diff --git a/debian/patches/series b/debian/patches/series index 48482be5b..bbcafc48d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -35,6 +35,9 @@ sipwise/sca-add-pai_avp-parameter.patch upstream/tls-Add-and-apply-tls_openssl_clear_errors-function.patch upstream/tls-include-file-to-fix-warning-about-tls_openssl_cl.patch upstream/Makefile.groups-tlsa-in-packaging-group-ktls-if-KTLS.patch +upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch +upstream/tls-init-early-the-local-lock-for-memory.patch +upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch ## upstream master upstream/pv_headers-compare-result-of-pvh_set_xavi-with-NULL-.patch sipwise/presence-active_watcher-cleanup-timer.patch diff --git a/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch b/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch new file mode 100644 index 000000000..34a320858 --- /dev/null +++ b/debian/patches/upstream/core-parse-privacy-recompute-lenght-of-rest-to-parse.patch @@ -0,0 +1,30 @@ +From: Daniel-Constantin Mierla +Date: Fri, 8 Dec 2023 22:10:36 +0100 +Subject: core: parse privacy recompute lenght of rest to parse + +(cherry picked from commit 804ee651b45498727196886c97cb55d20b254c4a) +--- + src/core/parser/parse_privacy.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/core/parser/parse_privacy.c b/src/core/parser/parse_privacy.c +index cfc009a..4b683cb 100644 +--- a/src/core/parser/parse_privacy.c ++++ b/src/core/parser/parse_privacy.c +@@ -177,14 +177,13 @@ int parse_privacy(struct sip_msg *msg) + + values = 0; + p = next.s; +- len = next.len; +- beyond = p + len; ++ beyond = next.s + next.len; + + while (p < beyond) { ++ len = beyond - p; + if((val_len = parse_priv_value(p, len, &value)) != 0) { + values |= value; + p = p + val_len; +- len = len - val_len; + } else { + LM_ERR("invalid privacy value\n"); + return -1; diff --git a/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch b/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch new file mode 100644 index 000000000..73a28113e --- /dev/null +++ b/debian/patches/upstream/tls-init-early-the-local-lock-for-memory.patch @@ -0,0 +1,49 @@ +From: Daniel-Constantin Mierla +Date: Fri, 8 Dec 2023 12:34:56 +0100 +Subject: tls: init early the local lock for memory + +- needed to done before mod param init_mode is set +- runtime uses the modparam to do lock/unlock +- #3668 + +(cherry picked from commit 1a9b0b63617afebcee2aecb3b2240d7684ecabc2) +--- + src/modules/tls/tls_init.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c +index e7ffa90..9466bdf 100644 +--- a/src/modules/tls/tls_init.c ++++ b/src/modules/tls/tls_init.c +@@ -79,7 +79,7 @@ int ksr_tls_lock_init(void) + { + pthread_mutexattr_t attr; + +- if(!(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)) { ++ if(ksr_tls_lock_shm != NULL) { + return 0; + } + ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t)); +@@ -718,6 +718,11 @@ int tls_pre_init(void) + LM_INFO("libssl linked mode: static\n"); + #endif + ++ if(ksr_tls_lock_init() < 0) { ++ LM_ERR("failed to init local lock\n"); ++ return -1; ++ } ++ + /* + * this has to be called before any function calling CRYPTO_malloc, + * CRYPTO_malloc will set allow_customize in openssl to 0 +@@ -765,6 +770,10 @@ int tls_h_mod_pre_init_f(void) + LM_DBG("already mod pre-initialized\n"); + return 0; + } ++ if(ksr_tls_lock_init() < 0) { ++ LM_ERR("failed to init local lock\n"); ++ return -1; ++ } + LM_DBG("preparing tls env for modules initialization\n"); + #if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER) + LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n"); diff --git a/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch b/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch new file mode 100644 index 000000000..3100eb9eb --- /dev/null +++ b/debian/patches/upstream/tls-rework-init-mode-1-to-set-PTHREAD_PROCESS_SHARED.patch @@ -0,0 +1,178 @@ +From: Daniel-Constantin Mierla +Date: Thu, 7 Dec 2023 13:00:50 +0100 +Subject: tls: rework init mode 1 to set PTHREAD_PROCESS_SHARED + +- pthread mutex set in shm +- GH #3635 + +(cherry picked from commit 4b068f49b618dca5fa85a1687bd9054c1d98ae6a) +--- + src/modules/tls/tls_init.c | 46 +++++++++++++++++++++++++++++++++++----------- + src/modules/tls/tls_mod.c | 8 ++++---- + 2 files changed, 39 insertions(+), 15 deletions(-) + +diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c +index ae06e85..e7ffa90 100644 +--- a/src/modules/tls/tls_init.c ++++ b/src/modules/tls/tls_init.c +@@ -70,20 +70,31 @@ static int tls_mod_preinitialized = 0; + static int tls_mod_initialized = 0; + + extern int ksr_tls_init_mode; +-pthread_mutex_t ksr_tls_lock_shm; ++static pthread_mutex_t *ksr_tls_lock_shm = NULL; + + /** + * + */ + int ksr_tls_lock_init(void) + { ++ pthread_mutexattr_t attr; ++ + if(!