From a1f45147c97128bdbc733b5cfa44b53573cb4619 Mon Sep 17 00:00:00 2001
From: Jonathan Rose <jrose@digium.com>
Date: Tue, 11 Jun 2013 19:44:47 +0000
Subject: [PATCH] bridge_native_rtp: Fix possible segfaults on leaves/joins

native_rtp_bridge_get can return any result from the ast_rtp_glue_result
enumerator and the join/leave functions for bridge_native_rtp seem to assume
that if the result wasn't local that it was remote. Meanwhile forbid can be
returned by that function which can mean certain glue pointers are NULL. Then
when the join/leave functions try to use members of that pointer, boom.
Segfault.


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@391430 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 bridges/bridge_native_rtp.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/bridges/bridge_native_rtp.c b/bridges/bridge_native_rtp.c
index 054d89ca06..ce050c89e5 100644
--- a/bridges/bridge_native_rtp.c
+++ b/bridges/bridge_native_rtp.c
@@ -317,7 +317,8 @@ static int native_rtp_bridge_join(struct ast_bridge *bridge, struct ast_bridge_c
 		glue1->get_codec(c1->chan, cap1);
 	}
 
-	if (native_type == AST_RTP_GLUE_RESULT_LOCAL) {
+	switch (native_type) {
+	case AST_RTP_GLUE_RESULT_LOCAL:
 		if (ast_rtp_instance_get_engine(instance0)->local_bridge) {
 			ast_rtp_instance_get_engine(instance0)->local_bridge(instance0, instance1);
 		}
@@ -326,9 +327,14 @@ static int native_rtp_bridge_join(struct ast_bridge *bridge, struct ast_bridge_c
 		}
 		ast_rtp_instance_set_bridged(instance0, instance1);
 		ast_rtp_instance_set_bridged(instance1, instance0);
-	} else {
+		break;
+
+	case AST_RTP_GLUE_RESULT_REMOTE:
 		glue0->update_peer(c0->chan, instance1, vinstance1, tinstance1, cap1, 0);
 		glue1->update_peer(c1->chan, instance0, vinstance0, tinstance0, cap0, 0);
+		break;
+	case AST_RTP_GLUE_RESULT_FORBID:
+		break;
 	}
 
 	return 0;
@@ -354,7 +360,8 @@ static void native_rtp_bridge_leave(struct ast_bridge *bridge, struct ast_bridge
 
 	native_type = native_rtp_bridge_get(c0->chan, c1 ? c1->chan : NULL, &glue0, &glue1, &instance0, &instance1, &vinstance0, &vinstance1);
 
-	if (native_type == AST_RTP_GLUE_RESULT_LOCAL) {
+	switch (native_type) {
+	case AST_RTP_GLUE_RESULT_LOCAL:
 		if (ast_rtp_instance_get_engine(instance0)->local_bridge) {
 			ast_rtp_instance_get_engine(instance0)->local_bridge(instance0, NULL);
 		}
@@ -365,11 +372,15 @@ static void native_rtp_bridge_leave(struct ast_bridge *bridge, struct ast_bridge
 		if (instance1) {
 			ast_rtp_instance_set_bridged(instance1, instance0);
 		}
-	} else {
+		break;
+	case AST_RTP_GLUE_RESULT_REMOTE:
 		glue0->update_peer(c0->chan, NULL, NULL, NULL, NULL, 0);
 		if (glue1) {
 			glue1->update_peer(c1->chan, NULL, NULL, NULL, NULL, 0);
 		}
+		break;
+	case AST_RTP_GLUE_RESULT_FORBID:
+		break;
 	}
 }
 
-- 
GitLab