From 39d3e1ef6e4ab4a5fd64418a01bd1a3cedef699e Mon Sep 17 00:00:00 2001 From: Matt Jordan Date: Wed, 29 Apr 2015 16:15:43 -0500 Subject: main/rtp_engine: Fix DTLS double-free introduced by 0b6410c4f8 The patch in 0b6410c4f8 did correctly fix a memory leak of the DTLS structures in the RTP engine. However, when a 'core reload' is issued, a double free of the memory pointed to by the char *'s in the DTLS configuration struct can occur, as ast_rtp_dtls_cfg_free does not set the pointers to NULL when they are freed. This patch sets those pointers to NULL, preventing a second call to ast_rtp_dtls_cfg_free from corrupting memory. ASTERISK-25022 Change-Id: I820471e6070a37e3c26f760118c86770e12f6115 --- main/rtp_engine.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'main') diff --git a/main/rtp_engine.c b/main/rtp_engine.c index 9c9ad4e7b..aa91b7da4 100644 --- a/main/rtp_engine.c +++ b/main/rtp_engine.c @@ -1677,10 +1677,15 @@ void ast_rtp_dtls_cfg_copy(const struct ast_rtp_dtls_cfg *src_cfg, struct ast_rt void ast_rtp_dtls_cfg_free(struct ast_rtp_dtls_cfg *dtls_cfg) { ast_free(dtls_cfg->certfile); + dtls_cfg->certfile = NULL; ast_free(dtls_cfg->pvtfile); + dtls_cfg->pvtfile = NULL; ast_free(dtls_cfg->cipher); + dtls_cfg->cipher = NULL; ast_free(dtls_cfg->cafile); + dtls_cfg->cafile = NULL; ast_free(dtls_cfg->capath); + dtls_cfg->capath = NULL; } /*! \internal -- cgit v1.2.3