[asterisk-dev] [Code Review] res_srtp: Fix a crash caused by an attempt to dealloc a session pointer that was never alloced or has already been dealloced.

Matt Jordan reviewboard at asterisk.org
Thu Dec 20 09:57:16 CST 2012 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2228/#review7562
-----------------------------------------------------------



/branches/1.8/res/res_srtp.c
<https://reviewboard.asterisk.org/r/2228/#comment14382>

    It was rather subtle as to why you need to set srtp->session to NULL here after srtp_create fails. A comment may be useful explaining why.



/branches/1.8/res/res_srtp.c
<https://reviewboard.asterisk.org/r/2228/#comment14383>

    The error message here is a bit confusing: why was the SRTP session destroyed in the first place?
    
    In general, we only attempt to destroy and re-create the session on an unprotect failure. You may want to rephrase the error message as:
    
    "SRTP session could not be re-created after unprotect failure: %s"
    
    Where %s is the failure returned from srtp_create. Note that this means you'll have to actually store the return code and print out the error message using srtp_errstr - so the error message should probably be moved up to line 387.


- Matt


On Dec. 6, 2012, 11:02 a.m., jrose wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2228/
> -----------------------------------------------------------
> 
> (Updated Dec. 6, 2012, 11:02 a.m.)
> 
> 
> Review request for Asterisk Developers, Mark Michelson and Matt Jordan.
> 
> 
> Summary
> -------
> 
> If srtp_create fails, session we create for temp will either not be created or else will be dealloced within srtp_create. At present, when we then run ast_srtp_destroy, attempting to dealloc this can cause Asterisk to crash. This patch addresses that by setting the session pointer to NULL so ast_srtp_destroy doesn't attempt to dealloc it.
> 
> As one might expect, this patch doesn't resolve the reporter's problems with actually setting up an srtp enabled SIP call, but it does fix a crash which shouldn't be happening.
> 
> 
> This addresses bug ASTERISK-20499.
>     https://issues.asterisk.org/jira/browse/ASTERISK-20499
> 
> 
> Diffs
> -----
> 
>   /branches/1.8/res/res_srtp.c 377339 
> 
> Diff: https://reviewboard.asterisk.org/r/2228/diff
> 
> 
> Testing
> -------
> 
> The reporter has tested the patch and confirmed that it eliminates the crash.
> 
> 
> Thanks,
> 
> jrose
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121220/97115e26/attachment.htm>

More information about the asterisk-dev mailing list