[Asterisk-code-review] res_pjsip: Prevent segfault in UDP registration with flow transports (asterisk[master])

Sat Dec 19 12:10:57 CST 2020

Attention is currently required from: Nick French.
Hello Nick French,

I'd like you to do a code review. Please visit

    https://gerrit.asterisk.org/c/asterisk/+/15257

to review the following change.


Change subject: res_pjsip: Prevent segfault in UDP registration with flow transports
......................................................................

res_pjsip: Prevent segfault in UDP registration with flow transports

Segfault occurs during outbound UDP registration when all
transport states are being iterated over. The transport object
in the transport is accessed, but flow transports have a NULL
transport object.

Modify to not iterate over any flow transport

ASTERISK-29218 #close

Change-Id: If28dc3a18bdcbd0a49598b09b7fe4404d45c996a
---
M res/res_pjsip/pjsip_message_filter.c
1 file changed, 2 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/57/15257/1

diff --git a/res/res_pjsip/pjsip_message_filter.c b/res/res_pjsip/pjsip_message_filter.c
index 1826ee2..7c91ba8 100644
--- a/res/res_pjsip/pjsip_message_filter.c
+++ b/res/res_pjsip/pjsip_message_filter.c
@@ -111,7 +111,8 @@
 	}
 
 	for (iter = ao2_iterator_init(transport_states, 0); (transport_state = ao2_iterator_next(&iter)); ao2_ref(transport_state, -1)) {
-		if (transport_state->type == AST_TRANSPORT_UDP &&
+		if (!transport_state->flow &&
+			transport_state->type == AST_TRANSPORT_UDP &&
 			!pj_strcmp(&transport_state->transport->local_name.host, address) &&
 			transport_state->transport->local_name.port == port) {
 			sip_transport = transport_state->transport;

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15257
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: If28dc3a18bdcbd0a49598b09b7fe4404d45c996a
Gerrit-Change-Number: 15257
Gerrit-PatchSet: 1
Gerrit-Owner: Nick French <naf at ou.edu>
Gerrit-Reviewer: Nick French <nickfrench at gmail.com>
Gerrit-Attention: Nick French <nickfrench at gmail.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20201219/37e33d6c/attachment.html>
