[Asterisk-code-review] ast framehook attach() must be called with the channel locked. (asterisk[13])

Richard Mudgett asteriskteam at digium.com
Thu Aug 25 18:25:08 CDT 2016


Richard Mudgett has uploaded a new change for review.

  https://gerrit.asterisk.org/3706

Change subject: ast_framehook_attach() must be called with the channel locked.
......................................................................

ast_framehook_attach() must be called with the channel locked.

The framehook container could become corrupted if the channel lock is not
held before calling.

Change-Id: I1a6b957a1f7b899eb29a186915f8cccab886a438
---
M main/bridge_basic.c
M res/res_pjsip_refer.c
M res/res_pjsip_t38.c
3 files changed, 14 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/06/3706/1

diff --git a/main/bridge_basic.c b/main/bridge_basic.c
index c4cf2a0..b24df05 100644
--- a/main/bridge_basic.c
+++ b/main/bridge_basic.c
@@ -3090,7 +3090,9 @@
 	ao2_ref(props, +1);
 	target_interface.data = props;
 
+	ast_channel_lock(channel);
 	props->target_framehook_id = ast_framehook_attach(channel, &target_interface);
+	ast_channel_unlock(channel);
 	if (props->target_framehook_id == -1) {
 		ao2_ref(props, -1);
 		return -1;
diff --git a/res/res_pjsip_refer.c b/res/res_pjsip_refer.c
index e5bb90e..23c377d 100644
--- a/res/res_pjsip_refer.c
+++ b/res/res_pjsip_refer.c
@@ -607,7 +607,10 @@
 		ao2_ref(refer->progress, +1);
 
 		/* If we can't attach a frame hook for whatever reason send a notification of success immediately */
-		if ((refer->progress->framehook = ast_framehook_attach(chan, &hook)) < 0) {
+		ast_channel_lock(chan);
+		refer->progress->framehook = ast_framehook_attach(chan, &hook);
+		ast_channel_unlock(chan);
+		if (refer->progress->framehook < 0) {
 			struct refer_progress_notification *notification = refer_progress_notification_alloc(refer->progress, 200,
 				PJSIP_EVSUB_STATE_TERMINATED);
 
diff --git a/res/res_pjsip_t38.c b/res/res_pjsip_t38.c
index 992902a..01bfefd 100644
--- a/res/res_pjsip_t38.c
+++ b/res/res_pjsip_t38.c
@@ -501,25 +501,27 @@
 		return;
 	}
 
-	/* Skip attaching the framehook if the T.38 datastore already exists for the channel */
 	ast_channel_lock(session->channel);
-	if ((datastore = ast_channel_datastore_find(session->channel, &t38_framehook_datastore, NULL))) {
+
+	/* Skip attaching the framehook if the T.38 datastore already exists for the channel */
+	datastore = ast_channel_datastore_find(session->channel, &t38_framehook_datastore,
+		NULL);
+	if (datastore) {
 		ast_channel_unlock(session->channel);
 		return;
 	}
-	ast_channel_unlock(session->channel);
 
 	framehook_id = ast_framehook_attach(session->channel, &hook);
 	if (framehook_id < 0) {
-		ast_log(LOG_WARNING, "Could not attach T.38 Frame hook to channel, T.38 will be unavailable on '%s'\n",
+		ast_log(LOG_WARNING, "Could not attach T.38 Frame hook, T.38 will be unavailable on '%s'\n",
 			ast_channel_name(session->channel));
+		ast_channel_unlock(session->channel);
 		return;
 	}
 
-	ast_channel_lock(session->channel);
 	datastore = ast_datastore_alloc(&t38_framehook_datastore, NULL);
 	if (!datastore) {
-		ast_log(LOG_ERROR, "Could not attach T.38 Frame hook to channel, T.38 will be unavailable on '%s'\n",
+		ast_log(LOG_ERROR, "Could not alloc T.38 Frame hook datastore, T.38 will be unavailable on '%s'\n",
 			ast_channel_name(session->channel));
 		ast_framehook_detach(session->channel, framehook_id);
 		ast_channel_unlock(session->channel);

-- 
To view, visit https://gerrit.asterisk.org/3706
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1a6b957a1f7b899eb29a186915f8cccab886a438
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>



More information about the asterisk-code-review mailing list