From a03f2003589baca56548692372258d26710f1113 Mon Sep 17 00:00:00 2001 From: Corey Farrell Date: Mon, 6 Nov 2017 19:12:13 -0500 Subject: res_pjsip_history: Fix multiple leaks on vector append failure. Change-Id: I41e8d5183ace284095cc721f3b1fb32ade3f940f --- res/res_pjsip_history.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/res/res_pjsip_history.c b/res/res_pjsip_history.c index 4e7dbd007..ed374d605 100644 --- a/res/res_pjsip_history.c +++ b/res/res_pjsip_history.c @@ -705,10 +705,13 @@ static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata) pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr); ast_mutex_lock(&history_lock); - AST_VECTOR_APPEND(&vector_history, entry); + if (AST_VECTOR_APPEND(&vector_history, entry)) { + ao2_ref(entry, -1); + entry = NULL; + } ast_mutex_unlock(&history_lock); - if (log_level != -1) { + if (log_level != -1 && entry) { char line[256]; sprint_list_entry(entry, line, sizeof(line)); @@ -745,10 +748,13 @@ static pj_bool_t history_on_rx_msg(pjsip_rx_data *rdata) } ast_mutex_lock(&history_lock); - AST_VECTOR_APPEND(&vector_history, entry); + if (AST_VECTOR_APPEND(&vector_history, entry)) { + ao2_ref(entry, -1); + entry = NULL; + } ast_mutex_unlock(&history_lock); - if (log_level != -1) { + if (log_level != -1 && entry) { char line[256]; sprint_list_entry(entry, line, sizeof(line)); @@ -959,7 +965,9 @@ static int evaluate_history_entry(struct pjsip_history_entry *entry, struct expr /* If this is not an operator, push it to the stack */ if (!it_queue->op) { - AST_VECTOR_APPEND(&stack, it_queue); + if (AST_VECTOR_APPEND(&stack, it_queue)) { + goto error; + } continue; } @@ -1035,7 +1043,11 @@ static int evaluate_history_entry(struct pjsip_history_entry *entry, struct expr if (!result) { goto error; } - AST_VECTOR_APPEND(&stack, result); + if (AST_VECTOR_APPEND(&stack, result)) { + expression_token_free(result); + + goto error; + } } /* @@ -1056,6 +1068,7 @@ static int evaluate_history_entry(struct pjsip_history_entry *entry, struct expr } result = final->result; ast_free(final); + AST_VECTOR_FREE(&stack); return result; @@ -1098,6 +1111,7 @@ static struct vector_history_t *filter_history(struct ast_cli_args *a) queue = build_expression_queue(a); if (!queue) { + AST_VECTOR_PTR_FREE(output); return NULL; } @@ -1118,7 +1132,9 @@ static struct vector_history_t *filter_history(struct ast_cli_args *a) } else if (!res) { continue; } else { - AST_VECTOR_APPEND(output, ao2_bump(entry)); + if (AST_VECTOR_APPEND(output, ao2_bump(entry))) { + ao2_cleanup(entry); + } } } ast_mutex_unlock(&history_lock); -- cgit v1.2.3