From c3123956cd2e17ba62a87bf93f53686510430b59 Mon Sep 17 00:00:00 2001
From: Kinsey Moore <kmoore@digium.com>
Date: Wed, 26 Feb 2014 13:45:12 +0000
Subject: PJSIP: Prevent crash if channel has gone away

It is currently possible for an ast_sip_session to exist without an
associated channel as is the case when a new invite is coming in or
just after a hangup is issued on a chan_pjsip channel. Part of the
attended transfer code assumed the channel would be non-NULL and used
it as such causing a crash. This bug was exposed thanks to the attended
transfer ARI test in the test suite.

(closes issue ASTERISK-23287)
Reported by: Matt Jordan
........

Merged revisions 408941 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@408942 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 res/res_pjsip_refer.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'res')

diff --git a/res/res_pjsip_refer.c b/res/res_pjsip_refer.c
index 916cf5eb9..399e9e672 100644
--- a/res/res_pjsip_refer.c
+++ b/res/res_pjsip_refer.c
@@ -421,6 +421,10 @@ static int refer_attended(void *data)
 	RAII_VAR(struct refer_attended *, attended, data, ao2_cleanup);
 	int response = 0;
 
+	if (!attended->transferer_second->channel) {
+		return -1;
+	}
+
 	ast_debug(3, "Performing a REFER attended transfer - Transferer #1: %s Transferer #2: %s\n",
 		ast_channel_name(attended->transferer_chan), ast_channel_name(attended->transferer_second->channel));
 
-- 
cgit v1.2.3