Summary: | ASTERISK-27452: Security: chan_skinny: Memory exhaustion if flooded with unauthenticated requests | ||
Reporter: | George Joseph (gjoseph) | Labels: | |
Date Opened: | 2017-11-30 12:08:37.000-0600 | Date Closed: | 2017-12-01 13:29:24.000-0600 |
Priority: | Critical | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_skinny |
Versions: | 13.18.2 GIT 15.1.2 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Attachments: | ( 0) AST-2017-013.txt | |
Description: | If chan_skinny is flooded with requests, asterisk will quickly escalate virtual memory (but not resident memory) to the point where no new memory allocations are possible.
| ||
Comments: | By: George Joseph (gjoseph) 2017-11-30 15:18:48.751-0600 Analysis: chan_skinny creates a new thread for each new session. In trying to be a good cleanup citizen, the threads are joinable and the unload_module function does a pthread_cancel() and a pthread_join() on any sessions that are active at that time. This has an unintended side effect though. Since you can call pthread_join on a thread that's already terminated, pthreads keeps the thread's storage around until you explicitly call pthread_join (or pthread_detach()). Since only the module_unload function was calling pthread_join, and even then only on the ones active at the tme, the storage for every thread/session ever created sticks around until asterisk exits. The solution was just to have every thread call pthread_detach() on itself before exiting. By: Friendly Automation (friendly-automation) 2017-12-01 13:29:25.504-0600 Change 7412 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7412|https://gerrit.asterisk.org/7412] By: Friendly Automation (friendly-automation) 2017-12-01 13:29:36.637-0600 Change 7413 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7413|https://gerrit.asterisk.org/7413] By: Friendly Automation (friendly-automation) 2017-12-01 13:29:45.978-0600 Change 7411 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7411|https://gerrit.asterisk.org/7411] By: Friendly Automation (friendly-automation) 2017-12-01 13:29:56.192-0600 Change 7414 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7414|https://gerrit.asterisk.org/7414] By: Friendly Automation (friendly-automation) 2017-12-01 13:30:05.711-0600 Change 7415 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7415|https://gerrit.asterisk.org/7415] By: Friendly Automation (friendly-automation) 2017-12-01 13:30:15.964-0600 Change 7416 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7416|https://gerrit.asterisk.org/7416] By: Friendly Automation (friendly-automation) 2017-12-01 13:30:25.629-0600 Change 7417 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7417|https://gerrit.asterisk.org/7417] By: Friendly Automation (friendly-automation) 2017-12-01 13:30:35.160-0600 Change 7418 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7418|https://gerrit.asterisk.org/7418] By: Friendly Automation (friendly-automation) 2017-12-01 13:31:07.138-0600 Change 7419 merged by George Joseph: AST-2017-013: chan_skinny: Call pthread_detach when sess threads end [https://gerrit.asterisk.org/7419|https://gerrit.asterisk.org/7419] |