ao2 ref leak in res_rtp_asterisk.c when a DTLS policy is created.
The resources are linked into a table, but the original alloc refs
are never released. ast_strdup leak in rtp_engine.c. If
ast_rtp_dtls_cfg_copy() is called twice on the same destination struct,
a pointer to an alloc'd string is overwritten before the string is free'd.
ASTERISK-25022
Reported by: one47
Change-Id: I62a8ceb8679709f6c3769136dc6aa9a68202ff9b
void ast_rtp_dtls_cfg_copy(const struct ast_rtp_dtls_cfg *src_cfg, struct ast_rtp_dtls_cfg *dst_cfg)
{
+ ast_rtp_dtls_cfg_free(dst_cfg); /* Prevent a double-call leaking memory via ast_strdup */
+
dst_cfg->enabled = src_cfg->enabled;
dst_cfg->verify = src_cfg->verify;
dst_cfg->rekey = src_cfg->rekey;
unsigned char *local_key, *local_salt, *remote_key, *remote_salt;
struct ast_srtp_policy *local_policy, *remote_policy = NULL;
struct ast_rtp_instance_stats stats = { 0, };
+ int res = -1;
/* If a fingerprint is present in the SDP make sure that the peer certificate matches it */
if (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_FINGERPRINT) {
}
}
- return 0;
+ res = 0;
error:
+ /* policy->destroy() called even on success to release local reference to these resources */
res_srtp_policy->destroy(local_policy);
if (remote_policy) {
res_srtp_policy->destroy(remote_policy);
}
- return -1;
+ return res;
}
#endif
projects / thirdparty / asterisk.git / commitdiff
