Merged revisions 377260,377263 via svnmerge from

file:///srv/subversion/repos/asterisk/trunk ................ r377260 | file | 2012-12-05 10:51:58 -0600 (Wed, 05 Dec 2012) | 25 lines Fix a SIP request memory leak with TLS connections. During the TLS re-work in chan_sip some TLS specific code was moved into a separate function. This function operates on a copy of the incoming SIP request. This copy was never deinitialized causing a memory leak for each request processed. This function is now given a SIP request structure which it can use to copy the incoming request into. This reduces the amount of memory allocations done since the internal allocated components are reused between packets and also ensures the SIP request structure is deinitialized when the TLS connection is torn down. (closes issue ASTERISK-20763) Reported by: deti ........ Merged revisions 377257 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 377258 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 377259 from http://svn.asterisk.org/svn/asterisk/branches/11 ................ r377263 | jrose | 2012-12-05 11:17:06 -0600 (Wed, 05 Dec 2012) | 21 lines res_srtp: Fix a crash caused by srtp_dealloc on an already dealloced session When srtp_create fails, the session may be dealloced or just not alloced. At the same time though, the session pointer might not be set to NULL in this process and attempting to srtp_dealloc it again will cause a segfault. This patch checks for failure of srtp_create and sets the session pointer to NULL if it fails. (closes issue ASTERISK-20499) Reported by: tootai Review: https://reviewboard.asterisk.org/r/2228/ ........ Merged revisions 377256 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 377261 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 377262 from http://svn.asterisk.org/svn/asterisk/branches/11 ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/team/mmichelson/threadpool@377270 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Automerge script <automerge@asterisk.org> 2012-12-05 17:20:37 +0000
committer: Automerge script <automerge@asterisk.org> 2012-12-05 17:20:37 +0000
commit: 7a203dc72c204e0d6025c49fadfa62da98826a1b (patch)
tree: 2a5ffc6052804b604442ffa8c2f6ea976d0ddf38
parent: 521f9e8dfee50c2d81aa27839c7fce4e5ecda5a0 (diff)
2 files changed, 10 insertions, 6 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 3e1e2c45d..cabc2d14d 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -2714,10 +2714,10 @@ static int sip_check_authtimeout(time_t start)
  * \retval -1 Failed to read data
  * \retval 0 Succeeded in reading data
  */
-static int sip_tls_read(struct sip_request *req, struct ast_tcptls_session_instance *tcptls_session, int authenticated, time_t start, struct sip_threadinfo *me)
+static int sip_tls_read(struct sip_request *req, struct sip_request *reqcpy, struct ast_tcptls_session_instance *tcptls_session,
+			int authenticated, time_t start, struct sip_threadinfo *me)
 {
 	int res, content_length, after_poll = 1, need_poll = 1;
-	struct sip_request reqcpy = { 0, };
 	char buf[1024] = "";
 	int timeout = -1;
 
@@ -2771,10 +2771,10 @@ static int sip_tls_read(struct sip_request *req, struct ast_tcptls_session_insta
 		}
 		ast_str_append(&req->data, 0, "%s", buf);
 	}
-	copy_request(&reqcpy, req);
-	parse_request(&reqcpy);
+	copy_request(reqcpy, req);
+	parse_request(reqcpy);
 	/* In order to know how much to read, we need the content-length header */
-	if (sscanf(sip_get_header(&reqcpy, "Content-Length"), "%30d", &content_length)) {
+	if (sscanf(sip_get_header(reqcpy, "Content-Length"), "%30d", &content_length)) {
 		while (content_length > 0) {
 			size_t bytes_read;
 			if (!tcptls_session->client && !authenticated) {
@@ -3187,7 +3187,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
 			}
 			req.socket.fd = tcptls_session->fd;
 			if (tcptls_session->ssl) {
-				res = sip_tls_read(&req, tcptls_session, authenticated, start, me);
+				res = sip_tls_read(&req, &reqcpy, tcptls_session, authenticated, start, me);
 			} else {
 				res = sip_tcp_read(&req, tcptls_session, authenticated, start);
 			}
diff --git a/res/res_srtp.c b/res/res_srtp.c
index f651c4067..b9499f8f1 100644
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -383,6 +383,8 @@ tryagain:
 					retry++;
 					ao2_iterator_destroy(&it);
 					goto tryagain;
+				} else {
+					srtp->session = NULL;
 				}
 				ao2_t_ref(policy, -1, "Unreffing first policy after srtp_create failed");
 			}
@@ -437,6 +439,8 @@ static int ast_srtp_create(struct ast_srtp **srtp, struct ast_rtp_instance *rtp,
 
 	/* Any failures after this point can use ast_srtp_destroy to destroy the instance */
 	if (srtp_create(&temp->session, &policy->sp) != err_status_ok) {
+		/* Session either wasn't created or was created and dealloced. */
+		temp->session = NULL;
 		ast_srtp_destroy(temp);
 		return -1;
 	}
author	Automerge script <automerge@asterisk.org>	2012-12-05 17:20:37 +0000
committer	Automerge script <automerge@asterisk.org>	2012-12-05 17:20:37 +0000
commit	7a203dc72c204e0d6025c49fadfa62da98826a1b (patch)
tree	2a5ffc6052804b604442ffa8c2f6ea976d0ddf38
parent	521f9e8dfee50c2d81aa27839c7fce4e5ecda5a0 (diff)