[asterisk-dev] [Code Review] 4160: chan_sip: Fix theoretical leak of p->refer

Mark Michelson reviewboard at asterisk.org
Tue Nov 11 13:52:37 CST 2014



> On Nov. 11, 2014, 6:43 p.m., Mark Michelson wrote:
> > If I understand the purpose of p->refer correctly, it's supposed to be details relating to a specific REFER (or REFER-esque in some cases) transaction. I think that any in-dialog places where p->refer may be allocated, the previous p->refer should be freed. In addition to the transmit_refer() change you have, this would mean that handle_request_refer() and get_also_info() should free p->refer and then allocate a new one.
> > 
> > Honestly, the best way to do this is perhaps to just have sip_refer_alloc() destroy the old p->refer and then allocate a new one.
> 
> Corey Farrell wrote:
>     This seams reasonable to me.  Now that this will change existing behaviour, I want to run it through testsuite tests/channels/SIP.  Once that passes I'll update the review.  Unless I'm misunderstanding, the call to sip_refer_alloc from handle_request_invite should destroy any existing p->refer as well?

It will only happen with INVITEs that start a dialog, so p->refer will be NULL at that point. sip_refer_destroy() will be a no-op, so it's fine. If we get a reinvite with Replaces, Asterisk will send a 400 response before reaching the allocation of p->refer.


- Mark


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4160/#review13722
-----------------------------------------------------------


On Nov. 10, 2014, 6:25 a.m., Corey Farrell wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4160/
> -----------------------------------------------------------
> 
> (Updated Nov. 10, 2014, 6:25 a.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-15242
>     https://issues.asterisk.org/jira/browse/ASTERISK-15242
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> If transmit_refer is called when p->refer is already allocated, it will leak the previous allocation.  I checked for all occurrences of sip_refer_alloc, found that transmit_refer was the only caller that didn't check p->refer first.  This change moves the check for !p->refer to sip_refer_alloc.
> 
> I made transmit_refer destroy any previous p->refer so it will have a clean structure after reallocation like it does currently.  Unsure if it's needed, but the little bit of extra processing is worth keeping this fix low risk.
> 
> The change is slightly different in 12+, as p->refer->refer_call only exists in 11.
> 
> 
> Diffs
> -----
> 
>   /branches/11/channels/chan_sip.c 427666 
> 
> Diff: https://reviewboard.asterisk.org/r/4160/diff/
> 
> 
> Testing
> -------
> 
> Compiled, visual inspection.
> 
> 
> Thanks,
> 
> Corey Farrell
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141111/54f2050d/attachment-0001.html>


More information about the asterisk-dev mailing list