diff options
| author | Mark Michelson <mmichelson@digium.com> | 2015-04-23 12:54:30 -0500 |
|---|---|---|
| committer | Joshua Colp <jcolp@digium.com> | 2015-04-23 13:08:54 -0500 |
| commit | eabf3b5a3c06535d092f4872c0e733fc72dba061 (patch) | |
| tree | 75e9344bb82995e09d1f01af8dbe3db5fc67a572 /res/res_pjsip_t38.c | |
| parent | a06924e9d960222df5a6862f7a03c45724386ce8 (diff) | |
res_pjsip_t38: Don't crash on authenticated reinvite after originated T.38 FAX.
When Asterisk originates a channel to an application, the channel is
hung up once the application finishes executing. When the application
in question is SendFax, the Asterisk PJSIP code will attempt to reinvite
the T.38 session to audio after the FAX completes. The hangup of the
channel happens in the midst of this reinvite transaction. In most
circumstances, this works out okay because the BYE is delayed until the
reinvite transaction can complete.
However, if the reinvite that Asterisk sends receives a 401/407
response, then Asterisk's attempt to re-send the reinvite with
authentication will fail. This is because the session supplement in
res_pjsip_t38 makes the assumption that the channel on the session will
always be non-NULL. Since the channel has been hung up, though, the
channel is now NULL. Attempting to operate on the channel causes a
crash.
This patch fixes the issue by ensuring that the channel on the session
is not NULL before attempting to mess with the T.38 framehook.
This patch also contains some corrections for comments that were
incorrect and really confused me when I first started looking at the
code.
ASTERISK-25004 #close
Reported by Mark Michelson
Change-Id: Ic5a1230668369dda4bb13524098aed9306ab45a0
Diffstat (limited to 'res/res_pjsip_t38.c')
| -rw-r--r-- | res/res_pjsip_t38.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/res/res_pjsip_t38.c b/res/res_pjsip_t38.c index ac31086a6..06a73cc11 100644 --- a/res/res_pjsip_t38.c +++ b/res/res_pjsip_t38.c @@ -470,6 +470,11 @@ static void t38_attach_framehook(struct ast_sip_session *session) .chan_breakdown_cb = t38_masq, }; + /* If the channel's already gone, bail */ + if (!session->channel) { + return; + } + /* Only attach the framehook if t38 is enabled for the endpoint */ if (!session->endpoint->media.t38.enabled) { return; @@ -504,14 +509,14 @@ static void t38_attach_framehook(struct ast_sip_session *session) ast_channel_unlock(session->channel); } -/*! \brief Function called when an INVITE goes out */ +/*! \brief Function called when an INVITE arrives */ static int t38_incoming_invite_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata) { t38_attach_framehook(session); return 0; } -/*! \brief Function called when an INVITE comes in */ +/*! \brief Function called when an INVITE is sent */ static void t38_outgoing_invite_request(struct ast_sip_session *session, struct pjsip_tx_data *tdata) { t38_attach_framehook(session); |