diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2022-07-13 13:36:46 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2022-07-13 13:36:46 +0100 |
| commit | 7b02e37a04e4051a91a109814d386711f41f9a4b (patch) | |
| tree | d0689f14f1d1df3a6a2525512a6812b146064a9e /net-libs/pjproject/files | |
| parent | 5c0c70d5917e66743293789a6d6fd7d72250eb32 (diff) | |
gentoo auto-resync : 13:07:2022 - 13:36:46
Diffstat (limited to 'net-libs/pjproject/files')
| -rw-r--r-- | net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 | ||||
| -rw-r--r-- | net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch | 45 | ||||
| -rw-r--r-- | net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 | ||||
| -rw-r--r-- | net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch | 108 | ||||
| -rw-r--r-- | net-libs/pjproject/files/pjproject-2.12.1-config_site.h (renamed from net-libs/pjproject/files/pjproject-2.9-config_site.h) | 37 | ||||
| -rw-r--r-- | net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch | 100 |
6 files changed, 30 insertions, 674 deletions
diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch deleted file mode 100644 index 0d7df686a157..000000000000 --- a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001 -From: sauwming <ming@teluu.com> -Date: Mon, 8 Mar 2021 17:39:36 +0800 -Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph - -* Check hostname during TLS transport selection - -* revision based on feedback - -* remove the code in create_request that has been moved ---- - pjsip/include/pjsip/sip_dialog.h | 1 + - pjsip/src/pjsip/sip_dialog.c | 15 +++++++++++++++ - pjsip/src/pjsip/sip_transport.c | 13 +++++++++++++ - pjsip/src/pjsip/sip_util.c | 11 ++++++++--- - 4 files changed, 37 insertions(+), 3 deletions(-) - -diff --git a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h -index a0214d28c..e314c2ece 100644 ---- a/pjsip/include/pjsip/sip_dialog.h -+++ b/pjsip/include/pjsip/sip_dialog.h -@@ -165,6 +165,7 @@ struct pjsip_dialog - pjsip_route_hdr route_set; /**< Route set. */ - pj_bool_t route_set_frozen; /**< Route set has been set. */ - pjsip_auth_clt_sess auth_sess; /**< Client authentication session. */ -+ pj_str_t initial_dest;/**< Initial destination host. */ - - /** Session counter. */ - int sess_count; /**< Number of sessions. */ -diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c -index 27530e4f2..9571b5a35 100644 ---- a/pjsip/src/pjsip/sip_dialog.c -+++ b/pjsip/src/pjsip/sip_dialog.c -@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua, - - /* Save the remote info. */ - pj_strdup(dlg->pool, &dlg->remote.info_str, &tmp); -+ -+ /* Save initial destination host from transport's info */ -+ pj_strdup(dlg->pool, &dlg->initial_dest, -+ &rdata->tp_info.transport->remote_name.host); - - - /* Init remote's contact from Contact header. -@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw( pjsip_dialog *dlg, - return status; - } - -+ /* Copy the initial destination host to tdata. This information can be -+ * used later by transport for transport selection. -+ */ -+ if (dlg->initial_dest.slen) -+ pj_strdup(tdata->pool, &tdata->dest_info.name, &dlg->initial_dest); -+ - /* Done. */ - *p_tdata = tdata; - -@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg, const pjsip_rx_data *rdata) - * transaction as the initial transaction that establishes dialog. - */ - if (dlg->role == PJSIP_ROLE_UAC) { -+ /* Save initial