Module: kamailio Branch: master Commit: a71bd9d9424456ef1167468c5bbbfd38b1099e89 URL: https://github.com/kamailio/kamailio/commit/a71bd9d9424456ef1167468c5bbbfd38b1099e89
Author: Rick Barenthin <r...@ng-voice.com> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2024-07-25T12:20:59+02:00 cdp: fix use after free in transaction call backs If the traction is set to auto drop, the memory will be freed and with it the next pointer. --- Modified: src/modules/cdp/transaction.c --- Diff: https://github.com/kamailio/kamailio/commit/a71bd9d9424456ef1167468c5bbbfd38b1099e89.diff Patch: https://github.com/kamailio/kamailio/commit/a71bd9d9424456ef1167468c5bbbfd38b1099e89.patch --- diff --git a/src/modules/cdp/transaction.c b/src/modules/cdp/transaction.c index f1445ff15be..a2b97654dd0 100644 --- a/src/modules/cdp/transaction.c +++ b/src/modules/cdp/transaction.c @@ -256,10 +256,11 @@ int cdp_trans_timer(time_t now, void *ptr) /* do all queued callbacks */ x = cb_queue->head; while(x) { + n = x->next; (x->cb)(1, *(x->ptr), 0, (now - x->expires)); if(x->auto_drop) cdp_free_trans(x); - x = x->next; + x = n; } pkg_free(cb_queue); _______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
