[Asterisk-code-review] chan_sip: Fix crash when accessing RURI before initiating outgoing call (asterisk[master])
N A
asteriskteam at digium.com
Tue Nov 23 20:25:16 CST 2021
N A has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/17583 )
Change subject: chan_sip: Fix crash when accessing RURI before initiating outgoing call
......................................................................
chan_sip: Fix crash when accessing RURI before initiating outgoing call
Attempting to access ${CHANNEL(ruri)} in a pre-dial handler before initiating
an outgoing call will cause Asterisk to crash. This is because a null field
is used, resulting in an offset from null and subsequent memory access
violation.
Since RURI is not guaranteed to exist, we now check if the base pointer is
non-null before calculating an offset.
ASTERISK-29772
Change-Id: Icd3b02f07256bbe6615854af5717074087b95a83
---
M channels/sip/dialplan_functions.c
1 file changed, 6 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/83/17583/1
diff --git a/channels/sip/dialplan_functions.c b/channels/sip/dialplan_functions.c
index 7c34fc9..e9d0c8d 100644
--- a/channels/sip/dialplan_functions.c
+++ b/channels/sip/dialplan_functions.c
@@ -166,8 +166,12 @@
} else if (!strcasecmp(args.param, "uri")) {
ast_copy_string(buf, p->uri, buflen);
} else if (!strcasecmp(args.param, "ruri")) {
- char *tmpruri = REQ_OFFSET_TO_STR(&p->initreq, rlpart2);
- ast_copy_string(buf, tmpruri, buflen);
+ if ((&p->initreq)->data) {
+ char *tmpruri = REQ_OFFSET_TO_STR(&p->initreq, rlpart2);
+ ast_copy_string(buf, tmpruri, buflen);
+ } else {
+ return -1;
+ }
} else if (!strcasecmp(args.param, "useragent")) {
ast_copy_string(buf, p->useragent, buflen);
} else if (!strcasecmp(args.param, "peername")) {
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17583
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Icd3b02f07256bbe6615854af5717074087b95a83
Gerrit-Change-Number: 17583
Gerrit-PatchSet: 1
Gerrit-Owner: N A <mail at interlinked.x10host.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20211123/e77b8d1a/attachment.html>
More information about the asterisk-code-review
mailing list