From 24424c5121b3187f4756f7579f4ff04f2a15f4f4 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 10 Jun 2016 19:59:12 +0100 Subject: [PATCH] More updates from git --- ...606.patch => libnice-0.1.13-20160610.patch | 100 +++++++++++++++++- libnice.spec | 7 +- 2 files changed, 103 insertions(+), 4 deletions(-) rename libnice-0.1.13-20160606.patch => libnice-0.1.13-20160610.patch (99%) diff --git a/libnice-0.1.13-20160606.patch b/libnice-0.1.13-20160610.patch similarity index 99% rename from libnice-0.1.13-20160606.patch rename to libnice-0.1.13-20160610.patch index 3761e68..a5f2edb 100644 --- a/libnice-0.1.13-20160606.patch +++ b/libnice-0.1.13-20160610.patch @@ -1,3 +1,35 @@ +commit 30a0c230ae9b70c572060ad3037f68e102e4759a +Author: Olivier Crête +Date: Mon Jun 6 18:31:22 2016 -0400 + + conncheck: Remove pairs before freeing candidate + + Remove the whole pair before the candidate is + to be freed. + + https://phabricator.freedesktop.org/T7460 + +commit 71f7ed3eda829c3dc6afe9ed013c0ab826a1aa40 +Author: Olivier Crête +Date: Fri Feb 19 15:01:03 2016 -0500 + + stun timer: Do 7 retransmissions as recommended + + Also reduce the normal timeout to make the test bearable. + + This is what RFC 5389 section 7.2.1 + + Differential Revision: https://phabricator.freedesktop.org/D1056 + Maniphest Task: https://phabricator.freedesktop.org/T3339 + +commit dc1e1b7a1b258fb54ba582d2fe77ccd159c9fe88 +Author: Olivier Crête +Date: Mon Jun 6 16:21:54 2016 -0400 + + timer: Maximum retransmission should include the original one + + We really care about the maximum transmissions, the first one counts. + commit fad72879fa4a0896c55ac6fc5f77f6c05e369a2b Author: Olivier Crête Date: Fri Jun 3 18:42:59 2016 -0400 @@ -4669,7 +4701,7 @@ index 7ded710..6712794 100644 TurnServer * diff --git a/agent/conncheck.c b/agent/conncheck.c -index 057fc81..5cba478 100644 +index 057fc81..7e03985 100644 --- a/agent/conncheck.c +++ b/agent/conncheck.c @@ -61,18 +61,20 @@ @@ -6310,8 +6342,14 @@ index 057fc81..5cba478 100644 NiceSocket *sock) { GSList *l; -@@ -3379,7 +3675,8 @@ conn_check_prune_socket (NiceAgent *agent, Stream *stream, Component *component, +@@ -3375,14 +3671,20 @@ conn_check_prune_socket (NiceAgent *agent, Stream *stream, Component *component, + } + + /* Prune from the candidate check pairs. */ +- for (l = stream->conncheck_list; l != NULL; l = l->next) { ++ for (l = stream->conncheck_list; l != NULL;) { CandidateCheckPair *p = l->data; ++ GSList *next = l->next; if ((p->local != NULL && p->local->sockptr == sock) || - (p->remote != NULL && p->remote->sockptr == sock)) { @@ -6320,6 +6358,13 @@ index 057fc81..5cba478 100644 nice_debug ("Agent %p : Retransmissions failed, giving up on " "connectivity check %p", agent, p); candidate_check_pair_fail (stream, agent, p); ++ conn_check_free_item (p); ++ stream->conncheck_list = g_slist_delete_link (stream->conncheck_list, l); + } ++ ++ l = next; + } + } diff --git a/agent/conncheck.h b/agent/conncheck.h index e6c2c62..431c606 100644 --- a/agent/conncheck.h @@ -9044,6 +9089,19 @@ index 9faa64b..558fe5e 100644 return STUN_MESSAGE_BUFFER_INVALID; // RTP or other non-STUN packet } +diff --git a/stun/tests/test-bind.c b/stun/tests/test-bind.c +index 0c7646f..2cf4feb 100644 +--- a/stun/tests/test-bind.c ++++ b/stun/tests/test-bind.c +@@ -438,7 +438,7 @@ static void keepalive (void) + + static void test (void (*func) (void), const char *name) + { +- alarm (20); ++ alarm (30); + + printf ("%s test... ", name); + func (); diff --git a/stun/tests/test-conncheck.c b/stun/tests/test-conncheck.c index 610d43a..92b947c 100644 --- a/stun/tests/test-conncheck.c @@ -9184,6 +9242,44 @@ index a628791..a7d0d19 100644 } if (stun_agent_init_response (agent, msg, buf, len, req) == FALSE) { +diff --git a/stun/usages/timer.c b/stun/usages/timer.c +index 82f3ea2..2862ab8 100644 +--- a/stun/usages/timer.c ++++ b/stun/usages/timer.c +@@ -104,7 +104,7 @@ void stun_timer_start (StunTimer *timer, unsigned int initial_timeout, + unsigned int max_retransmissions) + { + stun_gettime (&timer->deadline); +- timer->retransmissions = 0; ++ timer->retransmissions = 1; + timer->delay = initial_timeout; + timer->max_retransmissions = max_retransmissions; + add_delay (&timer->deadline, timer->delay); +diff --git a/stun/usages/timer.h b/stun/usages/timer.h +index e6501cb..e74353b 100644 +--- a/stun/usages/timer.h ++++ b/stun/usages/timer.h +@@ -130,15 +130,18 @@ struct stun_timer_s { + * STUN_TIMER_DEFAULT_TIMEOUT: + * + * The default intial timeout to use for the timer ++ * RFC recommendds 500, but it's ridiculous, 50ms is known to work in most ++ * cases as it is also what is used by SIP style VoIP when sending A-Law and ++ * mu-Law audio, so 200ms should be hyper safe. + */ +-#define STUN_TIMER_DEFAULT_TIMEOUT 600 ++#define STUN_TIMER_DEFAULT_TIMEOUT 200 + + /** + * STUN_TIMER_DEFAULT_MAX_RETRANSMISSIONS: + * + * The default maximum retransmissions allowed before a timer decides to timeout + */ +-#define STUN_TIMER_DEFAULT_MAX_RETRANSMISSIONS 3 ++#define STUN_TIMER_DEFAULT_MAX_RETRANSMISSIONS 7 + + /** + * STUN_TIMER_DEFAULT_RELIABLE_TIMEOUT: diff --git a/stun/usages/turn.c b/stun/usages/turn.c index f242650..3b94959 100644 --- a/stun/usages/turn.c diff --git a/libnice.spec b/libnice.spec index 17ffee5..a4894cf 100644 --- a/libnice.spec +++ b/libnice.spec @@ -1,13 +1,13 @@ Name: libnice Version: 0.1.13 -Release: 5%{?dist} +Release: 6%{?dist} Summary: GLib ICE implementation Group: System Environment/Libraries License: LGPLv2 and MPLv1.1 URL: http://nice.freedesktop.org/wiki/ Source0: http://nice.freedesktop.org/releases/%{name}-%{version}.tar.gz -Patch1: libnice-0.1.13-20160606.patch +Patch1: libnice-0.1.13-20160610.patch BuildRequires: glib2-devel BuildRequires: gobject-introspection-devel @@ -124,6 +124,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %changelog +* Fri Jun 10 2016 David Woodhouse - 0.1.13-6 +- More updates from libnice git; use-after-free fixes + * Mon Jun 06 2016 David Woodhouse - 0.1.13-5 - Wholesale update to git HEAD, which fixes SIPE again.