diff options
author | Badalyan Vyacheslav <slavon.net@gmail.com> | 2016-02-10 04:42:11 +0000 |
---|---|---|
committer | Badalyan Vyacheslav <slavon.net@gmail.com> | 2016-02-11 19:59:02 +0000 |
commit | 20e9792fbc7eb8c5ca23936bac7793e2f9be37c3 (patch) | |
tree | b5821cd83d4935cb8083539034b90ded329c94a1 /res/res_phoneprov.c | |
parent | 93e8ed01544bb1b9cba1dc24b06e157e3add9e23 (diff) |
Resources/res_phoneprov: fix memory leak and heap-use-after-free
* heap-use-after-free happens when we free "cfg"
but then use "value" which refers to it
* A memory leak occurs because in some cases
it is not released "defaults"
ASTERISK-25721 #close
Reported by: Badalyan Vyacheslav
Tested by: Badalyan Vyacheslav
Change-Id: I3807d3f4726df6864430ec144cf6265d3f538469
Diffstat (limited to 'res/res_phoneprov.c')
-rw-r--r-- | res/res_phoneprov.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c index b3d14f7b9..df93c5bbc 100644 --- a/res/res_phoneprov.c +++ b/res/res_phoneprov.c @@ -1193,8 +1193,7 @@ static struct ast_http_uri phoneprovuri = { static struct varshead *get_defaults(void) { - struct ast_config *phoneprov_cfg; - struct ast_config *cfg; + struct ast_config *phoneprov_cfg, *cfg = CONFIG_STATUS_FILEINVALID; const char *value; struct ast_variable *v; struct ast_var_t *var; @@ -1233,10 +1232,12 @@ static struct varshead *get_defaults(void) if (!value) { if ((cfg = ast_config_load("sip.conf", config_flags)) && cfg != CONFIG_STATUS_FILEINVALID) { value = ast_variable_retrieve(cfg, "general", "bindport"); - ast_config_destroy(cfg); } } var = ast_var_assign(variable_lookup[AST_PHONEPROV_STD_SERVER_PORT], S_OR(value, "5060")); + if(cfg && cfg != CONFIG_STATUS_FILEINVALID) { + ast_config_destroy(cfg); + } AST_VAR_LIST_INSERT_TAIL(defaults, var); value = ast_variable_retrieve(phoneprov_cfg, "general", pp_general_lookup[AST_PHONEPROV_STD_PROFILE]); @@ -1288,6 +1289,7 @@ static int load_users(void) if (!(cfg = ast_config_load("users.conf", config_flags)) || cfg == CONFIG_STATUS_FILEINVALID) { ast_log(LOG_WARNING, "Unable to load users.conf\n"); + ast_var_list_destroy(defaults); return -1; } @@ -1337,6 +1339,7 @@ static int load_users(void) } } ast_config_destroy(cfg); + ast_var_list_destroy(defaults); return 0; } |