[asterisk-commits] kharwell: branch 12 r406847 - /branches/12/res/res_pjsip_pubsub.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Jan 28 17:35:20 CST 2014


Author: kharwell
Date: Tue Jan 28 17:35:17 2014
New Revision: 406847

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=406847
Log:
res_pjsip_pubsub: potential crash on timeout

What seems to be happening is if a subscription has been terminated and the
subscription timeout/expires is less than the time it takes for all pending
transactions (currently on the subscription) to end then the subscription
timer will not have been canceled yet and sub will be null.  Since the
subscription has already been canceled nothing needs to be done so a null
check in the asterisk code is sufficient in working around this problem.

(closes issue ASTERISK-23129)
Reported by: Dan Jenkins

Modified:
    branches/12/res/res_pjsip_pubsub.c

Modified: branches/12/res/res_pjsip_pubsub.c
URL: http://svnview.digium.com/svn/asterisk/branches/12/res/res_pjsip_pubsub.c?view=diff&rev=406847&r1=406846&r2=406847
==============================================================================
--- branches/12/res/res_pjsip_pubsub.c (original)
+++ branches/12/res/res_pjsip_pubsub.c Tue Jan 28 17:35:17 2014
@@ -1234,6 +1234,15 @@
 {
 	struct ast_sip_subscription *sub = pjsip_evsub_get_mod_data(evsub, pubsub_module.id);
 
+	if (!sub) {
+		/* if a subscription has been terminated and the subscription
+		   timeout/expires is less than the time it takes for all pending
+		   transactions to end then the subscription timer will not have
+		   been canceled yet and sub will be null, so do nothing since
+		   the subscription has already been terminated. */
+		return;
+	}
+
 	ao2_ref(sub, +1);
 	ast_sip_push_task(sub->serializer, serialized_pubsub_on_server_timeout, sub);
 }




More information about the asterisk-commits mailing list