[Asterisk-code-review] Resolve 2 discrete memory leaks in DTLS/SRTP code path (asterisk[11])
Steve Davies
asteriskteam at digium.com
Tue Apr 28 06:03:36 CDT 2015
Steve Davies has uploaded a new change for review.
https://gerrit.asterisk.org/268
Change subject: Resolve 2 discrete memory leaks in DTLS/SRTP code path
......................................................................
Resolve 2 discrete memory leaks in DTLS/SRTP code path
1) ao2 ref leak in res_rtp_asterisk.c when a DTLS policy is created.
The resources are linked into a table, but the original alloc refs
are never released.
2) ast_strdup leak in rtp_engine.c. If ast_rtp_dtls_cfg_copy() is
called twice on the same destination struct, a pointer to an alloc'd
string is overwritten before the string is free'd.
Change-Id: I62a8ceb8679709f6c3769136dc6aa9a68202ff9b
---
M main/rtp_engine.c
M res/res_rtp_asterisk.c
2 files changed, 4 insertions(+), 0 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/68/268/2
diff --git a/main/rtp_engine.c b/main/rtp_engine.c
index 70292ce..870ccc4 100644
--- a/main/rtp_engine.c
+++ b/main/rtp_engine.c
@@ -2162,6 +2162,8 @@
void ast_rtp_dtls_cfg_copy(const struct ast_rtp_dtls_cfg *src_cfg, struct ast_rtp_dtls_cfg *dst_cfg)
{
+ ast_rtp_dtls_cfg_free(dst_cfg); /* Prevent a double-call leaking memory via ast_strdup */
+
dst_cfg->enabled = src_cfg->enabled;
dst_cfg->verify = src_cfg->verify;
dst_cfg->rekey = src_cfg->rekey;
diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index 80bc756..18d7a59 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -1957,6 +1957,8 @@
ast_log(LOG_WARNING, "Could not set policies when setting up DTLS-SRTP on '%p'\n", rtp);
goto error;
}
+ ao2_t_ref(local_policy, -1, "Drop local_policy alloc ref, now has table ref");
+ ao2_t_ref(remote_policy, -1, "Drop remote_policy alloc ref, now has table ref");
if (rtp->rekey) {
ao2_ref(instance, +1);
--
To view, visit https://gerrit.asterisk.org/268
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I62a8ceb8679709f6c3769136dc6aa9a68202ff9b
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Steve Davies <steve at one47.co.uk>
More information about the asterisk-code-review
mailing list