kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 12:16:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

pjsip_messaging, pjsip_header_funcs: Crashes due to NULL pointer dereferences

Browse Source 
Both res_pjsip_messaging and res_pjsip_header_funcs were causing asterisk to
crash because they were trying to dereference a NULL pointer.

In the case of res_pjsip_messaging it was attempting to "print" a contact
header that did not exist.  In fact contact headers should not be part of
a SIP MESSAGE, so the offending code was simply removed.

In the case of res_pjsip_header_funcs a null private channel tech was being
passed to the function and then later dereferenced.  Added null checks (and
error logging) to the read/write function handlers to guard against crashing.

(closes issue ASTERISK-22821)
Reported by: Anthony Messina
........

Merged revisions 402757 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@402758 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin Harwell
2013-11-12 16:49:17 +00:00
parent 4f61528fba
commit 12a0edac69
2 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
res/res_pjsip_header_funcs.c
View File

@@ -452,6 +452,11 @@ static int func_read_header(struct ast_channel *chan, const char *function, char
AST_APP_ARG(header_name); AST_APP_ARG(header_number););
AST_STANDARD_APP_ARGS(args, data);
if (!channel) {
ast_log(LOG_ERROR, "This function requires a PJSIP channel.\n");
return -1;
}
if (ast_strlen_zero(args.action)) {
ast_log(AST_LOG_ERROR, "This function requires an action.\n");
return -1;
@@ -506,6 +511,11 @@ static int func_write_header(struct ast_channel *chan, const char *cmd, char *da
AST_APP_ARG(header_name); AST_APP_ARG(header_number););
AST_STANDARD_APP_ARGS(args, data);
if (!channel) {
ast_log(LOG_ERROR, "This function requires a PJSIP channel.\n");
return -1;
}
if (ast_strlen_zero(args.action)) {
ast_log(AST_LOG_ERROR, "This function requires an action.\n");
return -1;

10
res/res_pjsip_messaging.c
View File

@@ -431,15 +431,9 @@ static enum pjsip_status_code rx_data_to_ast_msg(pjsip_rx_data *rdata, struct as
CHECK_RES(ast_msg_set_from(msg, "%s", buf));
}
/* contact header */
if ((size = pjsip_hdr_print_on(pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL), buf, sizeof(buf)-1)) > 0) {
buf[size] = '\0';
CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf));
}
/* receive address */
field = pj_sockaddr_print(&rdata->pkt_info.src_addr, buf, sizeof(buf)-1, 1);
CHECK_RES(ast_msg_set_var(msg, "SIP_RECVADDR", field));
CHECK_RES(ast_msg_set_var(msg, "PJSIP_RECVADDR", field));
/* body */
if (print_body(rdata, buf, sizeof(buf) - 1) > 0) {
@@ -448,7 +442,7 @@ static enum pjsip_status_code rx_data_to_ast_msg(pjsip_rx_data *rdata, struct as
/* endpoint name */
if (endpt->id.self.name.valid) {
CHECK_RES(ast_msg_set_var(msg, "SIP_PEERNAME", endpt->id.self.name.str));
CHECK_RES(ast_msg_set_var(msg, "PJSIP_PEERNAME", endpt->id.self.name.str));
}
CHECK_RES(headers_to_vars(rdata, msg));