From 92ccffd9e676f04c2959afcc00c1f8739786744f Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Wed, 3 Jun 2015 17:41:23 -0500 Subject: res_pjsip: Prevent access of NULL channels. It is possible to receive incoming requests or responses after the channel on an ast_sip_session has been destroyed and NULLed out. Handlers of these sorts of requests or responses need to be prepared for the possibility that the channel is NULL or else they could cause a crash. While several places have been amended to deal with NULL channels, there were still a couple of places that needed updating. res_pjsip_dtmf_info.c: When handling incoming INFO requests, we need to return early if there is no channel on the session. res_pjsip_session.c: When handling a 302 response, we need to stop the redirecting attempt if there is no channel on the session. ASTERISK-25148 #close reported by Mark Michelson Change-Id: Id1a75ffc3d0eaa168b0b28188fb54d6cf9fc47a9 --- res/res_pjsip_dtmf_info.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'res/res_pjsip_dtmf_info.c') diff --git a/res/res_pjsip_dtmf_info.c b/res/res_pjsip_dtmf_info.c index b6a0b4a1e..78d529c30 100644 --- a/res/res_pjsip_dtmf_info.c +++ b/res/res_pjsip_dtmf_info.c @@ -89,7 +89,13 @@ static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pj char event = '\0'; unsigned int duration = 100; - char is_dtmf = is_media_type(rdata, "dtmf"); + char is_dtmf; + + if (!session->channel) { + return 0; + } + + is_dtmf = is_media_type(rdata, "dtmf"); if (!is_dtmf && !is_media_type(rdata, "dtmf-relay")) { return 0; -- cgit v1.2.3