res_pjsip: Prevent access of NULL channels.

It is possible to receive incoming requests or responses after the channel on an ast_sip_session has been destroyed and NULLed out. Handlers of these sorts of requests or responses need to be prepared for the possibility that the channel is NULL or else they could cause a crash. While several places have been amended to deal with NULL channels, there were still a couple of places that needed updating. res_pjsip_dtmf_info.c: When handling incoming INFO requests, we need to return early if there is no channel on the session. res_pjsip_session.c: When handling a 302 response, we need to stop the redirecting attempt if there is no channel on the session. ASTERISK-25148 #close reported by Mark Michelson Change-Id: Id1a75ffc3d0eaa168b0b28188fb54d6cf9fc47a9
2015-06-03 17:41:23 -05:00 · 2015-06-03 17:41:23 -05:00 · 92ccffd9e6
parent d355ee7ff3
commit 92ccffd9e6
2 changed files with 11 additions and 1 deletions
--- a/res/res_pjsip_dtmf_info.c
+++ b/res/res_pjsip_dtmf_info.c
@ -89,7 +89,13 @@ static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pj
 	char event = '\0';
 	unsigned int duration = 100;

-	char is_dtmf = is_media_type(rdata, "dtmf");
+	char is_dtmf;
+
+	if (!session->channel) {
+		return 0;
+	}
+
+	is_dtmf = is_media_type(rdata, "dtmf");

 	if (!is_dtmf && !is_media_type(rdata, "dtmf-relay")) {
 		return 0;
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@ -2627,6 +2627,10 @@ static pjsip_redirect_op session_inv_on_redirected(pjsip_inv_session *inv, const
 	struct ast_sip_session *session = inv->mod_data[session_module.id];
 	const pjsip_sip_uri *uri;

+	if (!session->channel) {
+		return PJSIP_REDIRECT_STOP;
+	}
+
 	if (session->endpoint->redirect_method == AST_SIP_REDIRECT_URI_PJSIP) {
 		return PJSIP_REDIRECT_ACCEPT;
 	}