[Asterisk-code-review] chan sip: Don't crash in Dial on invalid destination (asterisk[15])

Joshua Colp asteriskteam at digium.com
Wed Dec 13 07:26:39 CST 2017


Joshua Colp has submitted this change and it was merged. ( https://gerrit.asterisk.org/7535 )

Change subject: chan_sip: Don't crash in Dial on invalid destination
......................................................................

chan_sip: Don't crash in Dial on invalid destination

Stripping the DNID in a SIP dial string can result in attempting to call
the argument parsing macros on an empty string, causing a crash.

ASTERISK-26131 #close
Reported by: Dwayne Hubbard
Patches:
	dw-asterisk-master-dnid-crash.patch (license #6257) patch
	uploaded by Dwayne Hubbard

Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
---
M channels/chan_sip.c
1 file changed, 8 insertions(+), 0 deletions(-)

Approvals:
  Corey Farrell: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, approved; Approved for Submit



diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index a6e5493..7b9cc60 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -30554,6 +30554,14 @@
 		}
 	}
 
+	/* If stripping the DNID left us with nothing, bail out */
+	if (ast_strlen_zero(tmp)) {
+		dialog_unlink_all(p);
+		dialog_unref(p, "unref dialog p from bad destination");
+		*cause = AST_CAUSE_DESTINATION_OUT_OF_ORDER;
+		return NULL;
+	}
+
 	/* Divvy up the items separated by slashes */
 	AST_NONSTANDARD_APP_ARGS(args, tmp, '/');
 

-- 
To view, visit https://gerrit.asterisk.org/7535
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
Gerrit-Change-Number: 7535
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171213/f314f120/attachment-0001.html>


More information about the asterisk-code-review mailing list