destination host from transport's info. */ -+ if (!dlg->initial_dest.slen) { -+ pj_strdup(dlg->pool, &dlg->initial_dest, -+ &rdata->tp_info.transport->remote_name.host); -+ } - - /* Ignore subsequent request from remote */ - if (msg->type != PJSIP_RESPONSE_MSG) -diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c -index bef6d24fe..177274b08 100644 ---- a/pjsip/src/pjsip/sip_transport.c -+++ b/pjsip/src/pjsip/sip_transport.c -@@ -2335,6 +2335,19 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, - if (!tp_iter->tp->is_shutdown && - !tp_iter->tp->is_destroying) - { -+ if ((type & PJSIP_TRANSPORT_SECURE) && tdata) { -+ /* For secure transport, make sure tdata's -+ * destination host matches the transport's -+ * remote host. -+ */ -+ if (pj_stricmp(&tdata->dest_info.name, -+ &tp_iter->tp->remote_name.host)) -+ { -+ tp_iter = tp_iter->next; -+ continue; -+ } -+ } -+ - if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER && - sel->u.listener) - { -diff --git a/pjsip/src/pjsip/sip_util.c b/pjsip/src/pjsip/sip_util.c -index a1bf878ea..cf916805d 100644 ---- a/pjsip/src/pjsip/sip_util.c -+++ b/pjsip/src/pjsip/sip_util.c -@@ -1417,7 +1417,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_request_stateless(pjsip_endpoint *endpt, - */ - if (tdata->dest_info.addr.count == 0) { - /* Copy the destination host name to TX data */ -- pj_strdup(tdata->pool, &tdata->dest_info.name, &dest_info.addr.host); -+ if (!tdata->dest_info.name.slen) { -+ pj_strdup(tdata->pool, &tdata->dest_info.name, -+ &dest_info.addr.host); -+ } - - pjsip_endpt_resolve( endpt, tdata->pool, &dest_info, stateless_data, - &stateless_send_resolver_callback); -@@ -1810,8 +1813,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_response( pjsip_endpoint *endpt, - } - } else { - /* Copy the destination host name to TX data */ -- pj_strdup(tdata->pool, &tdata->dest_info.name, -- &res_addr->dst_host.addr.host); -+ if (!tdata->dest_info.name.slen) { -+ pj_strdup(tdata->pool, &tdata->dest_info.name, -+ &res_addr->dst_host.addr.host); -+ } - - pjsip_endpt_resolve(endpt, tdata->pool, &res_addr->dst_host, - send_state, &send_response_resolver_cb); --- -2.26.2 - diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch deleted file mode 100644 index 9dc9016e491a..000000000000 --- a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 97b3d7addbaa720b7ddb0af9bf6f3e443e664365 Mon Sep 17 00:00:00 2001 -From: Nanang Izzuddin <nanang@teluu.com> -Date: Mon, 8 Mar 2021 16:09:34 +0700 -Subject: [PATCH] Merge pull request from GHSA-hvq6-f89p-frvp - ---- - pjmedia/src/pjmedia/sdp_neg.c | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/pjmedia/src/pjmedia/sdp_neg.c b/pjmedia/src/pjmedia/sdp_neg.c -index f4838f75d..9f76b5200 100644 ---- a/pjmedia/src/pjmedia/sdp_neg.c -+++ b/pjmedia/src/pjmedia/sdp_neg.c -@@ -304,7 +304,6 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2( - { - pjmedia_sdp_session *new_offer; - pjmedia_sdp_session *old_offer; -- char media_used[PJMEDIA_MAX_SDP_MEDIA]; - unsigned oi; /* old offer media index */ - pj_status_t status; - -@@ -323,8 +322,19 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2( - /* Change state to STATE_LOCAL_OFFER */ - neg->state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER; - -+ /* When there is no active local SDP in state PJMEDIA_SDP_NEG_STATE_DONE, -+ * it means that the previous initial SDP nego must have been failed, -+ * so we'll just