Izib / rfc5766-turn-server

Automatically exported from code.google.com/p/rfc5766-turn-server
0 stars 0 forks source link

infinite loop from newid conflict. #99

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
infinite loop from newid conflict.

Because newid is not generated again.
(version Citrix-3.1.1.0 'Arch Lector')

Thread 10 (Thread 0x7fa077f5d700 (LWP 24843)):
#0  0x00007fa0898f0533 in kh_get_3 (key=396321632, h=0x7fa06c0368b0) at 
src/server/ns_turn_maps.c:37
#1  kh_get_3 (key=396321632, h=0x7fa06c0368b0) at src/server/ns_turn_maps.c:107
#2  ur_map_get (map=<optimized out>, key=<optimized out>, value=0x0) at 
src/server/ns_turn_maps.c:113
#3  0x00007fa0898eee1b in set_new_tc_id (tc=0x7fa06c64a6e0, 
server_id=<optimized out>) at src/server/ns_turn_allocation.c:379
#4  create_tcp_connection (server_id=<optimized out>, a=<optimized out>, 
tid=<optimized out>, peer_addr=<optimized out>,
    err_code=<optimized out>) at src/server/ns_turn_allocation.c:402
#5  0x00007fa0898f3fd6 in tcp_peer_accept_connection (s=0x7fa06c604ce0, 
arg=0x7fa06c6d9280) at src/server/ns_turn_server.c:1628
#6  0x00007fa0898d317e in tcp_listener_input_handler (l=<optimized out>, 
fd=16887, sa=<optimized out>, socklen=<optimized out>,
    arg=0x7fa06c890080) at src/apps/relay/ns_ioalib_engine_impl.c:1062
#7  0x00007fa088e587f4 in ?? () from /usr/lib/libevent_core-2.0.so.5
#8  0x00007fa088e4c2fc in event_base_loop () from 
/usr/lib/libevent_core-2.0.so.5
#9  0x00007fa0898d8e6e in run_events (eb=0x7fa06c0248b0) at 
src/apps/relay/netengine.c:1104
#10 0x00007fa0898d8ed1 in run_general_relay_thread (arg=0x7fa08ad87310) at 
src/apps/relay/netengine.c:1209
#11 0x00007fa087ea6e9a in start_thread () from 
/lib/x86_64-linux-gnu/libpthread.so.0
#12 0x00007fa087bd33fd in clone () from /lib/x86_64-linux-gnu/libc.so.6
#13 0x0000000000000000 in ?? ()

diff --git a/src/server/ns_turn_allocation.c b/src/server/ns_turn_allocation.c
index 4864a4e..d081683 100644
--- a/src/server/ns_turn_allocation.c
+++ b/src/server/ns_turn_allocation.c
@@ -482,10 +482,11 @@ void ch_map_clean(ch_map* map)
 static void set_new_tc_id(u08bits server_id, tcp_connection *tc) {
    allocation *a = (allocation*)(tc->owner);
    ur_map *map = a->tcp_connections;
-   u32bits newid = 0;
+   u32bits newid;
    u32bits sid = server_id;
    sid = sid<<24;
    do {
+       newid = 0;
        while (!newid) {
            newid = (u32bits)random();
            if(!newid) {

Original issue reported on code.google.com by mutsutos...@mixi.co.jp on 13 Feb 2014 at 8:21

GoogleCodeExporter commented 9 years ago
Thanks a lot for reporting and suggesting a fix. It will be included into 
3.2.2.7 maintenance release, to be issued in a week.

Original comment by mom040...@gmail.com on 13 Feb 2014 at 8:34

GoogleCodeExporter commented 9 years ago
Fixed in 3.2.2.7

Original comment by mom040...@gmail.com on 14 Feb 2014 at 9:46