[asterisk-bugs] [JIRA] (ASTERISK-30346) Fix possible use-after-free in Geolocation
Alexandre Fournier (JIRA)
noreply at issues.asterisk.org
Fri Dec 9 13:32:51 CST 2022
Alexandre Fournier created ASTERISK-30346:
---------------------------------------------
Summary: Fix possible use-after-free in Geolocation
Key: ASTERISK-30346
URL: https://issues.asterisk.org/jira/browse/ASTERISK-30346
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_geolocation
Affects Versions: 20.0.1
Reporter: Alexandre Fournier
We tested the possibility of using geolocation during a hackathon we had in October with my team and we found some issues that caused core dumps.
The problem lies with the usage of the `ast_geoloc_datastore_add_eprofile` function. In two places, the code tests that the return code of this function is not equal to zero. If it is not equal to zero, it frees the datastore and sets the pointer to NULL.
However, this function does not return 0 when there is no error. It returns the size of the datastore.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list