pjsip: avoid possible crash req_caps allocation failure

Make certain that the pjsip session has not failed to
allocate the format capabilities structure, which can
otherwise cause a crash when referenced.

ASTERISK-25323

Change-Id: I602790ba12714741165e441cc64a3ecde4cb5750

diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 16ed38dd06ec2ec69a4aa6f5e1bd633c47447838..6044ceb7fa48de2a2b7b3e69453d41d8b718b05d 100644 (file)
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -1297,6 +1297,11 @@ struct ast_sip_session *ast_sip_session_alloc(struct ast_sip_endpoint *endpoint,
        session->contact = ao2_bump(contact);
        session->inv_session = inv_session;
        session->req_caps = ast_format_cap_alloc(AST_FORMAT_CAP_FLAG_DEFAULT);
+       if (!session->req_caps) {
+               /* Release the ref held by session->inv_session */
+               ao2_ref(session, -1);
+               return NULL;
+       }
 
        if ((endpoint->dtmf == AST_SIP_DTMF_INBAND) || (endpoint->dtmf == AST_SIP_DTMF_AUTO)) {
                dsp_features |= DSP_FEATURE_DIGIT_DETECT;