[reSIProcate] [resiprocate] Fix for a buffer management bug in parsing frames from a websocket. (#26)
Vasil Kolev
notifications at github.com
Fri Sep 4 01:10:50 CDT 2015
In buffer management/parsing, turns out that if you had a piece of a SIP
packet in the previous buffer (input), and in the current one the remainder
of that packet and another one, it will just copy until the end of input,
instead of just the needed length.
The calculations were also done at the wrong place, they had to be done after
the allocation of the new buffer.
The bug meant that:
- Some packets were getting eaten, resulting in random disconnections and
other dropped events;
- Sometimes repro would crash;
- Or, if compiled with ASAN, it would always crash.
Also, it was more pronounced with TLS.
A way to reproduce this on the original repro is to create a stream with the HTTP upgrade request in the beginning and some SIP packets after that (I did it with 20k file), and just sending it with something like
cat req | (sleep 2; telnet repro 5066)
would crash the server.
You can view, comment on, or merge this pull request online at:
https://github.com/resiprocate/resiprocate/pull/26
-- Commit Summary --
* Fix for a buffer management bug in parsing frames from a websocket.
-- File Changes --
M resip/stack/WsFrameExtractor.cxx (12)
-- Patch Links --
https://github.com/resiprocate/resiprocate/pull/26.patch
https://github.com/resiprocate/resiprocate/pull/26.diff
---
Reply to this email directly or view it on GitHub:
https://github.com/resiprocate/resiprocate/pull/26
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20150903/ef9c1738/attachment.htm>
More information about the resiprocate-devel
mailing list