Browse code

dialog: dmq operations under locked dlg table entry

- protect against races that could be due to rentransmissions or other
parallel processing cases
- related to GH #2224

Daniel-Constantin Mierla authored on 23/03/2020 16:57:48
Showing 1 changed files
... ...
@@ -99,7 +99,7 @@ int dlg_dmq_handle_msg(struct sip_msg* msg, peer_reponse_t* resp, dmq_node_t* no
99 99
 {
100 100
 	int content_length;
101 101
 	str body;
102
-	dlg_cell_t *dlg;
102
+	dlg_cell_t *dlg = NULL;
103 103
 	int unref = 0;
104 104
 	int ret;
105 105
 	srjson_doc_t jdoc, prof_jdoc;
... ...
@@ -216,7 +216,7 @@ int dlg_dmq_handle_msg(struct sip_msg* msg, peer_reponse_t* resp, dmq_node_t* no
216 216
 		}
217 217
 	}
218 218
 
219
-	dlg = dlg_get_by_iuid(&iuid);
219
+	dlg = dlg_get_by_iuid_mode(&iuid, 1);
220 220
 	if (dlg) {
221 221
 		LM_DBG("found dialog [%u:%u] at %p\n", iuid.h_entry, iuid.h_id, dlg);
222 222
 		unref++;
... ...
@@ -237,6 +237,7 @@ int dlg_dmq_handle_msg(struct sip_msg* msg, peer_reponse_t* resp, dmq_node_t* no
237 237
 					LM_ERR("inconsistent hash data from peer: "
238 238
 						"make sure all Kamailio's use the same hash size\n");
239 239
 					shm_free(dlg);
240
+					dlg = NULL;
240 241
 					goto error;
241 242
 				}
242 243
 
... ...
@@ -391,8 +392,14 @@ int dlg_dmq_handle_msg(struct sip_msg* msg, peer_reponse_t* resp, dmq_node_t* no
391 392
 		case DLG_DMQ_NONE:
392 393
 			break;
393 394
 	}
394
-	if (dlg && unref)
395
-		dlg_unref(dlg, unref);
395
+	if (dlg) {
396
+		if(unref) {
397
+			dlg_unref(dlg, unref);
398
+		}
399
+		if(newdlg == 0) {
400
+			dlg_cell_unlock(dlg);
401
+		}
402
+	}
396 403
 
397 404
 	srjson_DestroyDoc(&jdoc);
398 405
 	resp->reason = dmq_200_rpl;
... ...
@@ -407,6 +414,11 @@ invalid2:
407 414
 	return 0;
408 415
 
409 416
 error:
417
+	if (dlg) {
418
+		if(newdlg == 0) {
419
+			dlg_cell_unlock(dlg);
420
+		}
421
+	}
410 422
 	srjson_DestroyDoc(&jdoc);
411 423
 	resp->reason = dmq_500_rpl;
412 424
 	resp->resp_code = 500;