[asterisk-bugs] [JIRA] (ASTERISK-28572) Memory leaks in res_calendar_exchange and res_calendar_icalendar

Friendly Automation (JIRA) noreply at issues.asterisk.org
Tue Oct 29 09:41:40 CDT 2019


    [ https://issues.asterisk.org/jira/browse/ASTERISK-28572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=248576#comment-248576 ] 

Friendly Automation commented on ASTERISK-28572:
------------------------------------------------

Change 13107 merged by Friendly Automation:
res_calendar: Resolve memory leak on calendar destruction

[https://gerrit.asterisk.org/c/asterisk/+/13107|https://gerrit.asterisk.org/c/asterisk/+/13107]

> Memory leaks in res_calendar_exchange and res_calendar_icalendar
> ----------------------------------------------------------------
>
>                 Key: ASTERISK-28572
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28572
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_calendar_exchange, Resources/res_calendar_icalendar
>    Affects Versions: 16.6.0
>         Environment: No
>            Reporter: Yoooooo Ha
>            Assignee: Sean Bright
>
> Edit:
> exchangecal_destructor in res/res_calendar_exchange.c
> icalendar_destructor in res/res_calendar_icalendar.c
> {code}
> struct exchangecal_pvt {
>          AST_DECLARE_STRING_FIELDS(
>                  AST_STRING_FIELD(url);
>                  AST_STRING_FIELD(user);
>                  AST_STRING_FIELD(secret);
>          );
>          struct ast_calendar *owner;
>          ne_uri uri;
>          ne_session *session;
>          struct ao2_container *events;
> };
> static void exchangecal_destructor(void *obj)
> {
>          struct exchangecal_pvt *pvt = obj;
>          ast_debug(1, "Destroying pvt for Exchange calendar %s\n", 
> pvt->owner->name);
>          if (pvt->session) {
>                  ne_session_destroy(pvt->session);
>          }
>          ast_string_field_free_memory(pvt);
>          ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA | 
> OBJ_MULTIPLE, NULL, NULL);
>          ao2_ref(pvt->events, -1);
> }
> {code}
> {code}
> struct icalendar_pvt {
>          AST_DECLARE_STRING_FIELDS(
>                  AST_STRING_FIELD(url);
>                  AST_STRING_FIELD(user);
>                  AST_STRING_FIELD(secret);
>          );
>          struct ast_calendar *owner;
>          ne_uri uri;
>          ne_session *session;
>          icalcomponent *data;
>          struct ao2_container *events;
> };
> static void icalendar_destructor(void *obj)
> {
>          struct icalendar_pvt *pvt = obj;
>          ast_debug(1, "Destroying pvt for iCalendar %s\n", 
> pvt->owner->name);
>          if (pvt->session) {
>                  ne_session_destroy(pvt->session);
>          }
>          if (pvt->data) {
>                  icalcomponent_free(pvt->data);
>          }
>          ast_string_field_free_memory(pvt);
>          ao2_callback(pvt->events, OBJ_UNLINK | OBJ_NODATA | 
> OBJ_MULTIPLE, NULL, NULL);
>          ao2_ref(pvt->events, -1);
> }
> {code}
> As we can see, the object uri is not freed in these two functions.
> The vulnerability is same as the one fixed in 
> https://gerrit.asterisk.org/c/asterisk/+/6509 
> (ASTERISK-25524)



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list