[Asterisk-code-review] res pjsip: Prevent access of NULL channels. (asterisk[certified/13.1])

Joshua Colp asteriskteam at digium.com
Thu Jun 4 05:41:30 CDT 2015


Joshua Colp has submitted this change and it was merged.

Change subject: res_pjsip: Prevent access of NULL channels.
......................................................................


res_pjsip: Prevent access of NULL channels.

It is possible to receive incoming requests or responses after the channel
on an ast_sip_session has been destroyed and NULLed out. Handlers of these
sorts of requests or responses need to be prepared for the possibility
that the channel is NULL or else they could cause a crash.

While several places have been amended to deal with NULL channels, there
were still a couple of places that needed updating.

res_pjsip_dtmf_info.c: When handling incoming INFO requests, we need to
return early if there is no channel on the session.

res_pjsip_session.c: When handling a 302 response, we need to stop the
redirecting attempt if there is no channel on the session.

ASTERISK-25148 #close
reported by Mark Michelson

Change-Id: Id1a75ffc3d0eaa168b0b28188fb54d6cf9fc47a9
---
M res/res_pjsip_dtmf_info.c
M res/res_pjsip_session.c
2 files changed, 11 insertions(+), 1 deletion(-)

Approvals:
  Matt Jordan: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, approved; Verified



diff --git a/res/res_pjsip_dtmf_info.c b/res/res_pjsip_dtmf_info.c
index b0a6649..7b52250 100644
--- a/res/res_pjsip_dtmf_info.c
+++ b/res/res_pjsip_dtmf_info.c
@@ -89,7 +89,13 @@
 	char event = '\0';
 	unsigned int duration = 100;
 
-	char is_dtmf = is_media_type(rdata, "dtmf");
+	char is_dtmf;
+
+	if (!session->channel) {
+		return 0;
+	}
+
+	is_dtmf = is_media_type(rdata, "dtmf");
 
 	if (!is_dtmf && !is_media_type(rdata, "dtmf-relay")) {
 		return 0;
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 3f1add9..75cd7de 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -2376,6 +2376,10 @@
 	struct ast_sip_session *session = inv->mod_data[session_module.id];
 	const pjsip_sip_uri *uri;
 
+	if (!session->channel) {
+		return PJSIP_REDIRECT_STOP;
+	}
+
 	if (session->endpoint->redirect_method == AST_SIP_REDIRECT_URI_PJSIP) {
 		return PJSIP_REDIRECT_ACCEPT;
 	}

-- 
To view, visit https://gerrit.asterisk.org/583
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id1a75ffc3d0eaa168b0b28188fb54d6cf9fc47a9
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.1
Gerrit-Owner: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Matt Jordan <mjordan at digium.com>



More information about the asterisk-code-review mailing list