[OpenSIPS-Users] [OpenSIPS Security Alerts] [FIX] [Severity Medium] DB_Flatstore module

Răzvan Crainea razvan at opensips.org
Fri Sep 14 12:40:46 CEST 2012


This message was generated by the Security Alerts service ( Free Trial 14th of August - 14th of September )
http://www.opensips.org/Resources/AlertsMain
*
SVN commit*:
http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9234

*Severity*: Medium

*Version*  : 1.8, trunk

*Affected modules*  : DB_Flatstore

*Effect*  : Flatstore database records were not inserted in file

*Affected scenarios*: When using the db_flatstore module for inserting records into a
file, if the database directory does not exist, or doesn't have write permissions, the
records would not be inserted.

*Description:*  The problem was that the db_flatstore module was not checking if the
database directory exists and if OpenSIPS has the proper permissions to write into it.
Therefore, OpenSIPS would have started, even if it is not able to set a proper database
connection. As a fix, if the directory does not exist, OpenSIPS will not start.

*Risks*  : Essential data, such as accounting information, is lost until the administrator
detects the problem and fixes it.

*Update*  :
- if you have an SVN checkout, 1.8 and trunk were fixed; so update to a revision later
than 9234 (trunk) or 9235 (1.8 branch)
- if you have OpenSIPS from sources, download and apply the patch from
  <http://opensips.svn.sourceforge.net/viewvc/opensips/branches/1.8/modules/db_flatstore/flatstore.c?r1=9235&r2=9234&pathrev=9235>http://opensips.svn.sourceforge.net/viewvc/opensips/branches/1.8/modules/db_flatstore/flatstore.c?view=patch&r1=9235&r2=9234&pathrev=9235
or see the attached patch;
- if using tarballs, they were already regenerated (and include the fix)
- If using the official Debian package (apt.opensips.org), they are also re-generated
including the fix.

-- 
Razvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120914/e503cbf8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: db_flatstore_dir_check.patch
Type: text/x-diff
Size: 896 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20120914/e503cbf8/attachment.patch>
-------------- next part --------------
_______________________________________________
Alerts mailing list
Alerts at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/alerts


More information about the Users mailing list