diff options
author | Mark Michelson <mmichelson@digium.com> | 2015-09-10 09:49:45 -0500 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2015-09-10 09:55:00 -0500 |
commit | f1a2e82d49813b83ca9577938305ee6ccbb0c9c5 (patch) | |
tree | 3a5710c747ab1596c8af8d1585dc1ce3fa90b3c0 /res/res_pjsip/config_global.c | |
parent | be3f52a1227bf9cd4dbbb2553661ff6ed1d95c9c (diff) |
res_pjsip: Copy default_from_user to avoid crash.
The default_from_user retrieval function was pulling the
default_from_user from the global configuration struct in an unsafe way.
If using a database as a backend configuration store, the global
configuration struct is short-lived, so grabbing a pointer from it
results in referencing freed memory.
The fix here is to copy the default_from_user value out of the global
configuration struct.
Thanks go to John Hardin for discovering this problem and proposing the
patch on which this fix is based.
ASTERISK-25390 #close
Reported by Mark Michelson
Change-Id: I6b96067a495c1259da768f4012d44e03e7c6148c
Diffstat (limited to 'res/res_pjsip/config_global.c')
-rw-r--r-- | res/res_pjsip/config_global.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/res/res_pjsip/config_global.c b/res/res_pjsip/config_global.c index b348896c8..ef706f0b3 100644 --- a/res/res_pjsip/config_global.c +++ b/res/res_pjsip/config_global.c @@ -182,20 +182,17 @@ unsigned int ast_sip_get_max_initial_qualify_time(void) return time; } -const char *ast_sip_get_default_from_user(void) +void ast_sip_get_default_from_user(char *from_user, size_t size) { - const char *from_user; struct global_config *cfg; cfg = get_global_cfg(); if (!cfg) { - return DEFAULT_FROM_USER; + ast_copy_string(from_user, DEFAULT_FROM_USER, size); + } else { + ast_copy_string(from_user, cfg->default_from_user, size); + ao2_ref(cfg, -1); } - - from_user = cfg->default_from_user; - ao2_ref(cfg, -1); - - return from_user; } /*! |