app_dial may double free a channel datastore

When starting a call with originate, and having the callee channel run Bridge() on pickup, we will double free the dialed_interface_info datastore, causing a crash.  Make sure to check if the datastore still exists before trying to free it.

(closes issue ASTERISK-17917)
Reported by: Mark Murawski
Tested by: Mark Murawski

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@328663 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/apps/app_dial.c b/apps/app_dial.c
index f144d48ea29cff3675c833c760b6fe64ee2b0974..65f5666f2f5ddb80a6b36754fdd814fc470113fd 100644 (file)
--- a/apps/app_dial.c
+++ b/apps/app_dial.c
@@ -2409,7 +2409,8 @@ static int dial_exec_full(struct ast_channel *chan, const char *data, struct ast
         * datastore again, causing a crash
         */
        ast_channel_lock(chan);
-       if (!ast_channel_datastore_remove(chan, datastore)) {
+       datastore = ast_channel_datastore_find(chan, &dialed_interface_info, NULL); /* make sure we weren't cleaned up already */
+       if (datastore && !ast_channel_datastore_remove(chan, datastore)) {
                ast_datastore_free(datastore);
        }
        ast_channel_unlock(chan);