[asterisk-commits] kmoore: branch 12 r408941 - /branches/12/res/res_pjsip_refer.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Feb 26 07:34:02 CST 2014


Author: kmoore
Date: Wed Feb 26 07:33:52 2014
New Revision: 408941

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=408941
Log:
PJSIP: Prevent crash if channel has gone away

It is currently possible for an ast_sip_session to exist without an
associated channel as is the case when a new invite is coming in or
just after a hangup is issued on a chan_pjsip channel. Part of the
attended transfer code assumed the channel would be non-NULL and used
it as such causing a crash. This bug was exposed thanks to the attended
transfer ARI test in the test suite.

(closes issue ASTERISK-23287)
Reported by: Matt Jordan

Modified:
    branches/12/res/res_pjsip_refer.c

Modified: branches/12/res/res_pjsip_refer.c
URL: http://svnview.digium.com/svn/asterisk/branches/12/res/res_pjsip_refer.c?view=diff&rev=408941&r1=408940&r2=408941
==============================================================================
--- branches/12/res/res_pjsip_refer.c (original)
+++ branches/12/res/res_pjsip_refer.c Wed Feb 26 07:33:52 2014
@@ -421,6 +421,10 @@
 	RAII_VAR(struct refer_attended *, attended, data, ao2_cleanup);
 	int response = 0;
 
+	if (!attended->transferer_second->channel) {
+		return -1;
+	}
+
 	ast_debug(3, "Performing a REFER attended transfer - Transferer #1: %s Transferer #2: %s\n",
 		ast_channel_name(attended->transferer_chan), ast_channel_name(attended->transferer_second->channel));
 




More information about the asterisk-commits mailing list