<p>George Joseph has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/8325">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2018-005: Fix tdata leaks when calling pjsip_endpt_send_response(2)<br><br>pjsip_distributor:<br> authenticate() creates a tdata and uses it to send a challenge or<br> failure response. When pjsip_endpt_send_response2() succeeds, it<br> automatically decrements the tdata ref count but when it fails, it<br> doesn't. Since we weren't checking for a return status, we weren't<br> decrementing the count ourselves on error and were therefore leaking<br> tdatas.<br><br>res_pjsip_session:<br> session_reinvite_on_rx_request wasn't decrementing the ref count<br> if an error happened while sending a 491 response.<br> pre_session_setup wasn't decrementing the ref count if<br> while sending an error after a pjsip_inv_verify_request failure.<br><br>res_pjsip:<br> ast_sip_send_response wasn't decrementing the ref count on error.<br><br>ASTERISK-27618<br>Reported By: Sandro Gauci<br><br>Change-Id: Iab33a6c7b6fba96148ed465b690ba8534ac961bf<br>---<br>M res/res_pjsip.c<br>M res/res_pjsip/pjsip_distributor.c<br>M res/res_pjsip_session.c<br>3 files changed, 20 insertions(+), 6 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/25/8325/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/res/res_pjsip.c b/res/res_pjsip.c<br>index 392f9a6..0bd5ceb 100644<br>--- a/res/res_pjsip.c<br>+++ b/res/res_pjsip.c<br>@@ -4402,9 +4402,15 @@<br> <br> int ast_sip_send_response(pjsip_response_addr *res_addr, pjsip_tx_data *tdata, struct ast_sip_endpoint *sip_endpoint)<br> {<br>- supplement_outgoing_response(tdata, sip_endpoint);<br>+ pj_status_t status;<br> <br>- return pjsip_endpt_send_response(ast_sip_get_pjsip_endpoint(), res_addr, tdata, NULL, NULL);<br>+ supplement_outgoing_response(tdata, sip_endpoint);<br>+ status = pjsip_endpt_send_response(ast_sip_get_pjsip_endpoint(), res_addr, tdata, NULL, NULL);<br>+ if (status != PJ_SUCCESS) {<br>+ pjsip_tx_data_dec_ref(tdata);<br>+ }<br>+<br>+ return status == PJ_SUCCESS ? 0 : -1;<br> }<br> <br> int ast_sip_send_stateful_response(pjsip_rx_data *rdata, pjsip_tx_data *tdata, struct ast_sip_endpoint *sip_endpoint)<br>diff --git a/res/res_pjsip/pjsip_distributor.c b/res/res_pjsip/pjsip_distributor.c<br>index 591d7fe..e056b60 100644<br>--- a/res/res_pjsip/pjsip_distributor.c<br>+++ b/res/res_pjsip/pjsip_distributor.c<br>@@ -844,7 +844,9 @@<br> case AST_SIP_AUTHENTICATION_CHALLENGE:<br> /* Send the 401 we created for them */<br> ast_sip_report_auth_challenge_sent(endpoint, rdata, tdata);<br>- pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL);<br>+ if (pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL) != PJ_SUCCESS) {<br>+ pjsip_tx_data_dec_ref(tdata);<br>+ }<br> return PJ_TRUE;<br> case AST_SIP_AUTHENTICATION_SUCCESS:<br> /* See note in endpoint_lookup about not holding an unnecessary write lock */<br>@@ -857,7 +859,9 @@<br> case AST_SIP_AUTHENTICATION_FAILED:<br> log_failed_request(rdata, "Failed to authenticate", 0, 0);<br> ast_sip_report_auth_failed_challenge_response(endpoint, rdata);<br>- pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL);<br>+ if (pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL) != PJ_SUCCESS) {<br>+ pjsip_tx_data_dec_ref(tdata);<br>+ }<br> return PJ_TRUE;<br> case AST_SIP_AUTHENTICATION_ERROR:<br> log_failed_request(rdata, "Error to authenticate", 0, 0);<br>diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c<br>index bb53dad..83cf0a8 100644<br>--- a/res/res_pjsip_session.c<br>+++ b/res/res_pjsip_session.c<br>@@ -1083,7 +1083,9 @@<br> <br> /* Otherwise this is a new re-invite, so reject it */<br> if (pjsip_dlg_create_response(dlg, rdata, 491, NULL, &tdata) == PJ_SUCCESS) {<br>- pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL);<br>+ if (pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL) != PJ_SUCCESS) {<br>+ pjsip_tx_data_dec_ref(tdata);<br>+ }<br> }<br> <br> return PJ_TRUE;<br>@@ -2051,7 +2053,9 @@<br> <br> if (pjsip_inv_verify_request(rdata, &options, NULL, NULL, ast_sip_get_pjsip_endpoint(), &tdata) != PJ_SUCCESS) {<br> if (tdata) {<br>- pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL);<br>+ if (pjsip_endpt_send_response2(ast_sip_get_pjsip_endpoint(), rdata, tdata, NULL, NULL) != PJ_SUCCESS) {<br>+ pjsip_tx_data_dec_ref(tdata);<br>+ }<br> } else {<br> pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 500, NULL, NULL, NULL);<br> }<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/8325">change 8325</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/8325"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13.19 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Iab33a6c7b6fba96148ed465b690ba8534ac961bf </div>
<div style="display:none"> Gerrit-Change-Number: 8325 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>