From dbc359801483e0b793661d5c39166a44538d9785 Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Fri, 17 Feb 2017 14:58:28 -0600 Subject: Remove extra ast_iostream_close() calls. When AMI encounters an error at the beginning of a session, it would explicitly call ast_iostream_close() on its tcptls session's iostream. It then would jump to a label where it would shut down the tcptls session instance. The tcptls session instance would again attempt to close the iostream. Under normal circumstances, this might go by unnoticed. However, when MALLOC_DEBUG is enabled, all fields on the iostream get set to 0xdeaddead when the iostream is freed. Thus a second call to ast_iostream_close() after the iostream has been freed would reslt in an attempt to call SSL_shutdown on 0xdeaddead, which would crash and burn horribly. The fix here is to not directly close the iostream from the dangerous scenarios. The specific scenarios are: * Exceeding the configured authlimit * Failing to build a mansession on a new connection Change-Id: I908f98d516afd5a263bd36b072221008a4731acd --- main/manager.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'main/manager.c') diff --git a/main/manager.c b/main/manager.c index a25497fd3..f11c8dca4 100644 --- a/main/manager.c +++ b/main/manager.c @@ -6629,7 +6629,6 @@ static void *session_do(void *data) struct ast_sockaddr ser_remote_address_tmp; if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) { - ast_iostream_close(ser->stream); ast_atomic_fetchadd_int(&unauth_sessions, -1); goto done; } @@ -6638,7 +6637,6 @@ static void *session_do(void *data) session = build_mansession(&ser_remote_address_tmp); if (session == NULL) { - ast_iostream_close(ser->stream); ast_atomic_fetchadd_int(&unauth_sessions, -1); goto done; } -- cgit v1.2.3