fre42
commented
6 years ago I know that signing the CLA is still missing. I'll do it as soon I get the OK from my company.
Open fre42 opened 6 years ago
fre42
commented
6 years ago I know that signing the CLA is still missing. I'll do it as soon I get the OK from my company.
gsaslis
commented
6 years ago @fre42 plz also ping back here once CLA process is done ; )
thanks!!
We have a scenario where a load balancer (Linux Virtual Server - LVS) sends SIP OPTIONS every 5 seconds via TCP. When receiving this OPTIONS, our application (using this SIP stack) sends 200 OK and the LVS immediately closes the TCP connection after having received it. Im some cases the socket close is very fast and comes into the TCPMessageChannel while sending the 200 OK in method sendMessage is still in progress. Unfortunately the socket close will set the mySock member to null while the sendMessage method is still accessing it. This can happen, because the socket handling is not thread safe. sendMessage will then run into the situation that it overwrites the mySock with the current send socket sock (line 297). In our LVS case sock and mySock are the same because LVS puts it's own TCP port into the Via header and no additional TCP connection needs to be established for sending the response. As a result accessing the overwritten mySock causes a SocketException.
My suggested fix will avoid accessing the live mySock member by making a copy of it in the beginning of sendMessage and checks afterwards, if the copy is still identical to mySock. This avoids the problem we have but the socket handling is still not thread safe and needs further refactoring in the future.
sip-race-condition.log