[asterisk-commits] mjordan: branch 10 r356215 - in /branches/10: ./ channels/chan_sip.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Feb 22 08:54:00 CST 2012


Author: mjordan
Date: Wed Feb 22 08:53:53 2012
New Revision: 356215

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=356215
Log:
Merged revisions 356214 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.8

........
  r356214 | mjordan | 2012-02-22 08:50:20 -0600 (Wed, 22 Feb 2012) | 27 lines
  
  Fix potential buffer overrun and memory leak when executing "sip show peers"
  
  The "sip show peers" command uses a fix sized array to sort the current peers
  in the peers ao2_container.  The size of the array is based on the current
  number of peers in the container.  However, once the size of the array is
  determined, the number of peers in the container can change, as the peers
  container is not locked.  This could cause a buffer overrun when populating
  the array, if peers were added to the container after the array was created.
  Additionally, a memory leak of the allocated array would occur if a user
  caused the _show_peers method to return CLI_SHOWUSAGE.
  
  We now create a snapshot of the current peers using an ao2_callback with the
  OBJ_MULTIPLE flag.  This size of the array is set to the number of peers
  that the iterator will iterate over; hence, if peers are added or removed
  from the peers container it will not affect the execution of the "sip show
  peers" command.
  
  Review: https://reviewboard.asterisk.org/r/1738/
  
  (closes issue ASTERISK-19231)
  (closes issue ASTERISK-19361)
  Reported by: Thomas Arimont, Jamuel Starkey
  Tested by: Thomas Arimont, Jamuel Starkey
  Patches: sip_show_peers_2012_02_16.diff uploaded by mjordan (license 6283)
........

Modified:
    branches/10/   (props changed)
    branches/10/channels/chan_sip.c

Propchange: branches/10/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: branches/10/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/10/channels/chan_sip.c?view=diff&rev=356215&r1=356214&r2=356215
==============================================================================
--- branches/10/channels/chan_sip.c (original)
+++ branches/10/channels/chan_sip.c Wed Feb 22 08:53:53 2012
@@ -17226,7 +17226,7 @@
 	regex_t regexbuf;
 	int havepattern = FALSE;
 	struct sip_peer *peer;
-	struct ao2_iterator i;
+	struct ao2_iterator* it_peers;
 
 /* the last argument is left-aligned, so we don't need a size anyways */
 #define FORMAT2 "%-25.25s %-39.39s %-3.3s %-10.10s %-3.3s %-8s %-11s %-32.32s %s\n"
@@ -17240,12 +17240,10 @@
 	const char *id;
 	char idtext[256] = "";
 	int realtimepeers;
-	int objcount = ao2_container_count(peers);
 	struct sip_peer **peerarray;
 	int k;
 
 	realtimepeers = ast_check_realtime("sippeers");
-	peerarray = ast_calloc(sizeof(struct sip_peer *), objcount);
 
 	if (s) {	/* Manager - get ActionID */
 		id = astman_get_header(m, "ActionID");
@@ -17267,11 +17265,26 @@
 		return CLI_SHOWUSAGE;
 	}
 
-	if (!s) /* Normal list */
+	if (!s) {
+		/* Normal list */
 		ast_cli(fd, FORMAT2, "Name/username", "Host", "Dyn", "Forcerport", "ACL", "Port", "Status", "Description", (realtimepeers ? "Realtime" : ""));
-
-	i = ao2_iterator_init(peers, 0);
-	while ((peer = ao2_t_iterator_next(&i, "iterate thru peers table"))) {
+	}
+
+	ao2_lock(peers);
+	if (!(it_peers = ao2_callback(peers, OBJ_MULTIPLE, NULL, NULL))) {
+		ast_log(AST_LOG_ERROR, "Unable to create iterator for peers container for sip show peers\n");
+		ao2_unlock(peers);
+		return CLI_FAILURE;
+	}
+	if (!(peerarray = ast_calloc(sizeof(struct sip_peer *), ao2_container_count(peers)))) {
+		ast_log(AST_LOG_ERROR, "Unable to allocate peer array for sip show peers\n");
+		ao2_iterator_destroy(it_peers);
+		ao2_unlock(peers);
+		return CLI_FAILURE;
+	}
+	ao2_unlock(peers);
+
+	while ((peer = ao2_t_iterator_next(it_peers, "iterate thru peers table"))) {
 		ao2_lock(peer);
 
 		if (!(peer->type & SIP_TYPE_PEER)) {
@@ -17281,7 +17294,6 @@
 		}
 
 		if (havepattern && regexec(&regexbuf, peer->name, 0, NULL, 0)) {
-			objcount--;
 			ao2_unlock(peer);
 			sip_unref_peer(peer, "toss iterator peer ptr before continue");
 			continue;
@@ -17290,7 +17302,7 @@
 		peerarray[total_peers++] = peer;
 		ao2_unlock(peer);
 	}
-	ao2_iterator_destroy(&i);
+	ao2_iterator_destroy(it_peers);
 
 	qsort(peerarray, total_peers, sizeof(struct sip_peer *), peercomparefunc);
 




More information about the asterisk-commits mailing list