From c0d4f1880e0bee6f8a2e283a8333b2b89c543f13 Mon Sep 17 00:00:00 2001
From: Scott Griepentrog <scott@griepentrog.com>
Date: Wed, 6 Sep 2017 17:05:32 -0400
Subject: chan_sip: when getting sip pvt return failure if not found

In handle_request_invite, when processing a pickup, a call
is made to get_sip_pvt_from_replaces to locate the pvt for
the subscription. The pvt is assumed to be valid when zero
is returned indicating no error, and is dereferenced which
can cause a crash if it was not found.

This change checks the not found case and returns -1 which
allows the calling code to fail appropriately.

ASTERISK-27217 #close
Reported-by: Bryan Walters

Change-Id: I6bee92b8b8b85fcac3fd66f8c00ab18bc1765612
---
 channels/chan_sip.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'channels')

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index b19c66915..e862e9d5a 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -18568,6 +18568,11 @@ static int get_sip_pvt_from_replaces(const char *callid, const char *totag,
 		}
 	}
 
+	if (!sip_pvt_ptr) {
+		/* return error if sip_pvt was not found */
+		return -1;
+	}
+
 	/* If we're here sip_pvt_ptr has been copied to *out_pvt, prevent RAII_VAR cleanup */
 	sip_pvt_ptr = NULL;
 
-- 
cgit v1.2.3