diff --git a/debian/patches/series b/debian/patches/series index b8bc2b7a8..a645fa0d2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -18,6 +18,7 @@ upstream/0037-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch # upsream fixes from master upstream/pv-new-function-pv_evalx-dst-fmt.patch upstream/pv_trans_cfg_line.patch +upstream/dialog-check-if-dialog-exists-after-event-route-exec.patch # ## no_lib64_on_64_bits.patch diff --git a/debian/patches/upstream/dialog-check-if-dialog-exists-after-event-route-exec.patch b/debian/patches/upstream/dialog-check-if-dialog-exists-after-event-route-exec.patch new file mode 100644 index 000000000..8c9f5eb6e --- /dev/null +++ b/debian/patches/upstream/dialog-check-if-dialog-exists-after-event-route-exec.patch @@ -0,0 +1,67 @@ +From e4a11d715e3d4e47aa82b7e8e358000948e26c4c Mon Sep 17 00:00:00 2001 +From: Daniel-Constantin Mierla +Date: Thu, 6 Apr 2017 17:06:37 +0200 +Subject: [PATCH] dialog: check if dialog exists after event route execution + +- done for dlg_onroute(), as an extra safety for early detection of + races, related to GH #1059 +--- + modules/dialog/dlg_handlers.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +diff --git a/modules/dialog/dlg_handlers.c b/modules/dialog/dlg_handlers.c +index 539d248e0..2eb36f502 100644 +--- a/modules/dialog/dlg_handlers.c ++++ b/modules/dialog/dlg_handlers.c +@@ -1226,12 +1226,14 @@ dlg_cell_t *dlg_get_msg_dialog(sip_msg_t *msg) + */ + void dlg_onroute(struct sip_msg* req, str *route_params, void *param) + { +- dlg_cell_t *dlg; +- dlg_iuid_t *iuid; ++ dlg_cell_t *dlg = NULL; ++ dlg_cell_t *dlg0 = NULL; ++ dlg_iuid_t *iuid = NULL; + str val, callid, ftag, ttag; +- int h_entry, h_id, new_state, old_state, unref, event, timeout, reset; +- unsigned int dir; +- int ret = 0; ++ int h_entry=0, h_id=0, new_state=0, old_state=0; ++ int unref=0, event=0, timeout=0, reset=0; ++ unsigned int dir=0; ++ int ret=0; + + dlg = dlg_get_ctx_dialog(); + if (dlg!=NULL) { +@@ -1321,8 +1323,10 @@ void dlg_onroute(struct sip_msg* req, str *route_params, void *param) + + /* set current dialog - re-use ref increment from dlg_get() above */ + set_current_dialog( req, dlg); +- _dlg_ctx.iuid.h_entry = dlg->h_entry; +- _dlg_ctx.iuid.h_id = dlg->h_id; ++ h_entry = dlg->h_entry; ++ h_id = dlg->h_id; ++ _dlg_ctx.iuid.h_entry = h_entry; ++ _dlg_ctx.iuid.h_id = h_id; + + if(dlg->iflags & DLG_IFLAG_CSEQ_DIFF) { + if(dlg_cseq_refresh(req, dlg, dir)<0) { +@@ -1364,6 +1368,15 @@ void dlg_onroute(struct sip_msg* req, str *route_params, void *param) + + dlg_run_event_route(dlg, req, old_state, new_state); + ++ dlg0 = dlg_lookup(h_entry, h_id); ++ if (dlg0==0) { ++ LM_ALERT("after event route - dialog not found [%u:%u] (%d/%d) (%p)\n", ++ h_entry, h_id, old_state, new_state, dlg); ++ return; ++ } else { ++ dlg_release(dlg0); ++ } ++ + /* delay deletion of dialog until transaction has died off in order + * to absorb in-air messages */ + if (new_state==DLG_STATE_DELETED && old_state!=DLG_STATE_DELETED) { +-- +2.11.0 +