diff options
author | Mark Michelson <mmichelson@digium.com> | 2015-09-10 09:49:45 -0500 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2015-09-10 09:49:45 -0500 |
commit | 9d1f176e292a17e6cda05664fefab62c11761d05 (patch) | |
tree | ae31ea8b180b43d7a5091efdbf9afb5c8b4f2370 /res/res_pjsip.c | |
parent | 16fa1cbb6c082210a2f2da587ad9563674e88da5 (diff) |
res_pjsip: Copy default_from_user to avoid crash.
The default_from_user retrieval function was pulling the
default_from_user from the global configuration struct in an unsafe way.
If using a database as a backend configuration store, the global
configuration struct is short-lived, so grabbing a pointer from it
results in referencing freed memory.
The fix here is to copy the default_from_user value out of the global
configuration struct.
Thanks go to John Hardin for discovering this problem and proposing the
patch on which this fix is based.
ASTERISK-25390 #close
Reported by Mark Michelson
Change-Id: I6b96067a495c1259da768f4012d44e03e7c6148c
Diffstat (limited to 'res/res_pjsip.c')
-rw-r--r-- | res/res_pjsip.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index 7afcb70c4..46edd3150 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -2342,9 +2342,11 @@ static int sip_dialog_create_from(pj_pool_t *pool, pj_str_t *from, const char *u pjsip_sip_uri *sip_uri; pjsip_transport_type_e type = PJSIP_TRANSPORT_UNSPECIFIED; int local_port; + char default_user[PJSIP_MAX_URL_SIZE]; if (ast_strlen_zero(user)) { - user = ast_sip_get_default_from_user(); + ast_sip_get_default_from_user(default_user, sizeof(default_user)); + user = default_user; } /* Parse the provided target URI so we can determine what transport it will end up using */ |