Review Board 1.7.16


res_pjsip_refer: Fix crash from a REFER and BYE collision.

Review Request #4417 - Created Feb. 13, 2015 and submitted

rmudgett
13
ASTERISK-24700
Reviewers
asterisk-dev
Asterisk
Analyzing a one off crash on a busy system showed that processing a REFER
request had a NULL session channel pointer.  The only way I can think of
that could cause this is if an outgoing BYE transaction overlapped the
incoming REFER transaction in a collision.  Asterisk sends a BYE while the
phone sends a REFER to complete an attended transfer.

* Made check the session channel pointer before processing an incoming
REFER request in res_pjsip_refer.

* Fixed similar crash potential for res_pjsip supplement incoming request
processing for res_pjsip_sdp_rtp INFO, res_pjsip_caller_id INVITE/UPDATE,
res_pjsip_messaging MESSAGE, and res_pjsip_send_to_voicemail REFER
messages.

* Made res_pjsip_messaging respond to a message body too large with a 413
instead of ignoring it.
Since this is a very timing dependent problem, I made some calls and did an attended transfer for a warm fuzzy that nothing serious broke.
Review request changed
Updated (Feb. 17, 2015, 10:25 a.m.)
  • changed from pending to submitted
Committed in revision 431915

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.