[asterisk-commits] Remove extra ast iostream close() calls. (asterisk[master])

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Feb 17 17:41:06 CST 2017 

Anonymous Coward #1000019 has submitted this change and it was merged. ( https://gerrit.asterisk.org/4997 )

Change subject: Remove extra ast_iostream_close() calls.
......................................................................


Remove extra ast_iostream_close() calls.

When AMI encounters an error at the beginning of a session, it would
explicitly call ast_iostream_close() on its tcptls session's iostream.
It then would jump to a label where it would shut down the tcptls
session instance. The tcptls session instance would again attempt to
close the iostream.

Under normal circumstances, this might go by unnoticed. However, when
MALLOC_DEBUG is enabled, all fields on the iostream get set to
0xdeaddead when the iostream is freed. Thus a second call to
ast_iostream_close() after the iostream has been freed would reslt in an
attempt to call SSL_shutdown on 0xdeaddead, which would crash and burn
horribly.

The fix here is to not directly close the iostream from the dangerous
scenarios. The specific scenarios are:
* Exceeding the configured authlimit
* Failing to build a mansession on a new connection

Change-Id: I908f98d516afd5a263bd36b072221008a4731acd
---
M main/manager.c
1 file changed, 0 insertions(+), 2 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, approved
  Richard Mudgett: Looks good to me, but someone else must approve
  Anonymous Coward #1000019: Verified



diff --git a/main/manager.c b/main/manager.c
index a25497f..f11c8dc 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -6629,7 +6629,6 @@
 	struct ast_sockaddr ser_remote_address_tmp;
 
 	if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) {
-		ast_iostream_close(ser->stream);
 		ast_atomic_fetchadd_int(&unauth_sessions, -1);
 		goto done;
 	}
@@ -6638,7 +6637,6 @@
 	session = build_mansession(&ser_remote_address_tmp);
 
 	if (session == NULL) {
-		ast_iostream_close(ser->stream);
 		ast_atomic_fetchadd_int(&unauth_sessions, -1);
 		goto done;
 	}

-- 
To view, visit https://gerrit.asterisk.org/4997
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I908f98d516afd5a263bd36b072221008a4731acd
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>

More information about the asterisk-commits mailing list