(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)) { + return 0; + } +- if (pthread_mutex_init(&ksr_tls_lock_shm, NULL) != 0) { ++ ksr_tls_lock_shm = (pthread_mutex_t *)shm_mallocxz(sizeof(pthread_mutex_t)); ++ if(ksr_tls_lock_shm == NULL) { ++ LM_ERR("mutex allocation failed\n"); ++ return -1; ++ } ++ pthread_mutexattr_init(&attr); ++ pthread_mutexattr_setpshared(&attr, PTHREAD_PROCESS_SHARED); ++ if(pthread_mutex_init(ksr_tls_lock_shm, &attr) != 0) { ++ pthread_mutexattr_destroy(&attr); + LM_ERR("mutex init failed\n"); + return -1; + } ++ pthread_mutexattr_destroy(&attr); + return 0; + } + +@@ -95,7 +106,8 @@ void ksr_tls_lock_destroy(void) + if(!(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM)) { + return; + } +- pthread_mutex_destroy(&ksr_tls_lock_shm); ++ pthread_mutex_destroy(ksr_tls_lock_shm); ++ shm_free(ksr_tls_lock_shm); + return; + } + +@@ -245,7 +257,7 @@ static void* ser_malloc(size_t size, const char* file, int line) + #endif + + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + + #ifdef RAND_NULL_MALLOC + /* start random null returns only after +@@ -288,7 +300,7 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line) + #endif + + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + + #ifdef RAND_NULL_MALLOC + /* start random null returns only after +@@ -321,6 +333,18 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line) + + return p; + } ++ ++static void ser_free(void *ptr, const char *fname, int fline) ++{ ++ if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) ++ pthread_mutex_lock(ksr_tls_lock_shm); ++ if(ptr) { ++ shm_free(ptr); ++ } ++ if(ksr_tls_init_mode & TLS_MODE_PTHREAD_LOCK_SHM) ++ pthread_mutex_unlock(ksr_tls_lock_shm); ++} ++ + #endif /* LIBRESSL_VERSION_NUMBER */ + + #else /*TLS_MALLOC_DBG */ +@@ -333,7 +357,7 @@ static void* ser_malloc(size_t size) + void *p; + + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + p = shm_malloc(size); + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) + pthread_mutex_unlock(&ksr_tls_lock_shm); +@@ -345,7 +369,7 @@ static void* ser_realloc(void *ptr, size_t size) + { + void *p; + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + p = shm_realloc(ptr, size); + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) + pthread_mutex_unlock(&ksr_tls_lock_shm); +@@ -356,7 +380,7 @@ static void* ser_malloc(size_t size, const char *fname, int fline) + { + void *p; + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + p = shm_malloc(size); + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) + pthread_mutex_unlock(&ksr_tls_lock_shm); +@@ -368,7 +392,7 @@ static void* ser_realloc(void *ptr, size_t size, const char *fname, int fline) + { + void *p; + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + p = shm_realloc(ptr, size); + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) + pthread_mutex_unlock(&ksr_tls_lock_shm); +@@ -389,7 +413,7 @@ static void ser_free(void *ptr) + * here in the wrapper function. + */ + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + if (ptr) { + shm_free(ptr); + } +@@ -400,7 +424,7 @@ static void ser_free(void *ptr) + static void ser_free(void *ptr, const char *fname, int fline) + { + if(ksr_tls_init_mode&TLS_MODE_PTHREAD_LOCK_SHM) +- pthread_mutex_lock(&ksr_tls_lock_shm); ++ pthread_mutex_lock(ksr_tls_lock_shm); + if (ptr) { + shm_free(ptr); + } +diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c +index e57a98c..a3f4e9a 100644 +--- a/src/modules/tls/tls_mod.c ++++ b/src/modules/tls/tls_mod.c +@@ -401,10 +401,6 @@ static int mod_init(void) + if (tls_check_sockets(*tls_domains_cfg) < 0) + goto error; + +- if (ksr_tls_lock_init() < 0) { +- goto error; +- } +- + LM_INFO("use OpenSSL version: %08x\n", (uint32_t)(OPENSSL_VERSION_NUMBER)); + #ifndef OPENSSL_NO_ECDH + LM_INFO("With ECDH-Support!\n"); +@@ -670,6 +666,10 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) + if(!shm_initialized() && init_shm()<0) + return -1; + ++ if(ksr_tls_lock_init() < 0) { ++ return -1; ++ } ++ + if(tls_pre_init()<0) + return -1; +