[asterisk-commits] Resources/res phoneprov: fix memory leak and heap-use-after-... (asterisk[13])

[SVN commits to the Asterisk project]

Anonymous Coward #1000019 has submitted this change and it was merged.

Change subject: Resources/res_phoneprov: fix memory leak and heap-use-after-free
......................................................................


Resources/res_phoneprov: fix memory leak and heap-use-after-free

* heap-use-after-free happens when we free "cfg"
but then use "value" which refers to it

* A memory leak occurs because in some cases
it is not released "defaults"

ASTERISK-25721 #close
Reported by: Badalyan Vyacheslav
Tested by: Badalyan Vyacheslav

Change-Id: I3807d3f4726df6864430ec144cf6265d3f538469
---
M res/res_phoneprov.c
1 file changed, 6 insertions(+), 3 deletions(-)

Approvals:
  Mark Michelson: Looks good to me, but someone else must approve
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, approved



diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c
index b3d14f7..df93c5b 100644
--- a/res/res_phoneprov.c
+++ b/res/res_phoneprov.c
@@ -1193,8 +1193,7 @@
 
 static struct varshead *get_defaults(void)
 {
-	struct ast_config *phoneprov_cfg;
-	struct ast_config *cfg;
+	struct ast_config *phoneprov_cfg, *cfg = CONFIG_STATUS_FILEINVALID;
 	const char *value;
 	struct ast_variable *v;
 	struct ast_var_t *var;
@@ -1233,10 +1232,12 @@
 	if (!value) {
 		if ((cfg = ast_config_load("sip.conf", config_flags)) && cfg != CONFIG_STATUS_FILEINVALID) {
 			value = ast_variable_retrieve(cfg, "general", "bindport");
-			ast_config_destroy(cfg);
 		}
 	}
 	var = ast_var_assign(variable_lookup[AST_PHONEPROV_STD_SERVER_PORT], S_OR(value, "5060"));
+	if(cfg && cfg != CONFIG_STATUS_FILEINVALID) {
+		ast_config_destroy(cfg);
+	}
 	AST_VAR_LIST_INSERT_TAIL(defaults, var);
 
 	value = ast_variable_retrieve(phoneprov_cfg, "general", pp_general_lookup[AST_PHONEPROV_STD_PROFILE]);
@@ -1288,6 +1289,7 @@
 	if (!(cfg = ast_config_load("users.conf", config_flags))
 		|| cfg == CONFIG_STATUS_FILEINVALID) {
 		ast_log(LOG_WARNING, "Unable to load users.conf\n");
+		ast_var_list_destroy(defaults);
 		return -1;
 	}
 
@@ -1337,6 +1339,7 @@
 		}
 	}
 	ast_config_destroy(cfg);
+	ast_var_list_destroy(defaults);
 	return 0;
 }
 

-- 
To view, visit https://gerrit.asterisk.org/2231
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3807d3f4726df6864430ec144cf6265d3f538469
Gerrit-PatchSet: 4
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Badalian Vyacheslav <v.badalyan at open-bs.ru>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <george.joseph at fairview5.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>