[asterisk-bugs] [JIRA] (ASTERISK-25037) res_pjsip_outbound_registration: Potential crash in off-nominal failure case when sending message
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Thu Apr 30 06:12:33 CDT 2015
Joshua Colp created ASTERISK-25037:
--------------------------------------
Summary: res_pjsip_outbound_registration: Potential crash in off-nominal failure case when sending message
Key: ASTERISK-25037
URL: https://issues.asterisk.org/jira/browse/ASTERISK-25037
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_pjsip_outbound_registration
Affects Versions: 13.3.2
Reporter: Joshua Colp
The res_pjsip_outbound_registration module currently assumes that a failure return from the pjsip_regc_send function means that the attempt to send the message has failed. While this is true in some cases the registration callback may still be invoked. This is a probably because both the caller of pjsip_regc_send and the registration callback will decrement the reference count of the client state. This is incorrect. If the callback has been invoked the caller of pjsip_regc_send MUST NOT decrement the reference count. If this happens a few times to the same client state it will eventually be destroyed prematurely causing a subsequent registration to potentially crash Asterisk.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list