Summary:ASTERISK-12898: [patch] peer outboundproxy-ptr is copied to dialog and then freed
Reporter:Marcus Hunger (fnordian)Labels:
Date Opened:2008-10-15 07:51:50Date Closed:2008-10-15 15:45:19
Versions:Frequency of
Environment:Attachments:( 0) 13700.patch
( 1) outboundproxy.patch
create_addr() refs a peer (by using find_peer), copies the peer's outboundproxy ptr to the dialog (create_addr_from_peer -> obproxy_get) and then unrefs the peer.

While freeing the peer, the outboundproxy gets freed too, so as a result the ptr in the dialog shows to unallocated memory. This results in outboundproxy configured by peer not working.


I just tested this with realtime engine, not with static peers configured in sip.conf.
Comments:By: Olle Johansson (oej) 2008-10-15 07:55:28

This is obviouslyt wrong and needs a fix.

By: Leif Madsen (lmadsen) 2008-10-15 07:56:22

oej: is that just a statement, or do you mean you will be looking at this?

By: Leif Madsen (lmadsen) 2008-10-15 07:57:18

Heya putnopvut,

I've assigned this to you for initial triage to determine if you can resolve this issue quickly. If not, please just set this back to acknowledged and unassign from yourself. Thanks!

By: Olle Johansson (oej) 2008-10-15 08:05:00

I guess I no longer have to answer that question :-)

By: Mark Michelson (mmichelson) 2008-10-15 10:50:27

I have uploaded a patch, 13700.patch, which attempts to resolve this problem. The way it works is to make a peer's outboundproxy a reference counted object. This way, as long as a sip_pvt references the outboundproxy, it won't be freed, even if the sip_peer is freed.

Please test this and see if it works correctly for you.

By: Marcus Hunger (fnordian) 2008-10-15 11:18:17

13700.patch worked for me. I did something similar in locking the peer while the outboundproxy-ptr is in use, but did not post it yet, because I had some problems with cancels and there via-tags not matching those of the invite. But that seems to be another issue. I guess yours is matching the chan_sip style more.

By: Digium Subversion (svnbot) 2008-10-15 15:45:17

Repository: asterisk
Revision: 149802

U   trunk/channels/chan_sip.c

r149802 | mmichelson | 2008-10-15 15:45:16 -0500 (Wed, 15 Oct 2008) | 12 lines

Make the sip_proxy struct reference counted. This is
necessary to allow for a sip_pvt to maintain a reference
to a sip_peer's outboundproxy even after the peer has
been freed.

(closes issue ASTERISK-12898)
Reported by: fnordian
     13700.patch uploaded by putnopvut (license 60)
Tested by: fnordian