[svn-commits] mjordan: branch 11 r434291 - /branches/11/channels/chan_iax2.c

Wed, 08 Apr 2015 04:59:56 -0700 

Author: mjordan
Date: Wed Apr  8 06:59:10 2015
New Revision: 434291

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=434291
Log:
chan_iax2: Fix crash caused by unprotected access to iaxs[peer->callno]

This patch fixes an access to the peer callnumber that is unprotected by a
corresponding mutex. The peer->callno value can be changed by multiple threads,
and all data inside the iaxs array must be procted by a corresponding lock
of iaxsl.

The patch moves the unprotected access to a location where the mutex is
safely obtained.

Review: https://reviewboard.asterisk.org/r/4599/

ASTERISK-21211 #close
Reported by: Jaco Kroon
patches:
  asterisk-11.2.1-iax2_poke-segfault.diff submitted by Jaco Kroon (License 5671)

Modified:
    branches/11/channels/chan_iax2.c

Modified: branches/11/channels/chan_iax2.c
URL: 
http://svnview.digium.com/svn/asterisk/branches/11/channels/chan_iax2.c?view=diff&rev=434291&r1=434290&r2=434291
==============================================================================
--- branches/11/channels/chan_iax2.c (original)
+++ branches/11/channels/chan_iax2.c Wed Apr  8 06:59:10 2015
@@ -12447,14 +12447,10 @@
        callno = peer->callno = find_callno(0, 0, &peer_addr, NEW_FORCE, 
peer->sockfd, 0);
        if (heldcall)
                ast_mutex_lock(&iaxsl[heldcall]);
-       if (peer->callno < 1) {
+       if (callno < 1) {
                ast_log(LOG_WARNING, "Unable to allocate call for poking peer 
'%s'\n", peer->name);
                return -1;
        }
-
-       /* Speed up retransmission times for this qualify call */
-       iaxs[peer->callno]->pingtime = peer->maxms / 4 + 1;
-       iaxs[peer->callno]->peerpoke = peer;
 
        if (peer->pokeexpire > -1) {
                if (!AST_SCHED_DEL(sched, peer->pokeexpire)) {
@@ -12476,6 +12472,10 @@
        /* And send the poke */
        ast_mutex_lock(&iaxsl[callno]);
        if (iaxs[callno]) {
+               /* Speed up retransmission times for this qualify call */
+               iaxs[callno]->pingtime = peer->maxms / 4 + 1;
+               iaxs[callno]->peerpoke = peer;
+
                struct iax_ie_data ied = {
                        .buf = { 0 },
                        .pos = 0,


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

svn-commits mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/svn-commits

Reply via email to