Hi,
I've discovered a bug within textopsx to do with msg_apply_changes.
After creating the new request in pkg memory it is memcpy'ed back into
msg->buf. This is a issue when more than one SIP message has been read
from a TCP stream. If the new request is larger it will corrupt the
following message.
I don't know the best way to resolve this immediately, but I felt it was
worth mentioning here as you are about to release 3.2.1.
Best regards,
Hugh
Code path to recreate bug:
Send in 3 requests very quickly on a TCP stream, this is read as a
single block.
tcp_read.c: tcp_read_req()
first message is parsed.
receive_msg() ->
In the cfg, insert a header (e.g. Max-Forwards: 10),
msg_apply_changes() and forward.
More data exists in buffer, which is shifted to the start of the buffer,
however this has been overwritten.
Parse fails on second request.
_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
