[asterisk-bugs] [JIRA] (ASTERISK-28572) Memory leaks in res_calendar_exchange and res_calendar_icalendar
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Thu Dec 12 05:54:35 CST 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-28572:
-------------------------------------
Target Release Version/s: 17.1.0
> Memory leaks in res_calendar_exchange and res_calendar_icalendar
> ----------------------------------------------------------------
>
> Key: ASTERISK-28572
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28572
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_calendar_exchange, Resources/res_calendar_icalendar
> Affects Versions: 16.6.0
> Environment: No
> Reporter: Yoooooo Ha
> Assignee: Sean Bright
> Target Release: 13.30.0, 16.7.0, 17.1.0
>
>
> Edit:
> exchangecal_destructor in res/res_calendar_exchange.c
> icalendar_destructor in res/res_calendar_icalendar.c
> {code}
> struct exchangecal_pvt {
> AST_DECLARE_STRING_FIELDS(
> AST_STRING_FIELD(url);
> AST_STRING_FIELD(user);
> AST_STRING_FIELD(secret);
> );
> struct ast_calendar *owner;
> ne_uri uri;
> ne_session *session;
> struct ao2_container *events;
> };
> static void exchangecal_destructor(void *obj)
> {
> struct exchangecal_pvt *pvt = obj;
> ast_debug(1, "Destroying pvt for Exchange calendar %s\n",
> pvt->owner->name);
> if (pvt->session) {
> ne_session_destroy(pvt->session);
> }
> ast_string_field_free_memory(pvt);
> ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA |
> OBJ_MULTIPLE, NULL, NULL);
> ao2_ref(pvt->events, -1);
> }
> {code}
> {code}
> struct icalendar_pvt {
> AST_DECLARE_STRING_FIELDS(
> AST_STRING_FIELD(url);
> AST_STRING_FIELD(user);
> AST_STRING_FIELD(secret);
> );
> struct ast_calendar *owner;
> ne_uri uri;
> ne_session *session;
> icalcomponent *data;
> struct ao2_container *events;
> };
> static void icalendar_destructor(void *obj)
> {
> struct icalendar_pvt *pvt = obj;
> ast_debug(1, "Destroying pvt for iCalendar %s\n",
> pvt->owner->name);
> if (pvt->session) {
> ne_session_destroy(pvt->session);
> }
> if (pvt->data) {
> icalcomponent_free(pvt->data);
> }
> ast_string_field_free_memory(pvt);
> ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA |
> OBJ_MULTIPLE, NULL, NULL);
> ao2_ref(pvt->events, -1);
> }
> {code}
> As we can see, the object uri is not freed in these two functions.
> The vulnerability is same as the one fixed in
> https://gerrit.asterisk.org/c/asterisk/+/6509
> (ASTERISK-25524)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list