From 7a203dc72c204e0d6025c49fadfa62da98826a1b Mon Sep 17 00:00:00 2001
From: Automerge script <automerge@asterisk.org>
Date: Wed, 5 Dec 2012 17:20:37 +0000
Subject: [PATCH] Merged revisions 377260,377263 via svnmerge from
 file:///srv/subversion/repos/asterisk/trunk

................
  r377260 | file | 2012-12-05 10:51:58 -0600 (Wed, 05 Dec 2012) | 25 lines

  Fix a SIP request memory leak with TLS connections.

  During the TLS re-work in chan_sip some TLS specific code was moved
  into a separate function. This function operates on a copy of the
  incoming SIP request. This copy was never deinitialized causing a
  memory leak for each request processed.

  This function is now given a SIP request structure which it can use
  to copy the incoming request into. This reduces the amount of memory
  allocations done since the internal allocated components are reused
  between packets and also ensures the SIP request structure is
  deinitialized when the TLS connection is torn down.

  (closes issue ASTERISK-20763)
  Reported by: deti
  ........

  Merged revisions 377257 from http://svn.asterisk.org/svn/asterisk/branches/1.8
  ........

  Merged revisions 377258 from http://svn.asterisk.org/svn/asterisk/branches/10
  ........

  Merged revisions 377259 from http://svn.asterisk.org/svn/asterisk/branches/11
................
  r377263 | jrose | 2012-12-05 11:17:06 -0600 (Wed, 05 Dec 2012) | 21 lines

  res_srtp: Fix a crash caused by srtp_dealloc on an already dealloced session

  When srtp_create fails, the session may be dealloced or just not alloced. At
  the same time though, the session pointer might not be set to NULL in this
  process and attempting to srtp_dealloc it again will cause a segfault. This
  patch checks for failure of srtp_create and sets the session pointer to NULL
  if it fails.

  (closes issue ASTERISK-20499)
  Reported by: tootai
  Review: https://reviewboard.asterisk.org/r/2228/
  ........

  Merged revisions 377256 from http://svn.asterisk.org/svn/asterisk/branches/1.8
  ........

  Merged revisions 377261 from http://svn.asterisk.org/svn/asterisk/branches/10
  ........

  Merged revisions 377262 from http://svn.asterisk.org/svn/asterisk/branches/11
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/team/mmichelson/threadpool@377270 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_sip.c | 12 ++++++------
 res/res_srtp.c      |  4 ++++
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 3e1e2c45d0..cabc2d14d6 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -2714,10 +2714,10 @@ static int sip_check_authtimeout(time_t start)
  * \retval -1 Failed to read data
  * \retval 0 Succeeded in reading data
  */
-static int sip_tls_read(struct sip_request *req, struct ast_tcptls_session_instance *tcptls_session, int authenticated, time_t start, struct sip_threadinfo *me)
+static int sip_tls_read(struct sip_request *req, struct sip_request *reqcpy, struct ast_tcptls_session_instance *tcptls_session,
+			int authenticated, time_t start, struct sip_threadinfo *me)
 {
 	int res, content_length, after_poll = 1, need_poll = 1;
-	struct sip_request reqcpy = { 0, };
 	char buf[1024] = "";
 	int timeout = -1;
 
@@ -2771,10 +2771,10 @@ static int sip_tls_read(struct sip_request *req, struct ast_tcptls_session_insta
 		}
 		ast_str_append(&req->data, 0, "%s", buf);
 	}
-	copy_request(&reqcpy, req);
-	parse_request(&reqcpy);
+	copy_request(reqcpy, req);
+	parse_request(reqcpy);
 	/* In order to know how much to read, we need the content-length header */
-	if (sscanf(sip_get_header(&reqcpy, "Content-Length"), "%30d", &content_length)) {
+	if (sscanf(sip_get_header(reqcpy, "Content-Length"), "%30d", &content_length)) {
 		while (content_length > 0) {
 			size_t bytes_read;
 			if (!tcptls_session->client && !authenticated) {
@@ -3187,7 +3187,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
 			}
 			req.socket.fd = tcptls_session->fd;
 			if (tcptls_session->ssl) {
-				res = sip_tls_read(&req, tcptls_session, authenticated, start, me);
+				res = sip_tls_read(&req, &reqcpy, tcptls_session, authenticated, start, me);
 			} else {
 				res = sip_tcp_read(&req, tcptls_session, authenticated, start);
 			}
diff --git a/res/res_srtp.c b/res/res_srtp.c
index f651c40675..b9499f8f1c 100644
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -383,6 +383,8 @@ tryagain:
 					retry++;
 					ao2_iterator_destroy(&it);
 					goto tryagain;
+				} else {
+					srtp->session = NULL;
 				}
 				ao2_t_ref(policy, -1, "Unreffing first policy after srtp_create failed");
 			}
@@ -437,6 +439,8 @@ static int ast_srtp_create(struct ast_srtp **srtp, struct ast_rtp_instance *rtp,
 
 	/* Any failures after this point can use ast_srtp_destroy to destroy the instance */
 	if (srtp_create(&temp->session, &policy->sp) != err_status_ok) {
+		/* Session either wasn't created or was created and dealloced. */
+		temp->session = NULL;
 		ast_srtp_destroy(temp);
 		return -1;
 	}
-- 
GitLab