[Asterisk-code-review] res_pjsip_session.c: Prevent use-after-free with TEST_FRAMEWORK enabled (asterisk[16])

[Sean Bright]

Sean Bright has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/13364 )


Change subject: res_pjsip_session.c: Prevent use-after-free with TEST_FRAMEWORK enabled
......................................................................

res_pjsip_session.c: Prevent use-after-free with TEST_FRAMEWORK enabled

We need to copy the endpoint name before we call ao2_cleanup() on it,
otherwise we might try to access memory that has been reclaimed.

ASTERISK-28445 #close
Reported by: Bernhard Schmidt

Change-Id: I404b952608aa606e0babd3c4108346721fb726b3
---
M res/res_pjsip_session.c
1 file changed, 3 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/64/13364/1

diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 44c2581..f6b9fa9 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -2150,8 +2150,10 @@
 {
 	struct ast_sip_session *session = obj;
 	struct ast_sip_session_delayed_request *delay;
+
+	/* We dup the endpoint ID in case the endpoint gets freed out from under us */
 	const char *endpoint_name = session->endpoint ?
-		ast_sorcery_object_get_id(session->endpoint) : "<none>";
+		ast_strdupa(ast_sorcery_object_get_id(session->endpoint)) : "<none>";
 
 	ast_debug(3, "Destroying SIP session with endpoint %s\n", endpoint_name);
 

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/13364
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-Change-Id: I404b952608aa606e0babd3c4108346721fb726b3
Gerrit-Change-Number: 13364
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20191203/546e1cc8/attachment.html>