[libpri-commits] rmudgett: branch 1.4 r2021 - /branches/1.4/q931.c

SVN commits to the libpri project libpri-commits at lists.digium.com
Thu Oct 14 13:35:53 CDT 2010


Author: rmudgett
Date: Thu Oct 14 13:35:48 2010
New Revision: 2021

URL: http://svnview.digium.com/svn/libpri?view=rev&rev=2021
Log:
Crash when receiving an unknown/unsupported message type.

Fix double free of a call record and the subsequent continued use of the
freed call record when receiving an unsupported/unknown message type.

(closes issue #17968)
Reported by: gelo
Patches:
      issue_17968_v1.4.patch uploaded by rmudgett (license 664)

Modified:
    branches/1.4/q931.c

Modified: branches/1.4/q931.c
URL: http://svnview.digium.com/svn/libpri/branches/1.4/q931.c?view=diff&rev=2021&r1=2020&r2=2021
==============================================================================
--- branches/1.4/q931.c (original)
+++ branches/1.4/q931.c Thu Oct 14 13:35:48 2010
@@ -6202,7 +6202,9 @@
 			c->changestatus = -1;
 			break;
 		default:
-			pri_error(ctrl, "!! Don't know how to pre-handle maintenance message type '%d'\n", mh->msg);
+			pri_error(ctrl,
+				"!! Don't know how to pre-handle maintenance message type '0x%X'\n",
+				mh->msg);
 			return -1;
 	}
 	return 0;
@@ -6356,13 +6358,13 @@
 	case Q931_SUSPEND:
 	case Q931_SUSPEND_ACKNOWLEDGE:
 	case Q931_SUSPEND_REJECT:
-		pri_error(ctrl, "!! Not yet handling pre-handle message type %s (%d)\n", msg2str(mh->msg), mh->msg);
+		pri_error(ctrl, "!! Not yet handling pre-handle message type %s (0x%X)\n",
+			msg2str(mh->msg), mh->msg);
 		/* Fall through */
 	default:
-		pri_error(ctrl, "!! Don't know how to pre-handle message type %s (%d)\n", msg2str(mh->msg), mh->msg);
+		pri_error(ctrl, "!! Don't know how to pre-handle message type %s (0x%X)\n",
+			msg2str(mh->msg), mh->msg);
 		q931_status(ctrl,c, PRI_CAUSE_MESSAGE_TYPE_NONEXIST);
-		if (c->newcall) 
-			pri_destroycall(ctrl, c);
 		return -1;
 	}
 	return 0;
@@ -6567,7 +6569,18 @@
 		/* Unknown protocol discriminator but we will treat it as Q.931 anyway. */
 	case GR303_PROTOCOL_DISCRIMINATOR:
 	case Q931_PROTOCOL_DISCRIMINATOR:
-		prepare_to_handle_q931_message(ctrl, mh, c);
+		if (prepare_to_handle_q931_message(ctrl, mh, c)) {
+			/* Discard message.  We don't know how to handle it. */
+			if (!c->master_call->outboundbroadcast && c->newcall) {
+				/*
+				 * Destroy new non-subcalls immediately.  Let the normal
+				 * disconnect/destruction of subcalls happen when there is a
+				 * winner.
+				 */
+				pri_destroycall(ctrl, c);
+			}
+			return 0;
+		}
 		break;
 	}
 	q931_clr_subcommands(ctrl);
@@ -6756,7 +6769,8 @@
 		return Q931_RES_HAVEEVENT;
 	}
 
-	pri_error(ctrl, "!! Don't know how to post-handle maintenance message type %d\n", mh->msg);
+	pri_error(ctrl, "!! Don't know how to post-handle maintenance message type 0x%X\n",
+		mh->msg);
 	return -1;
 }
 
@@ -8332,13 +8346,21 @@
 	case Q931_SUSPEND:
 	case Q931_SUSPEND_ACKNOWLEDGE:
 	case Q931_SUSPEND_REJECT:
-		pri_error(ctrl, "!! Not yet handling post-handle message type %s (%d)\n", msg2str(mh->msg), mh->msg);
+		pri_error(ctrl, "!! Not yet handling post-handle message type %s (0x%X)\n",
+			msg2str(mh->msg), mh->msg);
 		/* Fall through */
 	default:
-		pri_error(ctrl, "!! Don't know how to post-handle message type %s (%d)\n", msg2str(mh->msg), mh->msg);
+		pri_error(ctrl, "!! Don't know how to post-handle message type %s (0x%X)\n",
+			msg2str(mh->msg), mh->msg);
 		q931_status(ctrl,c, PRI_CAUSE_MESSAGE_TYPE_NONEXIST);
-		if (c->newcall) 
+		if (!c->master_call->outboundbroadcast && c->newcall) {
+			/*
+			 * Destroy new non-subcalls immediately.  Let the normal
+			 * disconnect/destruction of subcalls happen when there is a
+			 * winner.
+			 */
 			pri_destroycall(ctrl, c);
+		}
 		return -1;
 	}
 	return 0;




More information about the libpri-commits mailing list