set the local SDP offer here. -+ */ -+ if (!neg->active_local_sdp) { -+ neg->initial_sdp_tmp = NULL; -+ neg->initial_sdp = pjmedia_sdp_session_clone(pool, local); -+ neg->neg_local_sdp = pjmedia_sdp_session_clone(pool, local); -+ -+ return PJ_SUCCESS; -+ } -+ - /* Init vars */ -- pj_bzero(media_used, sizeof(media_used)); - old_offer = neg->active_local_sdp; - new_offer = pjmedia_sdp_session_clone(pool, local); - --- -2.26.2 - diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch deleted file mode 100644 index ba31cf19eda7..000000000000 --- a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch +++ /dev/null @@ -1,289 +0,0 @@ -From d5f95aa066f878b0aef6a64e60b61e8626e664cd Mon Sep 17 00:00:00 2001 -From: Nanang Izzuddin <nanang@teluu.com> -Date: Fri, 23 Jul 2021 10:49:21 +0700 -Subject: [PATCH] Merge pull request from GHSA-cv8x-p47p-99wr - -* - Avoid SSL socket parent/listener getting destroyed during handshake by increasing parent's reference count. -- Add missing SSL socket close when the newly accepted SSL socket is discarded in SIP TLS transport. - -* - Fix silly mistake: accepted active socket created without group lock in SSL socket. -- Replace assertion with normal validation check of SSL socket instance in OpenSSL verification callback (verify_cb()) to avoid crash, e.g: if somehow race condition with SSL socket destroy happens or OpenSSL application data index somehow gets corrupted. ---- - pjlib/src/pj/ssl_sock_imp_common.c | 47 +++++++++++++++++++++-------- - pjlib/src/pj/ssl_sock_ossl.c | 45 ++++++++++++++++++++++----- - pjsip/src/pjsip/sip_transport_tls.c | 23 +++++++++++++- - 3 files changed, 95 insertions(+), 20 deletions(-) - -diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c -index 025832da4..24533b397 100644 ---- a/pjlib/src/pj/ssl_sock_imp_common.c -+++ b/pjlib/src/pj/ssl_sock_imp_common.c -@@ -255,6 +255,8 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock, - - /* Accepting */ - if (ssock->is_server) { -+ pj_bool_t ret = PJ_TRUE; -+ - if (status != PJ_SUCCESS) { - /* Handshake failed in accepting, destroy our self silently. */ - -@@ -272,6 +274,12 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock, - status); - } - -+ /* Decrement ref count of parent */ -+ if (ssock->parent->param.grp_lock) { -+ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock); -+ ssock->parent = NULL; -+ } -+ - /* Originally, this is a workaround for ticket #985. However, - * a race condition may occur in multiple worker threads - * environment when we are destroying SSL objects while other -@@ -315,23 +323,29 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock, - - return PJ_FALSE; - } -+ - /* Notify application the newly accepted SSL socket */ - if (ssock->param.cb.on_accept_complete2) { -- pj_bool_t ret; - ret = (*ssock->param.cb.on_accept_complete2) - (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr, - pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr), - status); -- if (ret == PJ_FALSE) -- return PJ_FALSE; - } else if (ssock->param.cb.on_accept_complete) { -- pj_bool_t ret; - ret = (*ssock->param.cb.on_accept_complete) - (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr, - pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr)); -- if (ret == PJ_FALSE) -- return PJ_FALSE; - } -+ -+ /* Decrement ref count of parent and reset parent (we don't need it -+ * anymore, right?). -+ */ -+ if (ssock->parent->param.grp_lock) { -+ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock); -+ ssock->parent = NULL; -+ } -+ -+ if (ret == PJ_FALSE) -+ return PJ_FALSE; - } - - /* Connecting */ -@@ -930,9 +944,13 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent, - if (status != PJ_SUCCESS) - goto on_return; - -+ /* Set parent and add ref count (avoid parent destroy during handshake) */ -+ ssock->parent = ssock_parent; -+ if (ssock->parent->param.grp_lock) -+ pj_grp_lock_add_ref(ssock->parent->param.grp_lock); -+ - /* Update new SSL socket attributes */ - ssock->sock = newsock; -- ssock->parent = ssock_parent; - ssock->is_server = PJ_TRUE; - if (ssock_parent->cert) { - status = pj_ssl_sock_set_certificate(ssock, ssock->pool, -@@ -957,16 +975,20 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent, - ssock->asock_rbuf = (void**)pj_pool_calloc(ssock->pool, - ssock->param.async_cnt, - sizeof(void*)); -- if (!ssock->asock_rbuf) -- return PJ_ENOMEM; -+ if (!ssock->asock_rbuf) { -+ status = PJ_ENOMEM; -+ goto on_return; -+ } - - for (i = 0; i<ssock->param.async_cnt; ++i) { - ssock->asock_rbuf[i] = (void*) pj_pool_alloc( - ssock->pool, - ssock->param.read_buffer_size + - sizeof(read_data_t*)); -- if (!ssock->asock_rbuf[i]) -- return PJ_ENOMEM; -+ if (!ssock->asock_rbuf[i]) { -+ status = PJ_ENOMEM; -+ goto on_return; -+ } - } - - /* If listener socket has group lock, automatically create group lock -@@ -980,7 +1002,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent, - goto on_return; - - pj_grp_lock_add_ref(glock); -- asock_cfg.grp_lock = ssock->param.grp_lock = glock; -+ ssock->param.grp_lock = glock; - pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock, - ssl_on_destroy); - } -@@ -1008,6 +1030,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent, - - /* Create active socket */ - pj_activesock_cfg_default(&asock_cfg); -+ asock_cfg.grp_lock = ssock->param.grp_lock; - asock_cfg.async_cnt = ssock->param.async_cnt; - asock_cfg.concurrency = ssock->param.concurrency; - asock_cfg.whole_data = PJ_TRUE; -diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c -index 88a2a6b94..df4f4f96a 100644 ---- a/pjlib/src/pj/ssl_sock_ossl.c -+++ b/pjlib/src/pj/ssl_sock_ossl.c -@@ -327,7 +327,8 @@ static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock, - ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock); - } - -- ssock->last_err = err; -+ if (ssock) -+ ssock->last_err = err; - return GET_STATUS_FROM_SSL_ERR(err); - } - -@@ -344,7 +345,8 @@ static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock, - /* Dig for more from OpenSSL error queue */ - SSLLogErrors(action, ret, err, len, ssock); - -- ssock->last_err = ssl_err; -+ if (ssock) -+ ssock->last_err = ssl_err; - return GET_STATUS_FROM_SSL_ERR(ssl_err); - } - -@@ -786,6 +788,13 @@ static pj_status_t init_openssl(void) - - /* Create OpenSSL application data index for SSL socket */ - sslsock_idx = SSL_get_ex_new_index(0, "SSL socket", NULL, NULL, NULL); -+ if (sslsock_idx == -1) { -+ status = STATUS_FROM_SSL_ERR2("Init", NULL, -1, ERR_get_error(), 0); -+ PJ_LOG(1,(THIS_FILE, -+ "Fatal error: failed to get application data index for " -+ "SSL socket")); -+ return status; -+ } - - #if defined(PJ_SSL_SOCK_OSSL_USE_THREAD_CB) && \ - PJ_SSL_SOCK_OSSL_USE_THREAD_CB != 0 && OPENSSL_VERSION_NUMBER < 0x10100000L -@@ -819,21 +828,36 @@ static int password_cb(char *buf, int num, int rwflag, void *user_data) - } - - --/* SSL