[asterisk-bugs] [JIRA] (ASTERISK-28572) Memory leak in function exchangecal_destructor in res/res_calendar_exchange.c and icalendar_destructor in res/res_calendar_icalendar.c

Yoooooo Ha (JIRA) noreply at issues.asterisk.org
Mon Oct 7 08:55:48 CDT 2019 

Yoooooo Ha created ASTERISK-28572:
-------------------------------------

             Summary: Memory leak in function exchangecal_destructor in res/res_calendar_exchange.c and  icalendar_destructor in res/res_calendar_icalendar.c
                 Key: ASTERISK-28572
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28572
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_calendar_exchange, Resources/res_calendar_icalendar
    Affects Versions: 16.6.0
         Environment: No
            Reporter: Yoooooo Ha


####################################
struct exchangecal_pvt {
         AST_DECLARE_STRING_FIELDS(
                 AST_STRING_FIELD(url);
                 AST_STRING_FIELD(user);
                 AST_STRING_FIELD(secret);
         );
         struct ast_calendar *owner;
         ne_uri uri;
         ne_session *session;
         struct ao2_container *events;
};
static void exchangecal_destructor(void *obj)
{
         struct exchangecal_pvt *pvt = obj;

         ast_debug(1, "Destroying pvt for Exchange calendar %s\n", 
pvt->owner->name);
         if (pvt->session) {
                 ne_session_destroy(pvt->session);
         }
         ast_string_field_free_memory(pvt);

         ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA | 
OBJ_MULTIPLE, NULL, NULL);

         ao2_ref(pvt->events, -1);
}
####################################

####################################
struct icalendar_pvt {
         AST_DECLARE_STRING_FIELDS(
                 AST_STRING_FIELD(url);
                 AST_STRING_FIELD(user);
                 AST_STRING_FIELD(secret);
         );
         struct ast_calendar *owner;
         ne_uri uri;
         ne_session *session;
         icalcomponent *data;
         struct ao2_container *events;
};
static void icalendar_destructor(void *obj)
{
         struct icalendar_pvt *pvt = obj;

         ast_debug(1, "Destroying pvt for iCalendar %s\n", 
pvt->owner->name);
         if (pvt->session) {
                 ne_session_destroy(pvt->session);
         }
         if (pvt->data) {
                 icalcomponent_free(pvt->data);
         }
         ast_string_field_free_memory(pvt);

         ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA | 
OBJ_MULTIPLE, NULL, NULL);

         ao2_ref(pvt->events, -1);
}
####################################

As we can see, the object uri is not freed in these two functions.
The vulnerability is same as the one fixed in 
https://gerrit.asterisk.org/c/asterisk/+/6509 
(https://issues.asterisk.org/jira/browse/ASTERISK-25524)




--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list