diff options
| author | Kevin Harwell <kharwell@digium.com> | 2013-11-12 16:49:17 +0000 |
|---|---|---|
| committer | Kevin Harwell <kharwell@digium.com> | 2013-11-12 16:49:17 +0000 |
| commit | 12a0edac6956e79503def0c8949823d8586c440a (patch) | |
| tree | 2043f6bf7703ae161ae7f56bc7b4729990adbbd0 /res | |
| parent | 4f61528fbabbaf08886489ae6d93efb5c75e4dfb (diff) | |
pjsip_messaging, pjsip_header_funcs: Crashes due to NULL pointer dereferences
Both res_pjsip_messaging and res_pjsip_header_funcs were causing asterisk to
crash because they were trying to dereference a NULL pointer.
In the case of res_pjsip_messaging it was attempting to "print" a contact
header that did not exist. In fact contact headers should not be part of
a SIP MESSAGE, so the offending code was simply removed.
In the case of res_pjsip_header_funcs a null private channel tech was being
passed to the function and then later dereferenced. Added null checks (and
error logging) to the read/write function handlers to guard against crashing.
(closes issue ASTERISK-22821)
Reported by: Anthony Messina
........
Merged revisions 402757 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@402758 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res')
| -rw-r--r-- | res/res_pjsip_header_funcs.c | 10 | ||||
| -rw-r--r-- | res/res_pjsip_messaging.c | 10 |
2 files changed, 12 insertions, 8 deletions
diff --git a/res/res_pjsip_header_funcs.c b/res/res_pjsip_header_funcs.c index 7425d8f59..11ab44c10 100644 --- a/res/res_pjsip_header_funcs.c +++ b/res/res_pjsip_header_funcs.c @@ -452,6 +452,11 @@ static int func_read_header(struct ast_channel *chan, const char *function, char AST_APP_ARG(header_name); AST_APP_ARG(header_number);); AST_STANDARD_APP_ARGS(args, data); + if (!channel) { + ast_log(LOG_ERROR, "This function requires a PJSIP channel.\n"); + return -1; + } + if (ast_strlen_zero(args.action)) { ast_log(AST_LOG_ERROR, "This function requires an action.\n"); return -1; @@ -506,6 +511,11 @@ static int func_write_header(struct ast_channel *chan, const char *cmd, char *da AST_APP_ARG(header_name); AST_APP_ARG(header_number);); AST_STANDARD_APP_ARGS(args, data); + if (!channel) { + ast_log(LOG_ERROR, "This function requires a PJSIP channel.\n"); + return -1; + } + if (ast_strlen_zero(args.action)) { ast_log(AST_LOG_ERROR, "This function requires an action.\n"); return -1; diff --git a/res/res_pjsip_messaging.c b/res/res_pjsip_messaging.c index c2dea7f19..b66ee0b11 100644 --- a/res/res_pjsip_messaging.c +++ b/res/res_pjsip_messaging.c @@ -431,15 +431,9 @@ static enum pjsip_status_code rx_data_to_ast_msg(pjsip_rx_data *rdata, struct as CHECK_RES(ast_msg_set_from(msg, "%s", buf)); } - /* contact header */ - if ((size = pjsip_hdr_print_on(pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL), buf, sizeof(buf)-1)) > 0) { - buf[size] = '\0'; - CHECK_RES(ast_msg_set_var(msg, "SIP_FULLCONTACT", buf)); - } - /* receive address */ field = pj_sockaddr_print(&rdata->pkt_info.src_addr, buf, sizeof(buf)-1, 1); - CHECK_RES(ast_msg_set_var(msg, "SIP_RECVADDR", field)); + CHECK_RES(ast_msg_set_var(msg, "PJSIP_RECVADDR", field)); /* body */ if (print_body(rdata, buf, sizeof(buf) - 1) > 0) { @@ -448,7 +442,7 @@ static enum pjsip_status_code rx_data_to_ast_msg(pjsip_rx_data *rdata, struct as /* endpoint name */ if (endpt->id.self.name.valid) { - CHECK_RES(ast_msg_set_var(msg, "SIP_PEERNAME", endpt->id.self.name.str)); + CHECK_RES(ast_msg_set_var(msg, "PJSIP_PEERNAME", endpt->id.self.name.str)); } CHECK_RES(headers_to_vars(rdata, msg)); |