From e2702177a436339b622b430f2c93dde65a68a5a0 Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Mon, 29 Oct 2012 15:56:13 +0000
Subject: [PATCH] chan_dahdi: Fix segfault dereferencing a NULL tech_pvt.

The tech support customer was using the AMI Redirect action shortly after
a call was placed.  While the channel tried to do an ast_read(), the
masquerade resulting from the channel redirect took place.  The masquerade
in the middle of the ast_read() resulted in the segfault.

(closes issue AST-1025)
Reported by: Trey Blancher
Patches:
      jira_ast_1025_v1.8_v2.patch (license #5621) patch uploaded by rmudgett
........

Merged revisions 375361 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 375362 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 375363 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@375364 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_dahdi.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 85f9f057aa..b69bf3f07c 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -9130,11 +9130,20 @@ static struct ast_frame *dahdi_read(struct ast_channel *ast)
 		CHANNEL_DEADLOCK_AVOIDANCE(ast);
 
 		/*
-		 * For PRI channels, we must refresh the private pointer because
-		 * the call could move to another B channel while the Asterisk
-		 * channel is unlocked.
+		 * Check to see if the channel is still associated with the same
+		 * private structure.  While the Asterisk channel was unlocked
+		 * the following events may have occured:
+		 *
+		 * 1) A masquerade may have associated the channel with another
+		 * technology or private structure.
+		 *
+		 * 2) For PRI calls, call signaling could change the channel
+		 * association to another B channel (private structure).
 		 */
-		p = ast_channel_tech_pvt(ast);
+		if (ast_channel_tech_pvt(ast) != p) {
+			/* The channel is no longer associated.  Quit gracefully. */
+			return &ast_null_frame;
+		}
 	}
 
 	idx = dahdi_get_index(ast, p, 0);
-- 
GitLab