From 1ba42a4d8e063abb180014cfa930a76311cdf75b Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Tue, 28 Oct 2014 21:26:20 +0000
Subject: bridge_builtin_features: Add missing channel locks around
 ast_get_chan_features_general_config().

The feature_automonitor() and feature_automixmonitor() functions were not
locking the channel around ast_get_chan_features_general_config().
Accessing the channel datastore list without the channel locked is a good
way to corrupt the list or follow the pointer chain into oblivion.
........

Merged revisions 426531 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@426552 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 bridges/bridge_builtin_features.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'bridges')

diff --git a/bridges/bridge_builtin_features.c b/bridges/bridge_builtin_features.c
index 503de4c33..8ba9a693d 100644
--- a/bridges/bridge_builtin_features.c
+++ b/bridges/bridge_builtin_features.c
@@ -226,7 +226,9 @@ static int feature_automonitor(struct ast_bridge_channel *bridge_channel, void *
 	RAII_VAR(struct ast_channel *, peer_chan, NULL, ast_channel_cleanup);
 	RAII_VAR(struct ast_features_general_config *, features_cfg, NULL, ao2_cleanup);
 
+	ast_channel_lock(bridge_channel->chan);
 	features_cfg = ast_get_chan_features_general_config(bridge_channel->chan);
+	ast_channel_unlock(bridge_channel->chan);
 	ast_bridge_channel_lock_bridge(bridge_channel);
 	peer_chan = ast_bridge_peer_nolock(bridge_channel->bridge, bridge_channel->chan);
 	ast_bridge_unlock(bridge_channel->bridge);
@@ -412,7 +414,9 @@ static int feature_automixmonitor(struct ast_bridge_channel *bridge_channel, voi
 	RAII_VAR(struct ast_channel *, peer_chan, NULL, ast_channel_cleanup);
 	RAII_VAR(struct ast_features_general_config *, features_cfg, NULL, ao2_cleanup);
 
+	ast_channel_lock(bridge_channel->chan);
 	features_cfg = ast_get_chan_features_general_config(bridge_channel->chan);
+	ast_channel_unlock(bridge_channel->chan);
 	ast_bridge_channel_lock_bridge(bridge_channel);
 	peer_chan = ast_bridge_peer_nolock(bridge_channel->bridge, bridge_channel->chan);
 	ast_bridge_unlock(bridge_channel->bridge);
-- 
cgit v1.2.3