[asterisk-dev] [Code Review] res_srtp: Fix a crash caused by an attempt to dealloc a session pointer that was never alloced or has already been dealloced.

jrose reviewboard at asterisk.org
Thu Dec 6 10:22:25 CST 2012


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2228/
-----------------------------------------------------------

(Updated Dec. 6, 2012, 10:22 a.m.)


Review request for Asterisk Developers, Mark Michelson and Matt Jordan.


Changes
-------

This is the patch that was committed for r377256.

It introduces a potential crash by setting srtp->session to NULL unfortunately. We can't really just revert the patch since this means this code path would have kept using the stale pointer which is the only reason it wasn't crashing.


Summary
-------

If srtp_create fails, session we create for temp will either not be created or else will be dealloced within srtp_create. At present, when we then run ast_srtp_destroy, attempting to dealloc this can cause Asterisk to crash. This patch addresses that by setting the session pointer to NULL so ast_srtp_destroy doesn't attempt to dealloc it.

As one might expect, this patch doesn't resolve the reporter's problems with actually setting up an srtp enabled SIP call, but it does fix a crash which shouldn't be happening.


This addresses bug ASTERISK-20499.
    https://issues.asterisk.org/jira/browse/ASTERISK-20499


Diffs (updated)
-----

  /branches/1.8/res/res_srtp.c 377255 

Diff: https://reviewboard.asterisk.org/r/2228/diff


Testing
-------

The reporter has tested the patch and confirmed that it eliminates the crash.


Thanks,

jrose

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121206/6a532723/attachment.htm>


More information about the asterisk-dev mailing list