[Asterisk-code-review] res_pjsip_header_funcs: wrong pool used tdata headers (asterisk[19])

Friendly Automation asteriskteam at digium.com
Wed Mar 30 15:13:54 CDT 2022 

Friendly Automation has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/18273 )

Change subject: res_pjsip_header_funcs: wrong pool used tdata headers
......................................................................

res_pjsip_header_funcs: wrong pool used tdata headers

When adding headers to an outgoing request the headers were cloned using
the dialog's pool when they should have been cloned using tdata's pool.
Under certain circumstances it was possible for the dialog object, and
its pool to be freed while tdata is still active and available. Thus the
cloned header "disappeared", and when tdata tried to later access it a
crash would occur.

This patch makes it so all added headers are cloned appropriately using
tdata's pool.

ASTERISK-29411 #close
ASTERISK-29535 #close

Change-Id: I9852025b5ee93ce1c038209150ee9dba1e0767c5
---
M res/res_pjsip_header_funcs.c
1 file changed, 1 insertion(+), 2 deletions(-)

Approvals:
  George Joseph: Looks good to me, approved; Verified
  Michael Bradeen: Looks good to me, approved
  Friendly Automation: Approved for Submit



diff --git a/res/res_pjsip_header_funcs.c b/res/res_pjsip_header_funcs.c
index ac3bea4..794b5e8 100644
--- a/res/res_pjsip_header_funcs.c
+++ b/res/res_pjsip_header_funcs.c
@@ -747,7 +747,6 @@
  */
 static void outgoing_request(struct ast_sip_session *session, pjsip_tx_data * tdata)
 {
-	pj_pool_t *pool = session->inv_session->dlg->pool;
 	struct hdr_list *list;
 	struct hdr_list_entry *le;
 	RAII_VAR(struct ast_datastore *, datastore,
@@ -760,7 +759,7 @@
 
 	list = datastore->data;
 	AST_LIST_TRAVERSE(list, le, nextptr) {
-		pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *) pjsip_hdr_clone(pool, le->hdr));
+		pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *) pjsip_hdr_clone(tdata->pool, le->hdr));
 	}
 	ast_sip_session_remove_datastore(session, datastore->uid);
 }

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18273
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 19
Gerrit-Change-Id: I9852025b5ee93ce1c038209150ee9dba1e0767c5
Gerrit-Change-Number: 18273
Gerrit-PatchSet: 3
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Michael Bradeen <mbradeen at sangoma.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220330/4e62411b/attachment.html>

More information about the asterisk-code-review mailing list