[asterisk-dev] [Code Review] 4384: res_pjsip_outbound_publish: eventually crashes when no response is ever received

Joshua Colp reviewboard at asterisk.org
Thu Jan 29 10:14:38 CST 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4384/#review14356
-----------------------------------------------------------



branches/13/res/res_pjsip_outbound_publish.c
<https://reviewboard.asterisk.org/r/4384/#comment24867>

    So...
    
    This may actually cause publish state to be reflected incorrectly on the remote side if you remove it from the head of the queue. Another publish for the same thing can be queued afterwards. If you move this to the tail of the queue then it will be out of order.
    
    As well - wouldn't this cause to the queue to potentially grow uncontrollably?


- Joshua Colp


On Jan. 29, 2015, 3:55 p.m., Kevin Harwell wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4384/
> -----------------------------------------------------------
> 
> (Updated Jan. 29, 2015, 3:55 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-24635
>     https://issues.asterisk.org/jira/browse/ASTERISK-24635
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> When Asterisk attempts to send SIP outbound publish information and no response is ever received (no 200 okay, 412, 423) the system eventually crashes. A response is never received because the system Asterisk is attempting to send publish information to is not available. The underlying pjsip framework attempts to send publish information. After several attempts it calls back into the Asterisk outbound publish code. At this point if the "client->queue" is empty Asterisk attempts to schedule a refresh which utilizes "rdata" and since no response was received the given "rdata" struture is NULL. Attempting to dereference a NULL object of course results in a crash.
> 
> This patch re-queues the current message that has not received a response yet (has no "rdata"), thus removing the possibility of the queue being empty and having no "rdata" available. Consequently, in this scenario, the publish refresh is not called and the crash is avoided.
> 
> 
> Diffs
> -----
> 
>   branches/13/res/res_pjsip_outbound_publish.c 431402 
> 
> Diff: https://reviewboard.asterisk.org/r/4384/diff/
> 
> 
> Testing
> -------
> 
> First duplicated the problem by attempting to publish to a non existent system (after a bit Asterisk crashed). After applying the patch using the same setup Asterisk no longer crashed. Also ran the current set of outbound publish testsuite tests to make sure those still passed.
> 
> 
> Thanks,
> 
> Kevin Harwell
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150129/65acd305/attachment.html>


More information about the asterisk-dev mailing list