From 9d1f176e292a17e6cda05664fefab62c11761d05 Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Thu, 10 Sep 2015 09:49:45 -0500 Subject: res_pjsip: Copy default_from_user to avoid crash. The default_from_user retrieval function was pulling the default_from_user from the global configuration struct in an unsafe way. If using a database as a backend configuration store, the global configuration struct is short-lived, so grabbing a pointer from it results in referencing freed memory. The fix here is to copy the default_from_user value out of the global configuration struct. Thanks go to John Hardin for discovering this problem and proposing the patch on which this fix is based. ASTERISK-25390 #close Reported by Mark Michelson Change-Id: I6b96067a495c1259da768f4012d44e03e7c6148c --- include/asterisk/res_pjsip.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include/asterisk') diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h index 4f3fadcd8..a36935dd3 100644 --- a/include/asterisk/res_pjsip.h +++ b/include/asterisk/res_pjsip.h @@ -2046,9 +2046,11 @@ char *ast_sip_get_endpoint_identifier_order(void); * is no better option (such as an endpoint-configured from_user or * caller ID number). * - * \retval The global default_from_user value. + * \param[out] from_user The default from user + * \param size The buffer size of from_user + * \return nothing */ -const char *ast_sip_get_default_from_user(void); +void ast_sip_get_default_from_user(char *from_user, size_t size); /*! \brief Determines whether the res_pjsip module is loaded */ #define CHECK_PJSIP_MODULE_LOADED() \ -- cgit v1.2.3