diff options
author | Kevin Harwell <kharwell@digium.com> | 2013-09-27 18:28:41 +0000 |
---|---|---|
committer | Kevin Harwell <kharwell@digium.com> | 2013-09-27 18:28:41 +0000 |
commit | d6bceb035019a3df16a3b71da6e855ea249c94a5 (patch) | |
tree | 026f75862cd4ef54733b72018d6ac587037e4330 | |
parent | 7e2a72771dbd538d8c72865406ca5aabb883d9d9 (diff) |
res_pjsip: crash when using localnet and external_signaling_address options
There was a collision of mod_data use on the transaction between using a nat
hook and an session response callback. During state change it was assumed
what was in the mod_data was nothing or the response callback. However, it
was possible for it to also contain a nat hook thus resulting in a bad cast
and a crash.
Added the ability to store multiple data elements in mod_data via a hash table.
In this instance, mod_data now stores a hash table of the two values that can
be retrieved using an associated string key.
(closes issue ASTERISK-22394)
Reported by: Rusty Newton
Review: https://reviewboard.asterisk.org/r/2843/
........
Merged revisions 399990 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@399991 65c4cc65-6c06-0410-ace0-fbb531ad65f3
-rw-r--r-- | include/asterisk/res_pjsip.h | 56 | ||||
-rw-r--r-- | res/res_pjsip.c | 23 | ||||
-rw-r--r-- | res/res_pjsip.exports.in | 2 | ||||
-rw-r--r-- | res/res_pjsip_session.c | 23 |
4 files changed, 96 insertions, 8 deletions
diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h index 9ba2e90c7..8c7872084 100644 --- a/include/asterisk/res_pjsip.h +++ b/include/asterisk/res_pjsip.h @@ -1504,4 +1504,60 @@ int ast_sip_add_global_response_header(const char *name, const char *value, int int ast_sip_initialize_sorcery_global(struct ast_sorcery *sorcery); +/*! + * \brief Retrieves the value associated with the given key. + * + * \param ht the hash table/dictionary to search + * \param key the key to find + * + * \retval the value associated with the key, NULL otherwise. + */ +void *ast_sip_dict_get(void *ht, const char *key); + +/*! + * \brief Using the dictionary stored in mod_data array at a given id, + * retrieve the value associated with the given key. + * + * \param mod_data a module data array + * \param id the mod_data array index + * \param key the key to find + * + * \retval the value associated with the key, NULL otherwise. + */ +#define ast_sip_mod_data_get(mod_data, id, key) \ + ast_sip_dict_get(mod_data[id], key) + +/*! + * \brief Set the value for the given key. + * + * Note - if the hash table does not exist one is created first, the key/value + * pair is set, and the hash table returned. + * + * \param pool the pool to allocate memory in + * \param ht the hash table/dictionary in which to store the key/value pair + * \param key the key to associate a value with + * \param val the value to associate with a key + * + * \retval the given, or newly created, hash table. + */ +void *ast_sip_dict_set(pj_pool_t* pool, void *ht, + const char *key, void *val); + +/*! + * \brief Utilizing a mod_data array for a given id, set the value + * associated with the given key. + * + * For a given structure's mod_data array set the element indexed by id to + * be a dictionary containing the key/val pair. + * + * \param pool a memory allocation pool + * \param mod_data a module data array + * \param id the mod_data array index + * \param key the key to find + * \param val the value to associate with a key + */ +#define ast_sip_mod_data_set(pool, mod_data, id, key, val) \ + mod_data[id] = ast_sip_dict_set(pool, mod_data[id], key, val) + + #endif /* _RES_PJSIP_H */ diff --git a/res/res_pjsip.c b/res/res_pjsip.c index eab9b1403..c102803a2 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -1836,6 +1836,29 @@ int ast_sip_thread_is_servant(void) return *servant_id == SIP_SERVANT_ID; } +void *ast_sip_dict_get(void *ht, const char *key) +{ + unsigned int hval; + + if (!ht) { + return NULL; + } + + return pj_hash_get(ht, key, PJ_HASH_KEY_STRING, &hval); +} + +void *ast_sip_dict_set(pj_pool_t* pool, void *ht, + const char *key, void *val) +{ + if (!ht) { + ht = pj_hash_create(pool, 11); + } + + pj_hash_set(pool, ht, key, PJ_HASH_KEY_STRING, 0, val); + + return ht; +} + static void remove_request_headers(pjsip_endpoint *endpt) { const pjsip_hdr *request_headers = pjsip_endpt_get_request_headers(endpt); diff --git a/res/res_pjsip.exports.in b/res/res_pjsip.exports.in index d896ee60d..5afafc481 100644 --- a/res/res_pjsip.exports.in +++ b/res/res_pjsip.exports.in @@ -70,6 +70,8 @@ LINKER_SYMBOL_PREFIXast_sip_initialize_sorcery_global; LINKER_SYMBOL_PREFIXast_sip_auth_array_init; LINKER_SYMBOL_PREFIXast_sip_auth_array_destroy; + LINKER_SYMBOL_PREFIXast_sip_dict_get; + LINKER_SYMBOL_PREFIXast_sip_dict_set; local: *; }; diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c index cac4c2fc5..54e03f531 100644 --- a/res/res_pjsip_session.c +++ b/res/res_pjsip_session.c @@ -45,6 +45,9 @@ #define SDP_HANDLER_BUCKETS 11 +#define MOD_DATA_ON_RESPONSE "on_response" +#define MOD_DATA_NAT_HOOK "nat_hook" + /* Some forward declarations */ static void handle_incoming_request(struct ast_sip_session *session, pjsip_rx_data *rdata); static void handle_incoming_response(struct ast_sip_session *session, pjsip_rx_data *rdata); @@ -127,7 +130,7 @@ int ast_sip_session_register_sdp_handler(struct ast_sip_session_sdp_handler *han } } AST_LIST_INSERT_TAIL(&handler_list->list, handler, next); - ast_debug(1, "Registered SDP stream handler '%s' for stream type '%s'\n", handler->id, stream_type); + ast_debug(1, "Registered SDP stream handler '%s' for stream type '%s'\n", handler->id, stream_type); ast_module_ref(ast_module_info->self); return 0; } @@ -144,7 +147,7 @@ int ast_sip_session_register_sdp_handler(struct ast_sip_session_sdp_handler *han if (!ao2_link(sdp_handlers, handler_list)) { return -1; } - ast_debug(1, "Registered SDP stream handler '%s' for stream type '%s'\n", handler->id, stream_type); + ast_debug(1, "Registered SDP stream handler '%s' for stream type '%s'\n", handler->id, stream_type); ast_module_ref(ast_module_info->self); return 0; } @@ -925,7 +928,9 @@ void ast_sip_session_send_request_with_cb(struct ast_sip_session *session, pjsip return; } - tdata->mod_data[session_module.id] = on_response; + ast_sip_mod_data_set(tdata->pool, tdata->mod_data, session_module.id, + MOD_DATA_ON_RESPONSE, on_response); + handle_outgoing_request(session, tdata); pjsip_inv_send_msg(session->inv_session, tdata); return; @@ -1641,7 +1646,7 @@ static void reschedule_reinvite(struct ast_sip_session *session, ast_sip_session pjsip_inv_session *inv = session->inv_session; struct reschedule_reinvite_data *rrd = reschedule_reinvite_data_alloc(session, delay); pj_time_val tv; - + if (!rrd || !delay) { return; } @@ -1850,6 +1855,7 @@ static void session_inv_on_new_session(pjsip_inv_session *inv, pjsip_event *e) static void session_inv_on_tsx_state_changed(pjsip_inv_session *inv, pjsip_transaction *tsx, pjsip_event *e) { + ast_sip_session_response_cb cb; struct ast_sip_session *session = inv->mod_data[session_module.id]; print_debug_details(inv, tsx, e); if (!session) { @@ -1904,8 +1910,8 @@ static void session_inv_on_tsx_state_changed(pjsip_inv_session *inv, pjsip_trans handle_incoming_request(session, e->body.tsx_state.src.rdata); } } - if (tsx->mod_data[session_module.id]) { - ast_sip_session_response_cb cb = tsx->mod_data[session_module.id]; + if ((cb = ast_sip_mod_data_get(tsx->mod_data, session_module.id, + MOD_DATA_ON_RESPONSE))) { cb(session, e->body.tsx_state.src.rdata); } case PJSIP_EVENT_TRANSPORT_ERROR: @@ -2073,7 +2079,8 @@ static pjsip_inv_callback inv_callback = { /*! \brief Hook for modifying outgoing messages with SDP to contain the proper address information */ static void session_outgoing_nat_hook(pjsip_tx_data *tdata, struct ast_sip_transport *transport) { - struct ast_sip_nat_hook *hook = tdata->mod_data[session_module.id]; + struct ast_sip_nat_hook *hook = ast_sip_mod_data_get( + tdata->mod_data, session_module.id, MOD_DATA_NAT_HOOK); struct pjmedia_sdp_session *sdp; int stream; @@ -2107,7 +2114,7 @@ static void session_outgoing_nat_hook(pjsip_tx_data *tdata, struct ast_sip_trans } /* We purposely do this so that the hook will not be invoked multiple times, ie: if a retransmit occurs */ - tdata->mod_data[session_module.id] = nat_hook; + ast_sip_mod_data_set(tdata->pool, tdata->mod_data, session_module.id, MOD_DATA_NAT_HOOK, nat_hook); } static int load_module(void) |