[Asterisk-code-review] res pjsip session: segfault on already disconnected session (asterisk[13])

Thu Aug 11 17:01:01 CDT 2016

Alexei Gradinari has uploaded a new change for review.

  https://gerrit.asterisk.org/3514

Change subject: res_pjsip_session: segfault on already disconnected session
......................................................................

res_pjsip_session: segfault on already disconnected session

The function create_local_sdp tries to allocate a memory
on an already disconnected session.
If the session in the disconnected state then the session memory
pools were already freed, so we get segfault.

This was happened on TLS sessions.
Before segfault there were pjproject WARNING/ERROR about
Failed sending because of Broken pipe.

This patch adds check if the session state is not disconnected
and also checks if the memory pool is not NULL.

ASTERISK-26291 #close

Change-Id: I4d28b1fb3b91f0492a911d110049d670fdc3c8d7
---
M res/res_pjsip_session.c
1 file changed, 6 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/14/3514/1

diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index a41e0aa..71b9f3b 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -2877,7 +2877,12 @@
 	static const pj_str_t STR_IP6 = { "IP6", 3 };
 	pjmedia_sdp_session *local;
 
-	if (!(local = PJ_POOL_ZALLOC_T(inv->pool_prov, pjmedia_sdp_session))) {
+	if (inv->state == PJSIP_INV_STATE_DISCONNECTED) {
+		ast_log(LOG_ERROR, "Failed to create session SDP. Session has been aready disconnected\n");
+		return NULL;
+	}
+
+	if (!inv->pool_prov || !(local = PJ_POOL_ZALLOC_T(inv->pool_prov, pjmedia_sdp_session))) {
 		return NULL;
 	}
 

-- 
To view, visit https://gerrit.asterisk.org/3514
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4d28b1fb3b91f0492a911d110049d670fdc3c8d7
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>

