From 31244fc277b0d4a0b8d96feadcc5f2de1b1174f8 Mon Sep 17 00:00:00 2001 From: Corey Farrell Date: Mon, 6 Nov 2017 19:01:38 -0500 Subject: res_pjsip_session: Fix multiple leaks. * Pre-initialize cloned media state vectors to final size to ensure vector errors cannot happen later in the clone initialization. * Release session_media on vector replace failure in ast_sip_session_media_state_add. * Release clone and media_state in ast_sip_session_refresh if we fail to append to the stream topology, return an error. Change-Id: Ib5ffc9b198683fa7e9bf166d74d30c1334c23acb --- res/res_pjsip_session.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) (limited to 'res/res_pjsip_session.c') diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c index 4724d46ce..dda0421b5 100644 --- a/res/res_pjsip_session.c +++ b/res/res_pjsip_session.c @@ -174,7 +174,8 @@ void ast_sip_session_unregister_sdp_handler(struct ast_sip_session_sdp_handler * ao2_callback_data(sdp_handlers, OBJ_KEY | OBJ_UNLINK | OBJ_NODATA, remove_handler, (void *)stream_type, handler); } -struct ast_sip_session_media_state *ast_sip_session_media_state_alloc(void) +static struct ast_sip_session_media_state *internal_sip_session_media_state_alloc( + size_t sessions, size_t read_callbacks) { struct ast_sip_session_media_state *media_state; @@ -183,12 +184,12 @@ struct ast_sip_session_media_state *ast_sip_session_media_state_alloc(void) return NULL; } - if (AST_VECTOR_INIT(&media_state->sessions, DEFAULT_NUM_SESSION_MEDIA) < 0) { + if (AST_VECTOR_INIT(&media_state->sessions, sessions) < 0) { ast_free(media_state); return NULL; } - if (AST_VECTOR_INIT(&media_state->read_callbacks, DEFAULT_NUM_SESSION_MEDIA) < 0) { + if (AST_VECTOR_INIT(&media_state->read_callbacks, read_callbacks) < 0) { AST_VECTOR_FREE(&media_state->sessions); ast_free(media_state); return NULL; @@ -197,6 +198,12 @@ struct ast_sip_session_media_state *ast_sip_session_media_state_alloc(void) return media_state; } +struct ast_sip_session_media_state *ast_sip_session_media_state_alloc(void) +{ + return internal_sip_session_media_state_alloc( + DEFAULT_NUM_SESSION_MEDIA, DEFAULT_NUM_SESSION_MEDIA); +} + void ast_sip_session_media_state_reset(struct ast_sip_session_media_state *media_state) { int index; @@ -225,7 +232,9 @@ struct ast_sip_session_media_state *ast_sip_session_media_state_clone(const stru return NULL; } - cloned = ast_sip_session_media_state_alloc(); + cloned = internal_sip_session_media_state_alloc( + AST_VECTOR_SIZE(&media_state->sessions), + AST_VECTOR_SIZE(&media_state->read_callbacks)); if (!cloned) { return NULL; } @@ -452,7 +461,11 @@ struct ast_sip_session_media *ast_sip_session_media_state_add(struct ast_sip_ses } } - AST_VECTOR_REPLACE(&media_state->sessions, position, session_media); + if (AST_VECTOR_REPLACE(&media_state->sessions, position, session_media)) { + ao2_ref(session_media, -1); + + return NULL; + } /* If this stream will be active in some way and it is the first of this type then consider this the default media session to match */ if (!media_state->default_session[type] && ast_stream_get_state(ast_stream_topology_get_stream(media_state->topology, position)) != AST_STREAM_STATE_REMOVED) { @@ -1588,7 +1601,11 @@ int ast_sip_session_refresh(struct ast_sip_session *session, } ast_stream_set_state(cloned, AST_STREAM_STATE_REMOVED); - ast_stream_topology_append_stream(media_state->topology, cloned); + if (ast_stream_topology_append_stream(media_state->topology, cloned) < 0) { + ast_stream_free(cloned); + ast_sip_session_media_state_free(media_state); + return -1; + } } /* If the resulting media state matches the existing active state don't bother doing a session refresh */ -- cgit v1.2.3