[Asterisk-code-review] bundled pjproject: Fix DNS write to freed memory. (asterisk[master])
Richard Mudgett
asteriskteam at digium.com
Tue Nov 1 14:36:54 CDT 2016
Richard Mudgett has uploaded a new change for review. ( https://gerrit.asterisk.org/4272 )
Change subject: bundled pjproject: Fix DNS write to freed memory.
......................................................................
bundled pjproject: Fix DNS write to freed memory.
PJPROJECT 2.5.5 introduced a race condition with the -r5349 IPv6 DNS
patch.
The patch below fixes a write to freed memory under cartain DNS lookup
conditions.
0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
ASTERISK-26516
Reported by: Richard Mudgett
Change-Id: Ifdfae9ecf1e41b53080f33aab44ce1a220f349c5
---
A third-party/pjproject/patches/0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
1 file changed, 33 insertions(+), 0 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/72/4272/1
diff --git a/third-party/pjproject/patches/0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch b/third-party/pjproject/patches/0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
new file mode 100644
index 0000000..f70dd45
--- /dev/null
+++ b/third-party/pjproject/patches/0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
@@ -0,0 +1,33 @@
+From 732a997010d60fe93a7453e809672386749b0afc Mon Sep 17 00:00:00 2001
+From: Richard Mudgett <rmudgett at digium.com>
+Date: Tue, 1 Nov 2016 12:55:31 -0500
+Subject: [PATCH] r5477 svn backport Fix DNS write on freed memory.
+
+Re #1974: Fix DNS write on freed memory.
+Thanks to Richard Mudgett for the patch.
+---
+ pjlib-util/src/pjlib-util/resolver.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
+index 52b7655..365772e 100644
+--- a/pjlib-util/src/pjlib-util/resolver.c
++++ b/pjlib-util/src/pjlib-util/resolver.c
+@@ -908,7 +908,13 @@ PJ_DEF(pj_status_t) pj_dns_resolver_start_query( pj_dns_resolver *resolver,
+ /* Must return PJ_SUCCESS */
+ status = PJ_SUCCESS;
+
+- goto on_return;
++ /*
++ * We cannot write to *p_query after calling cb because what
++ * p_query points to may have been freed by cb.
++ * Refer to ticket #1974.
++ */
++ pj_mutex_unlock(resolver->mutex);
++ return status;
+ }
+
+ /* At this point, we have a cached entry, but this entry has expired.
+--
+1.7.9.5
+
--
To view, visit https://gerrit.asterisk.org/4272
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifdfae9ecf1e41b53080f33aab44ce1a220f349c5
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
More information about the asterisk-code-review
mailing list