[Asterisk-code-review] chan sip: Don't crash in Dial on invalid destination (asterisk[13])

Sean Bright asteriskteam at digium.com
Tue Dec 12 15:23:10 CST 2017


Sean Bright has uploaded this change for review. ( https://gerrit.asterisk.org/7534


Change subject: chan_sip: Don't crash in Dial on invalid destination
......................................................................

chan_sip: Don't crash in Dial on invalid destination

Stripping the DNID in a SIP dial string can result in attempting to call
the argument parsing macros on an empty string, causing a crash.

ASTERISK-26131 #close
Reported by: Dwayne Hubbard
Patches:
	dw-asterisk-master-dnid-crash.patch (license #6257) patch
	uploaded by Dwayne Hubbard

Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
---
M channels/chan_sip.c
1 file changed, 11 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/34/7534/1

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index b8cc7bf..b1a8de5 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -30465,6 +30465,17 @@
 		ast_string_field_set(p, todnid, dnid);
 	}
 
+	/* If stripping the DNID left us with nothing, bail out */
+	if (ast_strlen_zero(tmp)) {
+		dialog_unlink_all(p);
+		dialog_unref(p, "unref dialog p from bad destination");
+		*cause = AST_CAUSE_DESTINATION_OUT_OF_ORDER;
+		if (callid) {
+			ast_callid_unref(callid);
+		}
+		return NULL;
+	}
+
 	/* Divvy up the items separated by slashes */
 	AST_NONSTANDARD_APP_ARGS(args, tmp, '/');
 

-- 
To view, visit https://gerrit.asterisk.org/7534
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
Gerrit-Change-Number: 7534
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171212/20a73322/attachment-0001.html>


More information about the asterisk-code-review mailing list