| Summary: | ASTERISK-19031: Asterisk can seg fault on invalid tcptls_session reference | ||
| Reporter: | Matt Jordan (mjordan) | Labels: | |
| Date Opened: | 2011-12-14 08:22:39.000-0600 | Date Closed: | 2012-01-20 14:05:07.000-0600 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/TCP-TLS |
| Versions: | 1.8.7.2 1.8.8.0 10.0.0-rc3 | Frequency of Occurrence | Frequent |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | From the asterisk-dev list: I am not using v1.8 or v10 yet, but I checked the source, and this applies to all versions from 1.6 upwards that I looked at. From v1.6 channels/chan_sip.c create_tcptls_session_fail: if (ca) { ao2_t_ref(ca, -1, "failed to create client, getting rid of client tcptls_session arguments"); } if (s->tcptls_session) { close(tcptls_session->fd); s->fd = tcptls_session->fd = -1; ao2_ref(s->tcptls_session, -1); s->tcptls_session = NULL; } if (th) { ao2_t_unlink(threadt, th, "Removing tcptls thread info object, thread failed to open"); } From v.10 channels/chan_sip.c create_tcptls_session_fail: if (ca) { ao2_t_ref(ca, -1, "failed to create client, getting rid of client tcptls_session arguments"); } if (s->tcptls_session) { ast_tcptls_close_session_file(tcptls_session); s->fd = -1; ao2_ref(s->tcptls_session, -1); s->tcptls_session = NULL; } In both cases above, the references to "tcptls_session" should be referring to "s->tcptls_session". "tcptls_session" is not usefully defined in this scope. | ||
| Comments: | By: Jonathan Rose (jrose) 2012-01-20 14:03:33.673-0600 This issue has already been dealt with in Asterisk 1.8 via r346564. If the original reporter still has trouble with this in Asterisk 1.8, he should make a new issue, preferably with backtraces. | ||