From: Corey Farrell <git@cfware.com>
Date: Sat, 9 Jul 2016 18:32:27 +0000 (-0400)
Subject: chan_sip: Fix reference leaks in error paths.
X-Git-Tag: 13.11.0-rc1~41^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06ba533bc702cd5dde914b8e9473b9d26385b202;p=thirdparty%2Fasterisk.git

chan_sip: Fix reference leaks in error paths.

* get_sip_pvt_from_replaces leaks sip_pvt_ptr on any error.
* build_peer leaks peer on failure to allocate the endpoint.

This patch fixes get_sip_pvt by using an RAII_VAR, build_peer is fixed
with an unref in the appropriate place.

ASTERISK-26184 #close

Change-Id: I728b424648ad041409f7d90880f4c28b3ce2ca12
---

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 7d4cf8722b..c14f8ba075 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -18343,7 +18343,7 @@ static enum sip_get_dest_result get_destination(struct sip_pvt *p, struct sip_re
 static int get_sip_pvt_from_replaces(const char *callid, const char *totag,
 		const char *fromtag, struct sip_pvt **out_pvt, struct ast_channel **out_chan)
 {
-	struct sip_pvt *sip_pvt_ptr;
+	RAII_VAR(struct sip_pvt *, sip_pvt_ptr, NULL, ao2_cleanup);
 	struct sip_pvt tmp_dialog = {
 		.callid = callid,
 	};
@@ -18418,6 +18418,9 @@ static int get_sip_pvt_from_replaces(const char *callid, const char *totag,
 		}
 	}
 
+	/* If we're here sip_pvt_ptr has been copied to *out_pvt, prevent RAII_VAR cleanup */
+	sip_pvt_ptr = NULL;
+
 	return 0;
 }
 
@@ -31031,6 +31034,7 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str
 			return NULL;
 		}
 		if (!(peer->endpoint = ast_endpoint_create("SIP", name))) {
+			ao2_t_ref(peer, -1, "failed to allocate endpoint, drop peer");
 			return NULL;
 		}
 		if (!(peer->caps = ast_format_cap_alloc(AST_FORMAT_CAP_FLAG_DEFAULT))) {