Summary:ASTERISK-22746: [patch]Crash in chan_dahdi during caller id read
Reporter:Michael Walton (mike@farsouthnet.com)Labels:
Date Opened:2013-10-22 02:57:18Date Closed:2013-11-12 08:56:03.000-0600
Versions:SVN Frequency of
Environment:Ubuntu 10.04Attachments:( 0) chan_dahdi_cid_crash_fix.r401410.patch
Description:Occasional Asterisk core dump during caller id read on analog channel. Further investigation and core dump analysis shows that a negative return value from the read() in my_get_callerid slips through as a negative length argument to callerid_feed() if the errno returned by DAHDI is ELAST. This would likely cause the crash.
Comments:By: Michael Walton (mike@farsouthnet.com) 2013-10-22 09:03:27.906-0500

Patch against chan_dahdi.c r401410

By: Michael Walton (mike@farsouthnet.com) 2013-10-22 09:07:56.076-0500

I've attached a patch against latest chan_dahdi.c that I have tested to work correctly, i.e. prevent the crash. Note also that the callerid_free(p->cs) has been removed, since this is already done in the calling function.