[asterisk-security] [asterisk-dev] [Code Review] Fix memory leak in manager.c action originate when using channel variables

Olle E Johansson oej at edvina.net
Fri Aug 27 08:21:46 CDT 2010



> On 2010-08-26 22:14:14, Terry Wilson wrote:
> > It looks like ast_pbx_outgoing_app/exten call ast_variables_destroy() in all circumstances, so I don't think this patch is necessary (and it is also why it crashes--vars is never set to NULL but so that check fails and then ast_variables_destroy is called again). But, I did notice that ast_variables_destroy() calls free() instead of ast_free() even though ast_variable_new() calls allocates with ast_calloc().

I see what you mean, but there are also a lot of cases where we do not call ast_pbx_outgoign_app and still have these vars allocated, so there are still areas to fix, but in a more limited scope. I'll go throught it and put up a new diff for review.


- Olle E


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/869/#review2638
-----------------------------------------------------------


On 2010-08-20 07:41:17, Olle E Johansson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/869/
> -----------------------------------------------------------
> 
> (Updated 2010-08-20 07:41:17)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> The originate action supports using channel variables. These are allocated to a variable "vars" but never freed. In the case of asynchronos or "fast" originate, these are handed off as a pointer to the new thread.
> 
> This patch 
>  - Moves the allocation of the variables until after a few checks that will return (to not have to free multiple times).
>  - Frees the variables in originate
>  - copies the variables to the new thread, which frees it's own copy when done
> 
> Separate fix is made for trunk. The function ast_variable_copy really belongs to config.c/h, but since we don't change API in releases, it's in manager.c for now, and will move home in the trunk version. 
> 
> (Have fixed the red dots in my changes)
> 
> ----
> Trunk version now in 
> https://origsvn.digium.com/svn/asterisk/team/oej/bufo-manager-varfix-trunk
> 
> 
> This addresses bug 17891.
>     https://issues.asterisk.org/view.php?id=17891
> 
> 
> Diffs
> -----
> 
>   /branches/1.4/main/manager.c 282966 
> 
> Diff: https://reviewboard.asterisk.org/r/869/diff
> 
> 
> Testing
> -------
> 
> Tested. Crashed. Will update to a working solution.
> 
> 
> Thanks,
> 
> Olle E
> 
>


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev



More information about the asterisk-security mailing list