diff options
author | Richard Mudgett <rmudgett@digium.com> | 2012-09-24 21:15:26 +0000 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2012-09-24 21:15:26 +0000 |
commit | bc090677bc69ec33cc8762842a07237d35cd88f9 (patch) | |
tree | 883906135c1e7fc48a0246d7512740ff1b70f856 /apps | |
parent | f6e0406239a59d25f7b4dba73f791afb04a72958 (diff) |
Fix potential reentrancy problems in chan_sip.
Asterisk v1.8 and later was not as vulnerable to this issue.
* Made find_call() lock each private as it processes the found dialogs.
(Primary cause of ABE-2876)
* Made the other functions that traverse the dialogs container lock each
private as it examines them.
* Fix race condition in sip_call() if the thread that sent the INVITE is
held up long enough for a response to be processed. The p->initid for the
INVITE retransmission could be added after it was canceled by the response
processing.
* Made __sip_destroy() clean up resource pointers after freeing. This is
primarily defensive in case someone has a stale private pointer.
* Removed redundant memset() in reqprep(). The call to init_req() already
does the memset() and is the first reference to req in reqprep().
* Removed useless set of req.method in transmit_invite(). The calls to
initreqprep() and reqprep() have to do this because they memset() the req.
JIRA ABE-2876
..........
Merged -r373423 from https://origsvn.digium.com/svn/asterisk/be/branches/C.3-bier
........
Merged revisions 373424 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 373466 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 373469 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373471 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'apps')
0 files changed, 0 insertions, 0 deletions