[Asterisk-code-review] chan rtp.c: Fix uninitialized memory crash. (asterisk[14])

[Richard Mudgett]

Richard Mudgett has uploaded a new change for review. ( https://gerrit.asterisk.org/4661 )

Change subject: chan_rtp.c: Fix uninitialized memory crash.
......................................................................

chan_rtp.c: Fix uninitialized memory crash.

unicast_rtp_request() could pass an uninitialized 'us' parameter to
ast_ouraddrfor().  If ast_ouraddrfor() returns an error then the 'us'
parameter may not get initialized.  Thus when the code tries to save the
'us' parameter to the local address we could try to copy a ridiculous
sized memory buffer and segfault.

* Made pass an initialized 'us' parameter to ast_ouraddrfor() and abort
the UnicastRTP channel request if it fails.

ASTERISK-26672

Change-Id: I1ef7a7c09f4da4f15dcb6de660d2bcac5f2a95c0
---
M channels/chan_rtp.c
1 file changed, 6 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/61/4661/1

diff --git a/channels/chan_rtp.c b/channels/chan_rtp.c
index f1f4f05..d671706 100644
--- a/channels/chan_rtp.c
+++ b/channels/chan_rtp.c
@@ -316,7 +316,12 @@
 	engine_name = S_COR(ast_test_flag(&opts, OPT_RTP_ENGINE),
 		opt_args[OPT_ARG_RTP_ENGINE], "asterisk");
 
-	ast_ouraddrfor(&address, &local_address);
+	ast_sockaddr_copy(&local_address, &address);
+	if (ast_ouraddrfor(&address, &local_address)) {
+		ast_log(LOG_ERROR, "Could not get our address for sending media to '%s'\n",
+			args.destination);
+		goto failure;
+	}
 	instance = ast_rtp_instance_new(engine_name, NULL, &local_address, NULL);
 	if (!instance) {
 		ast_log(LOG_ERROR,

-- 
To view, visit https://gerrit.asterisk.org/4661
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1ef7a7c09f4da4f15dcb6de660d2bcac5f2a95c0
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 14
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>