I've added PJSIP to Coverity static code analysis scanner and fixed most critical security bugs in 1.11 branch. 471 defect were found in total by Coverity, 436 still to fix.
I think branch 1.11 is still used in the wild. Please review my security fixes. They are mainly fixes in memory corruption (overflows, invalid read), null dereferences and resource leakage. You might consider adding PJSIP to Coverity also, only thing you need is to register project at Coverity and modify `.travis.yml`. I will continue with fixing the bugs from most critical to less. After fixing branch 1.11 I am going to do the same with master branch. [Coverity]: https://scan.coverity.com/projects/ph4r05-opensips?tab=overview You can view, comment on, or merge this pull request online at: https://github.com/OpenSIPS/opensips/pull/719 -- Commit Summary -- * fixing coverity found defects - invalid memory access / memory corruptions * fixing coverity found defects - resource leakage * fixing coverity found defects - processing initialized variables, control flow, invalid expressions * fixing coverity found defects - logical fix in ul callback check type, null dereference * fixing coverity found defects - null dereference, break missing * fixing coverity found defects - null dereference, invalid e164 number check -- File Changes -- M daemonize.c (3) M db/db.c (13) M evi/event_interface.c (2) M flags.c (2) M ip_addr.h (2) M main.c (1) M modules/acc/acc.c (1) M modules/alias_db/alookup.c (2) M modules/auth/challenge.c (2) M modules/call_center/call_center.c (2) M modules/db_text/dbt_file.c (2) M modules/dialog/dlg_tophiding.c (2) M modules/dispatcher/dispatcher.c (2) M modules/drouting/drouting.c (2) M modules/mi_datagram/datagram_fnc.c (2) M modules/mi_fifo/fifo_fnc.c (11) M modules/mi_xmlrpc/xr_parser.c (1) M modules/presence/presentity.c (2) M modules/pua/send_subscribe.c (4) M modules/rtpproxy/rtpproxy.c (2) M modules/tm/t_reply.c (4) M modules/uac/uac.c (2) M modules/uri/checks.c (2) M modules/usrloc/dlist.c (2) M modules/usrloc/ucontact.c (2) M modules/usrloc/ul_callback.h (2) M proxy.c (2) M rw_locking.h (2) -- Patch Links -- https://github.com/OpenSIPS/opensips/pull/719.patch https://github.com/OpenSIPS/opensips/pull/719.diff --- Reply to this email directly or view it on GitHub: https://github.com/OpenSIPS/opensips/pull/719
_______________________________________________ Devel mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