password callback. */ -+/* SSL certificate verification result callback. -+ * Note that this callback seems to be always called from library worker -+ * thread, e.g: active socket on_read_complete callback, which should have -+ * already been equipped with race condition avoidance mechanism (should not -+ * be destroyed while callback is being invoked). -+ */ - static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) - { -- pj_ssl_sock_t *ssock; -- SSL *ossl_ssl; -+ pj_ssl_sock_t *ssock = NULL; -+ SSL *ossl_ssl = NULL; - int err; - - /* Get SSL instance */ - ossl_ssl = X509_STORE_CTX_get_ex_data(x509_ctx, - SSL_get_ex_data_X509_STORE_CTX_idx()); -- pj_assert(ossl_ssl); -+ if (!ossl_ssl) { -+ PJ_LOG(1,(THIS_FILE, -+ "SSL verification callback failed to get SSL instance")); -+ goto on_return; -+ } - - /* Get SSL socket instance */ - ssock = SSL_get_ex_data(ossl_ssl, sslsock_idx); -- pj_assert(ssock); -+ if (!ssock) { -+ /* SSL socket may have been destroyed */ -+ PJ_LOG(1,(THIS_FILE, -+ "SSL verification callback failed to get SSL socket " -+ "instance (sslsock_idx=%d).", sslsock_idx)); -+ goto on_return; -+ } - - /* Store verification status */ - err = X509_STORE_CTX_get_error(x509_ctx); -@@ -911,6 +935,7 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) - if (PJ_FALSE == ssock->param.verify_peer) - preverify_ok = 1; - -+on_return: - return preverify_ok; - } - -@@ -1474,6 +1499,12 @@ static void ssl_destroy(pj_ssl_sock_t *ssock) - static void ssl_reset_sock_state(pj_ssl_sock_t *ssock) - { - ossl_sock_t *ossock = (ossl_sock_t *)ssock; -+ -+ /* Detach from SSL instance */ -+ if (ossock->ossl_ssl) { -+ SSL_set_ex_data(ossock->ossl_ssl, sslsock_idx, NULL); -+ } -+ - /** - * Avoid calling SSL_shutdown() if handshake wasn't completed. - * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an -diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c -index 56a06cf99..24e43ef60 100644 ---- a/pjsip/src/pjsip/sip_transport_tls.c -+++ b/pjsip/src/pjsip/sip_transport_tls.c -@@ -1333,9 +1333,26 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock, - PJ_UNUSED_ARG(src_addr_len); - - listener = (struct tls_listener*) pj_ssl_sock_get_user_data(ssock); -+ if (!listener) { -+ /* Listener already destroyed, e.g: after TCP accept but before SSL -+ * handshake is completed. -+ */ -+ if (new_ssock && accept_status == PJ_SUCCESS) { -+ /* Close the SSL socket if the accept op is successful */ -+ PJ_LOG(4,(THIS_FILE, -+ "Incoming TLS connection from %s (sock=%d) is discarded " -+ "because listener is already destroyed", -+ pj_sockaddr_print(src_addr, addr, sizeof(addr), 3), -+ new_ssock)); -+ -+ pj_ssl_sock_close(new_ssock); -+ } -+ -+ return PJ_FALSE; -+ } - - if (accept_status != PJ_SUCCESS) { -- if (listener && listener->tls_setting.on_accept_fail_cb) { -+ if (listener->tls_setting.on_accept_fail_cb) { - pjsip_tls_on_accept_fail_param param; - pj_ssl_sock_info ssi; - -@@ -1358,6 +1375,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock, - PJ_ASSERT_RETURN(new_ssock, PJ_TRUE); - - if (!listener->is_registered) { -+ pj_ssl_sock_close(new_ssock); -+ - if (listener->tls_setting.on_accept_fail_cb) { - pjsip_tls_on_accept_fail_param param; - pj_bzero(¶m, sizeof(param)); -@@ -1409,6 +1428,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock, - ssl_info.grp_lock, &tls); - - if (status != PJ_SUCCESS) { -+ pj_ssl_sock_close(new_ssock); -+ - if (listener->tls_setting.on_accept_fail_cb) { - pjsip_tls_on_accept_fail_param param; - pj_bzero(¶m, sizeof(param)); --- -2.31.1 - diff --git a/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch b/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch deleted file mode 100644 index b036951d9edd..000000000000 --- a/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 90a16c523bfdf4d43c10506c972c5fd4250b2856 Mon Sep 17 00:00:00 2001 -From: Nanang Izzuddin <nanang@teluu.com> -Date: Fri, 20 Nov 2020 10:52:22 +0700 -Subject: [PATCH] Race condition between transport destroy and acquire (#2470) - -* Handle race condition between transport_idle_callback() and pjsip_tpmgr_acquire_transport2(). -* Add transport destroy state check as additional of transport shutdown state check ---- - pjsip/src/pjsip/sip_transaction.c | 2 +- - pjsip/src/pjsip/sip_transport.c | 34 +++++++++++++++++++++++++------ - 2 files changed, 29 insertions(+), 7 deletions(-) - -diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c -index 2b4ece7df..f663c7f4b 100644 ---- a/pjsip/src/pjsip/sip_transaction.c -+++ b/pjsip/src/pjsip/sip_transaction.c -@@ -2443,7 +2443,7 @@ static void tsx_update_transport( pjsip_transaction *tsx, - pjsip_transport_add_ref(tp); - pjsip_transport_add_state_listener(tp, &tsx_tp_state_callback, tsx, - &tsx->tp_st_key); -- if (tp->is_shutdown) { -+ if (tp->is_shutdown || tp->is_destroying) { - pjsip_transport_state_info info; - - pj_bzero(&info, sizeof(info)); -diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c -index 06fce358c..bef6d24fe 100644 ---- a/pjsip/src/pjsip/sip_transport.c -+++ b/pjsip/src/pjsip/sip_transport.c -@@ -1071,6 +1071,19 @@ static void transport_idle_callback(pj_timer_heap_t *timer_heap, - return; - - entry->id = PJ_FALSE; -+ -+ /* Set is_destroying flag under transport manager mutex to avoid -+ * race condition with pjsip_tpmgr_acquire_transport2(). -+ */ -+ pj_lock_acquire(tp->tpmgr->lock); -+ if (pj_atomic_get(tp->ref_cnt) == 0) { -+ tp->is_destroying = PJ_TRUE; -+ } else { -+ pj_lock_release(tp->tpmgr->lock); -+ return; -+ } -+ pj_lock_release(tp->tpmgr->lock); -+ - pjsip_transport_destroy(tp); - } - -@@ -1392,8 +1405,8 @@ PJ_DEF(pj_status_t) pjsip_transport_shutdown2(pjsip_transport *tp, - mgr = tp->tpmgr; - pj_lock_acquire(mgr->lock); - -- /* Do nothing if transport is being shutdown already */ -- if (tp->is_shutdown) { -+ /* Do nothing if transport is being shutdown/destroyed already */ -+ if (tp->is_shutdown || tp->is_destroying) { - pj_lock_release(mgr->lock); - pj_lock_release(tp->lock); - return PJ_SUCCESS; -@@ -2256,6 +2269,13 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, - return PJSIP_ETPNOTSUITABLE; - } - -+ /* Make sure the transport is not being destroyed */ -+ if (seltp->is_destroying) { -+ pj_lock_release(mgr->lock); -+ TRACE_((THIS_FILE,"Transport to be acquired is being destroyed")); -+ return PJ_ENOTFOUND; -+ } -+ - /* We could also verify that the destination address is reachable - * from this transport (i.e. both are equal), but if application - * has requested a specific transport to be used, assume that -@@ -2311,8 +2331,10 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, - if (tp_entry) { - transport *tp_iter = tp_entry; - do { -- /* Don't use transport being shutdown */ -- if (!tp_iter->tp->is_shutdown) { -+ /* Don't use transport being shutdown/destroyed */ -+ if (!tp_iter->tp->is_shutdown && -+ !tp_iter->tp->is_destroying) -+ { - if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER && - sel->u.listener) - { -@@ -2382,7 +2404,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, - TRACE_((THIS_FILE, "Transport found but from different listener")); - } - -- if (tp_ref!