[asterisk-commits] sgriepentrog: branch 12 r408970 - /branches/12/channels/chan_pjsip.c

[SVN commits to the Asterisk project]

Author: sgriepentrog
Date: Wed Feb 26 13:00:07 2014
New Revision: 408970

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=408970
Log:
pjsip: avoid edge case potential crash in answer()

When accidentally compiling against a wrong version of
pjsip headers with a different pjsip_inv_session size,
the invite_tsx structure could be null in the answer()
function.  This led to a crash because it attempted to
send the session response with an uninitialized packet
pointer.  This patch presets packet to null and adds a
diagnostic log message to explain why the call fails.

Review: https://reviewboard.asterisk.org/r/3267/


Modified:
    branches/12/channels/chan_pjsip.c

Modified: branches/12/channels/chan_pjsip.c
URL: http://svnview.digium.com/svn/asterisk/branches/12/channels/chan_pjsip.c?view=diff&rev=408970&r1=408969&r2=408970
==============================================================================
--- branches/12/channels/chan_pjsip.c (original)
+++ branches/12/channels/chan_pjsip.c Wed Feb 26 13:00:07 2014
@@ -438,12 +438,15 @@
 static int answer(void *data)
 {
 	pj_status_t status = PJ_SUCCESS;
-	pjsip_tx_data *packet;
+	pjsip_tx_data *packet = NULL;
 	struct ast_sip_session *session = data;
 
 	pjsip_dlg_inc_lock(session->inv_session->dlg);
 	if (session->inv_session->invite_tsx) {
 		status = pjsip_inv_answer(session->inv_session, 200, NULL, NULL, &packet);
+	} else {
+		ast_log(LOG_ERROR,"Cannot answer '%s' because there is no associated SIP transaction\n",
+			ast_channel_name(session->channel));
 	}
 	pjsip_dlg_dec_lock(session->inv_session->dlg);