[Asterisk-code-review] res pjsip t38.c: Fix crash if already saw a final T.38 reINV... (asterisk[15])

[Richard Mudgett]

Richard Mudgett has uploaded this change for review. ( https://gerrit.asterisk.org/9959


Change subject: res_pjsip_t38.c: Fix crash if already saw a final T.38 reINVITE response.
......................................................................

res_pjsip_t38.c: Fix crash if already saw a final T.38 reINVITE response.

We were still getting crashes after the first fix.  Somehow we receive a
non-2xx final response before we get a 200 final response.  With the
failure response we had already cleaned up and destroyed some data
structures.  When the unexpected 200 response comes in we crash.

* Add protection code to prevent processing another final T.38 reINVITE
response.

ASTERISK-27944

Change-Id: I8b5baba8d07fe4d63f0d7d05d3eb9a3d27d40a74
---
M res/res_pjsip_t38.c
1 file changed, 9 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/59/9959/1

diff --git a/res/res_pjsip_t38.c b/res/res_pjsip_t38.c
index 72f7b86..fae6fbb 100644
--- a/res/res_pjsip_t38.c
+++ b/res/res_pjsip_t38.c
@@ -300,6 +300,15 @@
 		return 0;
 	}
 
+	if (session->t38state != T38_LOCAL_REINVITE) {
+		/* Do nothing.  We have already processed a final response. */
+		ast_debug(3, "Received %d response to T.38 re-invite on '%s' but already had a final response (T.38 state:%d)\n",
+			status.code,
+			session->channel ? ast_channel_name(session->channel) : "unknown channel",
+			session->t38state);
+		return 0;
+	}
+
 	state = t38_state_get_or_alloc(session);
 	if (!session->channel || !state) {
 		ast_log(LOG_WARNING, "Received %d response to T.38 re-invite on '%s' but state unavailable\n",

-- 
To view, visit https://gerrit.asterisk.org/9959
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8b5baba8d07fe4d63f0d7d05d3eb9a3d27d40a74
Gerrit-Change-Number: 9959
Gerrit-PatchSet: 1
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180817/271bd5da/attachment.html>