[asterisk-dev] [Code Review] 4384: res_pjsip_outbound_publish: eventually crashes when no response is ever received

Kevin Harwell reviewboard at asterisk.org
Thu Jan 29 09:55:08 CST 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4384/
-----------------------------------------------------------

(Updated Jan. 29, 2015, 9:55 a.m.)


Review request for Asterisk Developers.


Changes
-------

Added a notification that no response was received for the outbound publish.


Bugs: ASTERISK-24635
    https://issues.asterisk.org/jira/browse/ASTERISK-24635


Repository: Asterisk


Description
-------

When Asterisk attempts to send SIP outbound publish information and no response is ever received (no 200 okay, 412, 423) the system eventually crashes. A response is never received because the system Asterisk is attempting to send publish information to is not available. The underlying pjsip framework attempts to send publish information. After several attempts it calls back into the Asterisk outbound publish code. At this point if the "client->queue" is empty Asterisk attempts to schedule a refresh which utilizes "rdata" and since no response was received the given "rdata" struture is NULL. Attempting to dereference a NULL object of course results in a crash.

This patch re-queues the current message that has not received a response yet (has no "rdata"), thus removing the possibility of the queue being empty and having no "rdata" available. Consequently, in this scenario, the publish refresh is not called and the crash is avoided.


Diffs (updated)
-----

  branches/13/res/res_pjsip_outbound_publish.c 431402 

Diff: https://reviewboard.asterisk.org/r/4384/diff/


Testing
-------

First duplicated the problem by attempting to publish to a non existent system (after a bit Asterisk crashed). After applying the patch using the same setup Asterisk no longer crashed. Also ran the current set of outbound publish testsuite tests to make sure those still passed.


Thanks,

Kevin Harwell

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150129/385b4df5/attachment.html>


More information about the asterisk-dev mailing list