From 0bb0d4a60352fcf0c73df123e53b76cc733de11a Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Tue, 12 May 2015 17:34:45 -0500
Subject: [PATCH] chan_dahdi/sig_pri: Fix crash on ISDN call hangup collision.

If an ISDN call is hungup by both sides at the same time a crash could
happen.

* Added missing NULL checks for the owner channel after calling
pri_queue_pvt_cause_data() in two places.  Code after those calls need to
check the owner channel pointer for NULL before use because
pri_queue_pvt_cause_data() needs to do deadlock avoidance to lock the
owner and the owner may get hung up.

ASTERISK-21893 #close
Reported by:  Alexandr Gordeev

Change-Id: Ica3e266ebc7a894b41d762326f08653e1904bb9a
---
 channels/sig_pri.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/channels/sig_pri.c b/channels/sig_pri.c
index c58a3f3582..71e7e23deb 100644
--- a/channels/sig_pri.c
+++ b/channels/sig_pri.c
@@ -7090,10 +7090,11 @@ static void *pri_dchannel(void *vpri)
 						break;
 					}
 					if (pri->pvts[chanpos]->owner) {
-						int do_hangup = 0;
-
 						snprintf(cause_str, sizeof(cause_str), "PRI PRI_EVENT_HANGUP (%d)", e->hangup.cause);
 						pri_queue_pvt_cause_data(pri, chanpos, cause_str, e->hangup.cause);
+					}
+					if (pri->pvts[chanpos]->owner) {
+						int do_hangup = 0;
 
 						/* Queue a BUSY instead of a hangup if our cause is appropriate */
 						ast_channel_hangupcause_set(pri->pvts[chanpos]->owner, e->hangup.cause);
@@ -7234,10 +7235,11 @@ static void *pri_dchannel(void *vpri)
 					break;
 				}
 				if (pri->pvts[chanpos]->owner) {
-					int do_hangup = 0;
-
 					snprintf(cause_str, sizeof(cause_str), "PRI PRI_EVENT_HANGUP_REQ (%d)", e->hangup.cause);
 					pri_queue_pvt_cause_data(pri, chanpos, cause_str, e->hangup.cause);
+				}
+				if (pri->pvts[chanpos]->owner) {
+					int do_hangup = 0;
 
 					ast_channel_hangupcause_set(pri->pvts[chanpos]->owner, e->hangup.cause);
 					switch (ast_channel_state(pri->pvts[chanpos]->owner)) {
-- 
GitLab