[asterisk-commits] mjordan: branch 1.8 r361705 - /branches/1.8/channels/chan_dahdi.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Apr 9 15:45:27 CDT 2012


Author: mjordan
Date: Mon Apr  9 15:45:24 2012
New Revision: 361705

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=361705
Log:
Prevent invalid access of free'd memory if DAHDI channel during an MWI event

In the MWI processing loop, when a valid event occurs the temporary caller ID
information is deallocated.  If a new DAHDI channel is successfully created, 
the event is passed up to the analog_ss_thread without error and the loop
exits.  If, however, the DAHDI channel is not created, then the caller ID
struct has been free'd, and the gains reset to their previous level.  This
will almost certainly cause an invalid access to the free'd memory, either
in subsequent calls to callerid_free or calls to callerid_feed.

This patch makes it so that we only free the caller ID structure if a
DAHDI channel is successfully created, and we bump the gains back up
if we fail to make a DAHDI channel.

Modified:
    branches/1.8/channels/chan_dahdi.c

Modified: branches/1.8/channels/chan_dahdi.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/channels/chan_dahdi.c?view=diff&rev=361705&r1=361704&r2=361705
==============================================================================
--- branches/1.8/channels/chan_dahdi.c (original)
+++ branches/1.8/channels/chan_dahdi.c Mon Apr  9 15:45:24 2012
@@ -11056,13 +11056,14 @@
 				break; /* What to do on channel alarm ???? -- fall thru intentionally?? */
 			default:
 				ast_log(LOG_NOTICE, "Got event %d (%s)...  Passing along to analog_ss_thread\n", res, event2str(res));
-				callerid_free(cs);
 
 				restore_gains(mtd->pvt);
 				mtd->pvt->ringt = mtd->pvt->ringt_base;
 
 				if ((chan = dahdi_new(mtd->pvt, AST_STATE_RING, 0, SUB_REAL, 0, NULL))) {
 					int result;
+
+					callerid_free(cs);
 					if (analog_lib_handles(mtd->pvt->sig, mtd->pvt->radio, mtd->pvt->oprmode)) {
 						result = analog_ss_thread_start(mtd->pvt->sig_pvt, chan);
 					} else {
@@ -11079,6 +11080,8 @@
 					goto quit_no_clean;
 
 				} else {
+					/* Bump the gains back */
+					bump_gains(mtd->pvt);
 					ast_log(LOG_WARNING, "Could not create channel to handle call\n");
 				}
 			}




More information about the asterisk-commits mailing list