Module: kamailio Branch: master Commit: 90167403d88f04dd6b84f1c8354c663eba4a2c6b URL: https://github.com/kamailio/kamailio/commit/90167403d88f04dd6b84f1c8354c663eba4a2c6b
Author: Lucian Balaceanu <lucian.balace...@1and1.ro> Committer: Lucian Balaceanu <lucian.balace...@1and1.ro> Date: 2017-01-18T10:44:08+02:00 carrieroute: fix double free related to hash_index - set freed pointer to NULL to avoid double free --- Modified: src/modules/carrierroute/cr_data.c Modified: src/modules/carrierroute/cr_rule.c --- Diff: https://github.com/kamailio/kamailio/commit/90167403d88f04dd6b84f1c8354c663eba4a2c6b.diff Patch: https://github.com/kamailio/kamailio/commit/90167403d88f04dd6b84f1c8354c663eba4a2c6b.patch --- diff --git a/src/modules/carrierroute/cr_data.c b/src/modules/carrierroute/cr_data.c index d84fb07..98ad852 100644 --- a/src/modules/carrierroute/cr_data.c +++ b/src/modules/carrierroute/cr_data.c @@ -589,11 +589,13 @@ static int rule_fixup_recursor(struct dtrie_node_t *node) { if (rr->hash_index > rf->rule_num) { LM_ERR("too large hash index %i, max is %i\n", rr->hash_index, rf->rule_num); shm_free(rf->rules); + rf->rules = NULL; return -1; } if (rf->rules[rr->hash_index - 1]) { LM_ERR("duplicate hash index %i\n", rr->hash_index); shm_free(rf->rules); + rf->rules = NULL; return -1; } rf->rules[rr->hash_index - 1] = rr; diff --git a/src/modules/carrierroute/cr_rule.c b/src/modules/carrierroute/cr_rule.c index 5130b9e..143cedc 100644 --- a/src/modules/carrierroute/cr_rule.c +++ b/src/modules/carrierroute/cr_rule.c @@ -251,6 +251,7 @@ void destroy_route_flags(struct route_flags *rf) { if (rf->rules) { shm_free(rf->rules); + rf->rules = NULL; } rs = rf->rule_list; while (rs != NULL) { _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
