Fix a race condition where a reinvite could trigger a 482 response.

The loop detection/spiral detection code in chan_sip used the owner
channel's state as a criterion for determining if the incoming INVITE
is a looped request. The problem with this is that the INVITE-handling
code happens in a different thread than the thread that marks the owner
channel as being up. As a result, if a reinvite were to come in very quickly,
say from another Asterisk on the same LAN, it was possible for the reinvite
to arrive before the owner channel had been set to the up state.

This patch corrects the problem by using the invitestate of the sip_pvt
instead, since that can be guaranteed to be set correctly by the time
the reinvite arrives. Since there is a switch statement further in the
INVITE-handling code, the AST_STATE_RINGING state also checks the invitestate
of the sip_pvt in case we should actually be treating the channel as if it were
up already.

(closes issue #12215)
Reported by: jpyle
Patches:
      12215_confirmed.patch uploaded by mmichelson (license 60)
Tested by: lmadsen

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@194484 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index f744e073b3e1fc7070bb95183612c16595c2a997..b1358175ae191905961d60ec1ad1c031f741bcf2 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -14395,7 +14395,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int
        }
 
        /* Check if this is a loop */
-       if (ast_test_flag(&p->flags[0], SIP_OUTGOING) && p->owner && (p->owner->_state != AST_STATE_UP)) {
+       if (ast_test_flag(&p->flags[0], SIP_OUTGOING) && p->owner && (p->invitestate != INV_TERMINATED && p->invitestate != INV_CONFIRMED)) {
                /* This is a call to ourself.  Send ourselves an error code and stop
                processing immediately, as SIP really has no good mechanism for
                being able to call yourself */
@@ -14824,9 +14824,21 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int
                        p->invitestate = INV_PROCEEDING;
                        break;
                case AST_STATE_RINGING:
-                       transmit_response(p, "180 Ringing", req);
-                       p->invitestate = INV_PROCEEDING;
-                       break;
+                       if (reinvite && (p->invitestate == INV_TERMINATED || p->invitestate == INV_CONFIRMED)) {
+                       /* If these conditions are true, and the channel is still in the 'ringing'
+                        * state, then this likely means that we have a situation where the initial
+                        * INVITE transaction has completed *but* the channel's state has not yet been
+                        * changed to UP. The reason this could happen is if the reinvite is received
+                        * on the SIP socket prior to an application calling ast_read on this channel
+                        * to read the answer frame we earlier queued on it. In this case, the reinvite
+                        * is completely legitimate so we need to handle this the same as if the channel 
+                        * were already UP. Thus we are purposely falling through to the AST_STATE_UP case.
+                        */
+                       } else {
+                               transmit_response(p, "180 Ringing", req);
+                               p->invitestate = INV_PROCEEDING;
+                               break;
+                       }
                case AST_STATE_UP:
                        if (option_debug > 1)
                                ast_log(LOG_DEBUG, "%s: This call is UP.... \n", c->name);