKS_OK;
}

Kind regards,

Philippe

On Mon, Nov 3, 2008 at 11:23 AM, Vadim lebedev <vadim at mbdsys.com> wrote:
> Hi Phillippe,
>
>
>
> On 11/3/08, Philippe Sultan <philippe.sultan at gmail.com> wrote:
>>
>> ....
>
>
>
>>
>> Starting from 1.6, all the XMPP modules in Asterisk (res_jabber,
>> chan_gtalk, chan_jingle) use OpenSSL instead of GnuTLS.
>
>
> ....
>
>
> Do you know what are the reasons ot the switch?
>
> Thanks
> Vadim
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>



-- 
Philippe Sultan

More information about the asterisk-dev mailing list