Merged revisions 377260,377263 via svnmerge from

file:///srv/subversion/repos/asterisk/trunk ................ r377260 | file | 2012-12-05 10:51:58 -0600 (Wed, 05 Dec 2012) | 25 lines Fix a SIP request memory leak with TLS connections. During the TLS re-work in chan_sip some TLS specific code was moved into a separate function. This function operates on a copy of the incoming SIP request. This copy was never deinitialized causing a memory leak for each request processed. This function is now given a SIP request structure which it can use to copy the incoming request into. This reduces the amount of memory allocations done since the internal allocated components are reused between packets and also ensures the SIP request structure is deinitialized when the TLS connection is torn down. (closes issue ASTERISK-20763) Reported by: deti ........ Merged revisions 377257 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 377258 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 377259 from http://svn.asterisk.org/svn/asterisk/branches/11 ................ r377263 | jrose | 2012-12-05 11:17:06 -0600 (Wed, 05 Dec 2012) | 21 lines res_srtp: Fix a crash caused by srtp_dealloc on an already dealloced session When srtp_create fails, the session may be dealloced or just not alloced. At the same time though, the session pointer might not be set to NULL in this process and attempting to srtp_dealloc it again will cause a segfault. This patch checks for failure of srtp_create and sets the session pointer to NULL if it fails. (closes issue ASTERISK-20499) Reported by: tootai Review: https://reviewboard.asterisk.org/r/2228/ ........ Merged revisions 377256 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 377261 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 377262 from http://svn.asterisk.org/svn/asterisk/branches/11 ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/team/mmichelson/threadpool@377270 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Merged revisions 377260,377263 via svnmerge from
7a203dc7 · Automerge script · 521f9e8d · 7a203dc7 · 7a203dc7
Commit 7a203dc7 authored 12 years ago by Automerge script
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -2714,10 +2714,10 @@ static int sip_check_authtimeout(time_t start)
 * \retval -1 Failed to read data
 * \retval 0 Succeeded in reading data
 */
-static int sip_tls_read(struct sip_request *req, struct ast_tcptls_session_instance *tcptls_session, int authenticated, time_t start, struct sip_threadinfo *me)
+static int sip_tls_read(struct sip_request *req, struct sip_request *reqcpy, struct ast_tcptls_session_instance *tcptls_session,
+			int authenticated, time_t start, struct sip_threadinfo *me)
 {
 	int res, content_length, after_poll = 1, need_poll = 1;
-	struct sip_request reqcpy = { 0, };
 	char buf[1024] = "";
 	int timeout = -1;
  
@@ -2771,10 +2771,10 @@ static int sip_tls_read(struct sip_request *req, struct ast_tcptls_session_insta
 		}
 		ast_str_append(&req->data, 0, "%s", buf);
 	}
-	copy_request(&reqcpy, req);
-	parse_request(&reqcpy);
+	copy_request(reqcpy, req);
+	parse_request(reqcpy);
 	/* In order to know how much to read, we need the content-length header */
-	if (sscanf(sip_get_header(&reqcpy, "Content-Length"), "%30d", &content_length)) {
+	if (sscanf(sip_get_header(reqcpy, "Content-Length"), "%30d", &content_length)) {
 		while (content_length > 0) {
 			size_t bytes_read;
 			if (!tcptls_session->client && !authenticated) {
@@ -3187,7 +3187,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
 			}
 			req.socket.fd = tcptls_session->fd;
 			if (tcptls_session->ssl) {
-				res = sip_tls_read(&req, tcptls_session, authenticated, start, me);
+				res = sip_tls_read(&req, &reqcpy, tcptls_session, authenticated, start, me);
 			} else {
 				res = sip_tcp_read(&req, tcptls_session, authenticated, start);
 			}
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -383,6 +383,8 @@ tryagain:
 					retry++;
 					ao2_iterator_destroy(&it);
 					goto tryagain;
+				} else {
+					srtp->session = NULL;
 				}
 				ao2_t_ref(policy, -1, "Unreffing first policy after srtp_create failed");
 			}
@@ -437,6 +439,8 @@ static int ast_srtp_create(struct ast_srtp **srtp, struct ast_rtp_instance *rtp,

 	/* Any failures after this point can use ast_srtp_destroy to destroy the instance */
 	if (srtp_create(&temp->session, &policy->sp) != err_status_ok) {
+		/* Session either wasn't created or was created and dealloced. */
+		temp->session = NULL;
 		ast_srtp_destroy(temp);
 		return -1;
 	}