=NULL && !tp_ref->is_shutdown) { -+ if (tp_ref!=NULL && !tp_ref->is_shutdown && !tp_ref->is_destroying) { - /* - * Transport found! - */ -@@ -2624,7 +2646,7 @@ PJ_DEF(pj_status_t) pjsip_transport_add_state_listener ( - - PJ_ASSERT_RETURN(tp && cb && key, PJ_EINVAL); - -- if (tp->is_shutdown) { -+ if (tp->is_shutdown || tp->is_destroying) { - *key = NULL; - return PJ_EINVALIDOP; - } --- -2.26.2 - diff --git a/net-libs/pjproject/files/pjproject-2.9-config_site.h b/net-libs/pjproject/files/pjproject-2.12.1-config_site.h index d41ac1d1947b..37d094e24bbc 100644 --- a/net-libs/pjproject/files/pjproject-2.9-config_site.h +++ b/net-libs/pjproject/files/pjproject-2.12.1-config_site.h @@ -6,10 +6,25 @@ #include <sys/select.h> -/* handled by ebuild, default to disabled here */ -#ifndef PJMEDIA_HAS_SRTP -#define PJMEDIA_HAS_SRTP 0 -#endif +#define GENTOO_INVALID (Gentoo compile failure - please report a bug on bugs.gentoo.org) + +/* asterisk_malloc_debug.h is not required ... most of the operations are no-ops regardless + * and I can't see why asterisk is looking to compile this directly into pjproject */ + +/* + * Defining PJMEDIA_HAS_SRTP to 0 does NOT disable Asterisk's ability to use srtp. + * It only disables the pjmedia srtp transport which Asterisk doesn't use. + * The reason for the disable is that while Asterisk works fine with older libsrtp + * versions, newer versions of pjproject won't compile with them. + * + * Disabling this depends on an additional pjproject patch. So just leave it + * enabled for the time being, as it has always been enabled. + */ +#define PJMEDIA_HAS_SRTP 1 + +/* Ability to change this has ABI implications, force it on */ +/* Can be reconsidered in future: https://bugs.gentoo.org/680496 */ +#define PJ_HAS_IPV6 1 #define PJ_MAX_HOSTNAME (256) #define PJSIP_MAX_URL_SIZE (512) @@ -33,6 +48,7 @@ #define PJSIP_MAX_DIALOG_COUNT ((64*1024)-1) #define PJSIP_UDP_SO_SNDBUF_SIZE (512*1024) #define PJSIP_UDP_SO_RCVBUF_SIZE (512*1024) +#define PJ_DEBUG 0 #define PJSIP_SAFE_MODULE 0 #define PJ_HAS_STRICMP_ALNUM 0 @@ -50,19 +66,19 @@ Enabling it will result in SEGFAULTS when URIs containing escape sequences are encountered. */ #undef PJSIP_UNESCAPE_IN_PLACE -#define PJSIP_MAX_PKT_LEN 32000 +#define PJSIP_MAX_PKT_LEN 65535 #undef PJ_TODO #define PJ_TODO(x) /* Defaults too low for WebRTC */ -#define PJ_ICE_MAX_CAND 32 +#define PJ_ICE_MAX_CAND 64 #define PJ_ICE_MAX_CHECKS (PJ_ICE_MAX_CAND * PJ_ICE_MAX_CAND) /* Increase limits to allow more formats */ #define PJMEDIA_MAX_SDP_FMT 64 #define PJMEDIA_MAX_SDP_BANDW 4 -#define PJMEDIA_MAX_SDP_ATTR (PJMEDIA_MAX_SDP_FMT*2 + 4) +#define PJMEDIA_MAX_SDP_ATTR (PJMEDIA_MAX_SDP_FMT*3 + 4) #define PJMEDIA_MAX_SDP_MEDIA 16 /* @@ -72,3 +88,10 @@ */ #define PJSIP_TCP_KEEP_ALIVE_INTERVAL 0 #define PJSIP_TLS_KEEP_ALIVE_INTERVAL 0 + +#define PJSIP_TSX_UAS_CONTINUE_ON_TP_ERROR 0 +#define PJ_SSL_SOCK_OSSL_USE_THREAD_CB 0 +#define PJSIP_AUTH_ALLOW_MULTIPLE_AUTH_HEADER 1 + +/* Required to enable things like USE=video. */ +#define PJMEDIA_HAS_VIDEO GENTOO_INVALID diff --git a/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch