[asterisk-bugs] [JIRA] (ASTERISK-27225) Crash when freeing dtls_cfg->cafile
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Tue Sep 5 06:40:07 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-27225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238459#comment-238459 ]
Friendly Automation commented on ASTERISK-27225:
------------------------------------------------
Change 6381 merged by Jenkins2:
rtp_engine: Prevent possible double free with DTLS config
[https://gerrit.asterisk.org/6381|https://gerrit.asterisk.org/6381]
> Crash when freeing dtls_cfg->cafile
> -----------------------------------
>
> Key: ASTERISK-27225
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27225
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/RTP
> Affects Versions: 14.6.0
> Environment: CentOS 7
> Reporter: Richard Kenner
> Assignee: Unassigned
>
> I got a crash in free() from:
> {noformat}
> #4 0x000000000059f1b0 in ast_rtp_dtls_cfg_free (
> dtls_cfg=dtls_cfg at entry=0x1cbd6b8) at rtp_engine.c:2781
> 2781 ast_free(dtls_cfg->cafile);
> (gdb) print dtls_cfg->cafile
> $1 = 0x1cbe880 ""
> {noformat}
> This looks like it's trying to free something that wasn't malloc'ed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list