[asterisk-commits] mjordan: trunk r434293 - in /trunk: ./ channels/chan_iax2.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Apr 8 07:00:38 CDT 2015
Author: mjordan
Date: Wed Apr 8 07:00:35 2015
New Revision: 434293
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=434293
Log:
chan_iax2: Fix crash caused by unprotected access to iaxs[peer->callno]
This patch fixes an access to the peer callnumber that is unprotected by a
corresponding mutex. The peer->callno value can be changed by multiple threads,
and all data inside the iaxs array must be procted by a corresponding lock
of iaxsl.
The patch moves the unprotected access to a location where the mutex is
safely obtained.
Review: https://reviewboard.asterisk.org/r/4599/
ASTERISK-21211 #close
Reported by: Jaco Kroon
patches:
asterisk-11.2.1-iax2_poke-segfault.diff submitted by Jaco Kroon (License 5671)
........
Merged revisions 434291 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 434292 from http://svn.asterisk.org/svn/asterisk/branches/13
Modified:
trunk/ (props changed)
trunk/channels/chan_iax2.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-13-merged' - no diff available.
Modified: trunk/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/trunk/channels/chan_iax2.c?view=diff&rev=434293&r1=434292&r2=434293
==============================================================================
--- trunk/channels/chan_iax2.c (original)
+++ trunk/channels/chan_iax2.c Wed Apr 8 07:00:35 2015
@@ -12325,14 +12325,10 @@
callno = peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0);
if (heldcall)
ast_mutex_lock(&iaxsl[heldcall]);
- if (peer->callno < 1) {
+ if (callno < 1) {
ast_log(LOG_WARNING, "Unable to allocate call for poking peer '%s'\n", peer->name);
return -1;
}
-
- /* Speed up retransmission times for this qualify call */
- iaxs[peer->callno]->pingtime = peer->maxms / 4 + 1;
- iaxs[peer->callno]->peerpoke = peer;
if (peer->pokeexpire > -1) {
if (!AST_SCHED_DEL(sched, peer->pokeexpire)) {
@@ -12354,6 +12350,10 @@
/* And send the poke */
ast_mutex_lock(&iaxsl[callno]);
if (iaxs[callno]) {
+ /* Speed up retransmission times for this qualify call */
+ iaxs[callno]->pingtime = peer->maxms / 4 + 1;
+ iaxs[callno]->peerpoke = peer;
+
struct iax_ie_data ied = {
.buf = { 0 },
.pos = 0,
More information about the asterisk-commits
mailing list