Review Board 1.7.16


res_pjsip_outbound_publish: eventually crashes when no response is ever received

Review Request #4384 - Created Jan. 28, 2015 and submitted

Kevin Harwell
13
ASTERISK-24635
Reviewers
asterisk-dev
Asterisk
When Asterisk attempts to send SIP outbound publish information and no response is ever received (no 200 okay, 412, 423) the system eventually crashes. A response is never received because the system Asterisk is attempting to send publish information to is not available. The underlying pjsip framework attempts to send publish information. After several attempts it calls back into the Asterisk outbound publish code. At this point if the "client->queue" is empty Asterisk attempts to schedule a refresh which utilizes "rdata" and since no response was received the given "rdata" struture is NULL. Attempting to dereference a NULL object of course results in a crash.

This patch re-queues the current message that has not received a response yet (has no "rdata"), thus removing the possibility of the queue being empty and having no "rdata" available. Consequently, in this scenario, the publish refresh is not called and the crash is avoided.
First duplicated the problem by attempting to publish to a non existent system (after a bit Asterisk crashed). After applying the patch using the same setup Asterisk no longer crashed. Also ran the current set of outbound publish testsuite tests to make sure those still passed.
Total:
2
Open:
0
Resolved:
2
Dropped:
0
Status:
From:
Review request changed
Updated (Jan. 30, 2015, 12:23 p.m.)
  • changed from pending to submitted
Committed in revision 431509

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.