From d3e353fbb0a91b38cc0a15e2749e0753c923e9ec Mon Sep 17 00:00:00 2001 From: Paul Kramer <47924093+paulkram@users.noreply.github.com> Date: Sat, 3 Dec 2022 10:23:19 +0100 Subject: [PATCH 1/3] Fix memory corruption on socket close (#1113) Fix memory corruption introduced by commit c8663f4a91cd2d88f1d0e65144158c7bcfe8b35c If there was an unsuccessful session registration in open_client_connection_session, it adds a timer (before it didn't). Later during runtime, at session destruction, it removes the client_socket in close_ioa_socket. Then the timer gets triggered and runs the cleanup method client_to_be_allocated_timeout_handler and tries to access the stored client_socket. This then fails as it already was freed. The fix just sets the client_socket pointer to null and then the timer should detect this and not access already freed memory. The issue affects version 4.6.0, 4.6.0-r0 and 4.6.0-r1. Co-authored-by: Paul Kramer --- src/apps/relay/ns_ioalib_engine_impl.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/apps/relay/ns_ioalib_engine_impl.c b/src/apps/relay/ns_ioalib_engine_impl.c index b17cf3f..4c6683e 100644 --- a/src/apps/relay/ns_ioalib_engine_impl.c +++ b/src/apps/relay/ns_ioalib_engine_impl.c @@ -1548,9 +1548,15 @@ void close_ioa_socket(ioa_socket_handle s) close_socket_net_data(s); - s->session = NULL; - s->sub_session = NULL; - s->magic = 0; + if (s->session && s->session->client_socket == s) { + // Detaching client socket from super session to prevent mem corruption + // in case client_to_be_allocated_timeout_handler gets triggered + s->session->client_socket = NULL; + } + + s->session = NULL; + s->sub_session = NULL; + s->magic = 0; free(s); } From a005eee880b2db081c94b137600ff2aee29dfc19 Mon Sep 17 00:00:00 2001 From: Gustavo Garcia Date: Sat, 3 Dec 2022 22:21:29 +0100 Subject: [PATCH 2/3] Update version to 4.6.1 --- CMakeLists.txt | 2 +- docker/coturn/Makefile | 2 +- src/ns_turn_defs.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6e13417..e9f95b0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,7 +6,7 @@ project(coturn) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_SOURCE_DIR}/cmake) # TODO: Modify this when the version is released -SET(BUILD_VERSION "4.5.2") +SET(BUILD_VERSION "4.6.1") # Find Git Version Patch IF(EXISTS "${CMAKE_SOURCE_DIR}/.git") diff --git a/docker/coturn/Makefile b/docker/coturn/Makefile index bd23c98..9e63825 100644 --- a/docker/coturn/Makefile +++ b/docker/coturn/Makefile @@ -17,7 +17,7 @@ eq = $(if $(or $(1),$(2)),$(and $(findstring $(1),$(2)),\ # Project parameters # ###################### -COTURN_VER ?= 4.6.0 +COTURN_VER ?= 4.6.1 COTURN_MIN_VER = $(strip $(shell echo $(COTURN_VER) | cut -d '.' -f1,2)) COTURN_MAJ_VER = $(strip $(shell echo $(COTURN_VER) | cut -d '.' -f1)) diff --git a/src/ns_turn_defs.h b/src/ns_turn_defs.h index 6e925f1..51ce4ea 100644 --- a/src/ns_turn_defs.h +++ b/src/ns_turn_defs.h @@ -31,7 +31,7 @@ #ifndef __IOADEFS__ #define __IOADEFS__ -#define TURN_SERVER_VERSION "4.6.0" +#define TURN_SERVER_VERSION "4.6.1" #define TURN_SERVER_VERSION_NAME "Gorst" #define TURN_SOFTWARE "Coturn-" TURN_SERVER_VERSION " '" TURN_SERVER_VERSION_NAME "'" From 491b231f80471e63d3f5f3e967a9367e508b2da5 Mon Sep 17 00:00:00 2001 From: tyranron Date: Sun, 4 Dec 2022 11:54:30 +0100 Subject: [PATCH 3/3] Fix ChangeLog for 4.6.1 version --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index a7139a7..58bc12a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +03/12/2022 Gustavo Garcia Paul Kramer +Version 4.6.1 'Gorst': + - merge PR #1113 (paulkram) + * fix memory corruption on socket close 13/09/2022 Oleg Moskalenko Mihály Mészáros Gustavo Garcia Pavel Punsky Version 4.6.0 'Gorst': - merge PR #967 (eakraly)