AST-2012-006: Fix crash in UPDATE handling when no channel owner exists

If Asterisk receives a SIP UPDATE request after a call has been terminated and
the channel has been destroyed but before the SIP dialog has been destroyed, a
condition exists where a connected line update would be attempted on a
non-existing channel.  This would cause Asterisk to crash.  The patch resolves
this by first ensuring that the SIP dialog has an owning channel before
attempting a connected line update.  If an UPDATE request is received and no
channel is associated with the dialog, a 481 response is sent.

(closes issue ASTERISK-19770)
Reported by: Thomas Arimont
Tested by: Matt Jordan
Patches:
  ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@363106 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 960af5703519bc961f768fd57c2e2d1a4bf51c05..865016ca8265b0d2f4d19cb432e9d07c06962411 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -22148,6 +22148,10 @@ static int handle_request_update(struct sip_pvt *p, struct sip_request *req)
                transmit_response(p, "501 Method Not Implemented", req);
                return 0;
        }
+       if (!p->owner) {
+               transmit_response(p, "481 Call/Transaction Does Not Exist", req);
+               return 0;
+       }
        if (get_rpid(p, req)) {
                struct ast_party_connected_line connected;
                struct ast_set_party_connected_line update_connected;