Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,24 @@ All notable changes to this project will be documented in this file. Dates are d

Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).

#### [1.9.2](https://github.com/rdkcentral/telemetry/compare/1.9.1...1.9.2)

> 4 May 2026

- RDKB-64644: Potential Fix for SE051 ENGINE memory leak in telemetry HTTP pool [`#360`](https://github.com/rdkcentral/telemetry/pull/360)
- RDKEMW-15199:[SECVULN] Command injection via /opt/.telemetry/dca_temp… [`#355`](https://github.com/rdkcentral/telemetry/pull/355)

#### [1.9.1](https://github.com/rdkcentral/telemetry/compare/1.9.0...1.9.1)

> 29 April 2026
> 28 April 2026

- RDKB-64487: TSAN fixes for various issues [`#350`](https://github.com/rdkcentral/telemetry/pull/350)
- RDKB-64487: Code changes for thread hardening and safety under concurrent load [`#345`](https://github.com/rdkcentral/telemetry/pull/345)
- RDKB-64487: Code changes for Mutex locking and deadlock prevention [`#338`](https://github.com/rdkcentral/telemetry/pull/338)
- RDKEMW-16851: Fix for top log markers and the polling frequency [`#341`](https://github.com/rdkcentral/telemetry/pull/341)
- Adding agentic skills for code reviews [`#323`](https://github.com/rdkcentral/telemetry/pull/323)
- Changelog updates for 1.9.1 release [`1861d67`](https://github.com/rdkcentral/telemetry/commit/1861d67be43018e5dcc10f61bebd3d31d08244ec)
- Changelog updates for 1.9.1 release [`4675135`](https://github.com/rdkcentral/telemetry/commit/467513553c6fac2d63cf730ca4980c595ff355db)

#### [1.9.0](https://github.com/rdkcentral/telemetry/compare/1.8.8...1.9.0)

Expand Down
17 changes: 13 additions & 4 deletions source/protocol/http/multicurlinterface.c
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,11 @@ T2ERROR init_connection_pool()
#endif

// Connection reuse settings
CURL_SETOPT_CHECK(pool_entries[i].easy_handle, CURLOPT_FORBID_REUSE, 0L);
//Disable connection reuse (FORBID_REUSE=1) so that
// curl tears down the TLS session after each request. This causes
// OpenSSL to call SSL_CTX_free → EC_KEY_free → ENGINE_finish through
// its own reference counting, releasing the SE051 hardware session state.
CURL_SETOPT_CHECK(pool_entries[i].easy_handle, CURLOPT_FORBID_REUSE, 1L);
CURL_SETOPT_CHECK(pool_entries[i].easy_handle, CURLOPT_FRESH_CONNECT, 0L);

// Socket options
Expand Down Expand Up @@ -620,6 +624,9 @@ T2ERROR http_pool_get(const char *url, char **response_data, bool enable_file_ou
if(curl_code != CURLE_OK || http_code != 200)
{
T2Error("%s: Failed to establish connection using xPKI certificate: %s, Curl failed : %d\n", __func__, pCertFile, curl_code);
// Drain OpenSSL error queue between retries to prevent
// ENGINE-internal error state accumulation (HROT/SE051).
ERR_clear_error();
}
else
{
Expand Down Expand Up @@ -815,16 +822,15 @@ T2ERROR http_pool_get(const char *url, char **response_data, bool enable_file_ou
}
#endif

// Important Note: When using LIBRDKCERTSEL_BUILD, pCertURI and pCertPC are owned by the
// cert selector object and are freed when rdkcertselector_free() is called

// Clear OpenSSL per-thread error queue.
// Every curl_easy_perform() may push records onto the per-thread ERR_STATE
// list on any TLS error (cert verify failure, connection reset, timeout).
// Without this call the list grows unboundedly over the daemon lifetime.
// ERR_clear_error() is thread-safe since OpenSSL 1.1.0.
ERR_clear_error();