b/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch deleted file mode 100644 index bb8a11d7f457..000000000000 --- a/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 2942c73cd3b3389ec1a35258f22ac9d0f0742de1 Mon Sep 17 00:00:00 2001 -From: Jaco Kroon <jaco@iewc.co.za> -Date: Thu, 24 May 2018 15:40:33 +0200 -Subject: [PATCH] Fix support for --enable-ssl. - -This change enables the explicit use of --enable-ssl in such a way that -package managers such as portage (Gentoo) that explicitly does ---enable-ssl or --disable-ssl will get the results that it's looking -for. - -Without this specifying --enable-ssl would end up actually disabling it. - -Additionally, if --enable-ssl is specified but the script ends up being -unable to enable ssl it will fail. ---- - aconfigure | 16 ++++++++++++---- - aconfigure.ac | 15 ++++++++++++--- - 2 files changed, 24 insertions(+), 7 deletions(-) - -diff --git a/aconfigure b/aconfigure -index 0cf17faae..57bdfba87 100755 ---- a/aconfigure -+++ b/aconfigure -@@ -8001,8 +8001,9 @@ if test "${enable_ssl+set}" = set; then : - $as_echo "Checking if SSL support is disabled... yes" >&6; } - fi - --else -+fi - -+if test "x$ac_no_ssl" != "x1"; then - if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then - CFLAGS="$CFLAGS -I$with_ssl/include" - CPPFLAGS="$CPPFLAGS -I$with_ssl/include" -@@ -8317,16 +8318,23 @@ $as_echo "GnuTLS library found, SSL support enabled" >&6; } - - ac_ssl_backend="gnutls" - else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No GnuTLS libraries found, disabling SSL support **" >&5 --$as_echo "** No GnuTLS libraries found, disabling SSL support **" >&6; } -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No GnuTLS libraries found **" >&5 -+$as_echo "** No GnuTLS libraries found **" >&6; } - fi - - fi - -+ if test "x$ac_ssl_backend" = "x"; then -+ if test "x$enable_ssl" = "xyes"; then -+ as_fn_error $? "SSL Support requested but neither OpenSSL nor GnuTLS operational" "$LINENO" 5 -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: No SSL detected, disabling SSL support" >&5 -+$as_echo "No SSL detected, disabling SSL support" >&6; } -+ fi -+ fi - fi - - -- - # Check whether --with-opencore-amrnb was given. - if test "${with_opencore_amrnb+set}" = set; then : - withval=$with_opencore_amrnb; as_fn_error $? "This option is obsolete and replaced by --with-opencore-amr=DIR" "$LINENO" 5 -diff --git a/aconfigure.ac b/aconfigure.ac -index 8d7d944a1..45c42756b 100644 ---- a/aconfigure.ac -+++ b/aconfigure.ac -@@ -1607,7 +1607,8 @@ AC_ARG_ENABLE(ssl, - AC_MSG_RESULT([Checking if SSL support is disabled... yes]) - fi - ], -- [ -+ []) -+if test "x$ac_no_ssl" != "x1"; then - if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then - CFLAGS="$CFLAGS -I$with_ssl/include" - CPPFLAGS="$CPPFLAGS -I$with_ssl/include" -@@ -1692,11 +1693,19 @@ AC_ARG_ENABLE(ssl, - AC_DEFINE(PJ_SSL_SOCK_IMP, PJ_SSL_SOCK_IMP_GNUTLS) - ac_ssl_backend="gnutls" - else -- AC_MSG_RESULT([** No GnuTLS libraries found, disabling SSL support **]) -+ AC_MSG_RESULT([** No GnuTLS libraries found **]) - fi - - fi -- ]) -+ -+ if test "x$ac_ssl_backend" = "x"; then -+ if test "x$enable_ssl" = "xyes"; then -+ AC_MSG_ERROR([SSL Support requested but neither OpenSSL nor GnuTLS operational]) -+ else -+ AC_MSG_RESULT([No SSL detected, disabling SSL support]) -+ fi -+ fi -+fi - - dnl # Obsolete option --with-opencore-amrnb - AC_ARG_WITH(opencore-amrnb, --- -2.23.0 - |