diff options
| author | Richard Mudgett <rmudgett@digium.com> | 2012-05-25 16:33:31 +0000 |
|---|---|---|
| committer | Richard Mudgett <rmudgett@digium.com> | 2012-05-25 16:33:31 +0000 |
| commit | 2d418b596cee6c1632e8a0f3e07a2e345dc3c98d (patch) | |
| tree | 42282677df211c81306f53d5ac95726f26d238f7 | |
| parent | 2eff35bafa161be155019c9186b7aa9e26e22aad (diff) | |
AST-2012-007: Fix IAX receiving HOLD without suggested MOH class crash.
* Made schedule_delivery() set the received frame f->data.ptr to NULL if
the datalen is zero.
* Fix queue_signalling() memcpy() size error.
* Made queue_signalling() not use C++ keyword variable names.
(closes issue ASTERISK-19597)
Reported by: mgrobecker
Patches:
jira_asterisk_19597_v1.8.patch (license #5621) patch uploaded by rmudgett
Tested by: rmudgett, Michael L. Young
........
Merged revisions 367781 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 367782 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@367783 65c4cc65-6c06-0410-ace0-fbb531ad65f3
| -rw-r--r-- | channels/chan_iax2.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index c88cd4dd4..a50289b21 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -1918,24 +1918,25 @@ static void send_signaling(struct chan_iax2_pvt *pvt) * we have received a destination call number. */ static int queue_signalling(struct chan_iax2_pvt *pvt, struct ast_frame *f) { - struct signaling_queue_entry *new; + struct signaling_queue_entry *qe; if (f->frametype == AST_FRAME_IAX || !pvt->hold_signaling) { return 1; /* do not queue this frame */ - } else if (!(new = ast_calloc(1, sizeof(struct signaling_queue_entry)))) { + } else if (!(qe = ast_calloc(1, sizeof(struct signaling_queue_entry)))) { return -1; /* out of memory */ } - memcpy(&new->f, f, sizeof(new->f)); /* copy ast_frame into our queue entry */ - - if (new->f.datalen) { /* if there is data in this frame copy it over as well */ - if (!(new->f.data.ptr = ast_calloc(1, new->f.datalen))) { - free_signaling_queue_entry(new); + /* copy ast_frame into our queue entry */ + qe->f = *f; + if (qe->f.datalen) { + /* if there is data in this frame copy it over as well */ + if (!(qe->f.data.ptr = ast_malloc(qe->f.datalen))) { + free_signaling_queue_entry(qe); return -1; } - memcpy(new->f.data.ptr, f->data.ptr, sizeof(*new->f.data.ptr)); + memcpy(qe->f.data.ptr, f->data.ptr, qe->f.datalen); } - AST_LIST_INSERT_TAIL(&pvt->signaling_queue, new, next); + AST_LIST_INSERT_TAIL(&pvt->signaling_queue, qe, next); return 0; } @@ -4153,6 +4154,15 @@ static int schedule_delivery(struct iax_frame *fr, int updatehistory, int fromtr struct ast_channel *owner = NULL; struct ast_channel *bridge = NULL; + /* + * Clear fr->af.data if there is no data in the buffer. Things + * like AST_CONTROL_HOLD without a suggested music class must + * have a NULL pointer. + */ + if (!fr->af.datalen) { + memset(&fr->af.data, 0, sizeof(fr->af.data)); + } + /* Attempt to recover wrapped timestamps */ unwrap_timestamp(fr); |