chan_sip: when getting sip pvt return failure if not found

In handle_request_invite, when processing a pickup, a call is made to get_sip_pvt_from_replaces to locate the pvt for the subscription. The pvt is assumed to be valid when zero is returned indicating no error, and is dereferenced which can cause a crash if it was not found. This change checks the not found case and returns -1 which allows the calling code to fail appropriately. ASTERISK-27217 #close Reported-by: Bryan Walters Change-Id: I6bee92b8b8b85fcac3fd66f8c00ab18bc1765612
author: Scott Griepentrog <scott@griepentrog.com> 2017-09-06 17:05:32 -0400
committer: Scott Griepentrog <scott@griepentrog.com> 2017-09-06 16:14:15 -0500
commit: 74e4f7ecf1c88d691d487eb79acb8b8264804b52 (patch)
tree: 5eb950d7a0eb252817b3cbb8e195fcffd1a98f98
parent: 47e4cbc3952b08c24e6a22c943442b2382c13861 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index cd5cc0c77..89e1e3d8a 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -18625,6 +18625,11 @@ static int get_sip_pvt_from_replaces(const char *callid, const char *totag,
 		}
 	}
 
+	if (!sip_pvt_ptr) {
+		/* return error if sip_pvt was not found */
+		return -1;
+	}
+
 	/* If we're here sip_pvt_ptr has been copied to *out_pvt, prevent RAII_VAR cleanup */
 	sip_pvt_ptr = NULL;
author	Scott Griepentrog <scott@griepentrog.com>	2017-09-06 17:05:32 -0400
committer	Scott Griepentrog <scott@griepentrog.com>	2017-09-06 16:14:15 -0500
commit	74e4f7ecf1c88d691d487eb79acb8b8264804b52 (patch)
tree	5eb950d7a0eb252817b3cbb8e195fcffd1a98f98
parent	47e4cbc3952b08c24e6a22c943442b2382c13861 (diff)