[asterisk-bugs] [JIRA] (ASTERISK-28572) Memory leaks in res_calendar_exchange and res_calendar_icalendar
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Tue Oct 29 09:41:40 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=248576#comment-248576 ]
Friendly Automation commented on ASTERISK-28572:
------------------------------------------------
Change 13107 merged by Friendly Automation:
res_calendar: Resolve memory leak on calendar destruction
[https://gerrit.asterisk.org/c/asterisk/+/13107|https://gerrit.asterisk.org/c/asterisk/+/13107]
> Memory leaks in res_calendar_exchange and res_calendar_icalendar
> ----------------------------------------------------------------
>
> Key: ASTERISK-28572
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28572
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_calendar_exchange, Resources/res_calendar_icalendar
> Affects Versions: 16.6.0
> Environment: No
> Reporter: Yoooooo Ha
> Assignee: Sean Bright
>
> Edit:
> exchangecal_destructor in res/res_calendar_exchange.c
> icalendar_destructor in res/res_calendar_icalendar.c
> {code}
> struct exchangecal_pvt {
> AST_DECLARE_STRING_FIELDS(
> AST_STRING_FIELD(url);
> AST_STRING_FIELD(user);
> AST_STRING_FIELD(secret);
> );
> struct ast_calendar *owner;
> ne_uri uri;
> ne_session *session;
> struct ao2_container *events;
> };
> static void exchangecal_destructor(void *obj)
> {
> struct exchangecal_pvt *pvt = obj;
> ast_debug(1, "Destroying pvt for Exchange calendar %s\n",
> pvt->owner->name);
> if (pvt->session) {
> ne_session_destroy(pvt->session);
> }
> ast_string_field_free_memory(pvt);
> ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA |
> OBJ_MULTIPLE, NULL, NULL);
> ao2_ref(pvt->events, -1);
> }
> {code}
> {code}
> struct icalendar_pvt {
> AST_DECLARE_STRING_FIELDS(
> AST_STRING_FIELD(url);
> AST_STRING_FIELD(user);
> AST_STRING_FIELD(secret);
> );
> struct ast_calendar *owner;
> ne_uri uri;
> ne_session *session;
> icalcomponent *data;
> struct ao2_container *events;
> };
> static void icalendar_destructor(void *obj)
> {
> struct icalendar_pvt *pvt = obj;
> ast_debug(1, "Destroying pvt for iCalendar %s\n",
> pvt->owner->name);
> if (pvt->session) {
> ne_session_destroy(pvt->session);
> }
> if (pvt->data) {
> icalcomponent_free(pvt->data);
> }
> ast_string_field_free_memory(pvt);
> ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA |
> OBJ_MULTIPLE, NULL, NULL);
> ao2_ref(pvt->events, -1);
> }
> {code}
> As we can see, the object uri is not freed in these two functions.
> The vulnerability is same as the one fixed in
> https://gerrit.asterisk.org/c/asterisk/+/6509
> (ASTERISK-25524)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list