Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: c78b9e908b2896efbef3f7b0f9a111c4399ac34a
https://github.com/OpenSIPS/opensips/commit/c78b9e908b2896efbef3f7b0f9a111c4399ac34a
Author: Norm Brandinger <[email protected]>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
M modules/rtpengine/rtpengine.c
Log Message:
-----------
rtpengine: fix use-after-free of flags string in bencode dictionary (#3816)
parse_flags() stores pointers into the pkg-allocated flags_nt.s buffer
via bencode_str() and bencode_dictionary_add_len(), which hold references
(not copies). The buffer was freed via pkg_free() before
send_rtpe_command() serialized the dictionary, causing garbled output
for key=value flags like media-address.
Fix by deferring the free via bencode_buffer_destroy_add(), which
ensures the buffer lives until bencode_buffer_free() is called after
the command is sent.
Fixes: https://github.com/OpenSIPS/opensips/issues/3784
To unsubscribe from these emails, change your notification settings at
https://github.com/OpenSIPS/opensips/settings/notifications
_______________________________________________
Devel mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
