git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Richard Mudgett <rmudgett@digium.com>
	Tue, 17 Feb 2015 15:34:10 +0000 (15:34 +0000)
committer	Kevin Harwell <kharwell@digium.com>
	Tue, 2 Jun 2015 17:37:42 +0000 (12:37 -0500)
commit	c994a3bfa0bb316bb2c7c8526504d5adf3bf43c8
tree	72e03b0ca28c09f893ce1eaa5f64ec2ead3ec6eb	tree
parent	a159e08d152e6e0400903c809a353c3493f58e23	commit \| diff

res_pjsip_refer: Fix crash from a REFER and BYE collision.

Analyzing a one-off crash on a busy system showed that processing a REFER
request had a NULL session channel pointer. The only way I can think of
that could cause this is if an outgoing BYE transaction overlapped the
incoming REFER transaction in a collision. Asterisk sends a BYE while the
phone sends a REFER to complete an attended transfer.

* Made check the session channel pointer before processing an incoming
REFER request in res_pjsip_refer.

* Fixed similar crash potential for res_pjsip supplement incoming request
processing for res_pjsip_sdp_rtp INFO, res_pjsip_caller_id INVITE/UPDATE,
res_pjsip_messaging MESSAGE, and res_pjsip_send_to_voicemail REFER
messages.

* Made res_pjsip_messaging respond to a message body too large with a 413
instead of ignoring it.

ASTERISK-24700 #close
Reported by: Zane Conkle

Review: https://reviewboard.asterisk.org/r/4417/
........

Merged revisions 431898 from http://svn.asterisk.org/svn/asterisk/branches/13

Change-Id: I57878adc0846dd942a699ad36dcec9cba5e57994

res/res_pjsip_caller_id.c		diff \| blob \| blame \| history
res/res_pjsip_messaging.c		diff \| blob \| blame \| history
res/res_pjsip_refer.c		diff \| blob \| blame \| history
res/res_pjsip_sdp_rtp.c		diff \| blob \| blame \| history
res/res_pjsip_send_to_voicemail.c		diff \| blob \| blame \| history