// Important Note: When using LIBRDKCERTSEL_BUILD, pCertURI and pCertPC are owned by the
// cert selector object and are freed when rdkcertselector_free() is called
release_pool_handle(idx);

T2Debug("%s ++out\n", __FUNCTION__);
Expand Down Expand Up @@ -1013,6 +1019,9 @@ T2ERROR http_pool_post(const char *url, const char *payload)
if(curl_code != CURLE_OK || http_code != 200)
{
T2Error("%s: Failed to establish connection using xPKI certificate: %s, curl failed: %d (entry %d)\n", __func__, pCertFile, curl_code, idx);
// Drain OpenSSL error queue between retries to prevent
// ENGINE-internal error state accumulation (HROT/SE051).
ERR_clear_error();
}
else
{
Expand Down
11 changes: 10 additions & 1 deletion source/t2parser/t2parser.c
Original file line number Diff line number Diff line change
Expand Up @@ -311,9 +311,18 @@ static T2ERROR addParameter(Profile *profile, const char* name, const char* ref,
{

// T2Debug("Adding Grep Marker :: Param/Marker Name : %s ref/pattern/Comp : %s fileName : %s skipFreq : %d\n", name, ref, fileName, skipFreq);

if(fileName != NULL && strncmp("top_log.txt", fileName, sizeof("top_log.txt")) == 0)
{
if(ref == NULL)
{
T2Error("Search string can't be null for top markers\n");
return T2ERROR_FAILURE;
}
if(sanitize_string(ref) != 0)
{
T2Error("Parameter %s can't be added as invalid search string encountered\n", ref);
return T2ERROR_FAILURE;
}
T2Debug("This is a TopMarker name :%s and value: %s add it to topmarker list \n", name, ref);
TopMarker *tMarker = (TopMarker *) malloc(sizeof(TopMarker));
if(tMarker == NULL)
Expand Down
11 changes: 11 additions & 0 deletions source/t2parser/t2parserxconf.c
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>

#include "t2parserxconf.h"
#include "xconfclient.h"
Expand Down Expand Up @@ -129,6 +130,16 @@ static T2ERROR addParameter(ProfileXConf *profile, const char* name, const char*
char *splitSuffix = NULL;
char *accumulateSuffix = NULL;
// T2Debug("Adding Grep Marker :: Param/Marker Name : %s ref/pattern/Comp : %s fileName : %s skipFreq : %d\n", name, ref, fileName, skipFreq);
if(ref == NULL)
{
T2Error("Search string can't be null for top markers\n");
return T2ERROR_FAILURE;
}
if(sanitize_string(ref) != 0)
{
T2Error("Parameter %s can't be added as invalid search string encountered\n", ref);
return T2ERROR_FAILURE;
}
TopMarker *tMarker = (TopMarker *)malloc(sizeof(TopMarker));
memset(tMarker, 0, sizeof(TopMarker));
tMarker->markerName = strdup(name);
Expand Down
16 changes: 16 additions & 0 deletions source/utils/t2common.c
Original file line number Diff line number Diff line change
Expand Up @@ -301,3 +301,19 @@ bool isWhoAmiEnabled(void)
{
return whoami_support;
}

int sanitize_string(const char *str)
{
const char *src = str;

while (*src)
{
if (!(isalnum((unsigned char)*src) || *src == '.' || *src == '-' || *src == '_'))
{
T2Error("Invalid search string configuration. Rejecting parameter due to invalid characters\n");
return -1;
}
src++;
}
return 0;
}
2 changes: 2 additions & 0 deletions source/utils/t2common.h
Original file line number Diff line number Diff line change
Expand Up @@ -167,4 +167,6 @@ void initWhoamiSupport(void);

bool isWhoAmiEnabled(void);

int sanitize_string(const char *str);

#endif /* _T2COMMON_H_ */
Loading