From: Mike Bradeen Date: Tue, 21 Feb 2023 20:25:28 +0000 (-0700) Subject: res_pjsip: Prevent SEGV in pjsip_evsub_send_request X-Git-Tag: 18.17.0-rc1~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=114630279d35eabcef7affdf3c6f9b0b08f6503f;p=thirdparty%2Fasterisk.git res_pjsip: Prevent SEGV in pjsip_evsub_send_request contributed pjproject - patch to check sub->pending_notify in evsub.c:on_tsx_state before calling pjsip_evsub_send_request() res_pjsip_pubsub - change post pjsip 2.13 behavior to use pubsub_on_refresh_timeout to avoid the ao2_cleanup call on the sub_tree. This is is because the final NOTIFY send is no longer the last place the sub_tree is referenced. ASTERISK-30419 Change-Id: Ib5cc662ce578e9adcda312e16c58a10b6453e438 --- diff --git a/res/res_pjsip_pubsub.c b/res/res_pjsip_pubsub.c index c80e267e40..bf07d5a6af 100644 --- a/res/res_pjsip_pubsub.c +++ b/res/res_pjsip_pubsub.c @@ -4137,7 +4137,7 @@ static void pubsub_on_rx_refresh(pjsip_evsub *evsub, pjsip_rx_data *rdata, SUBSCRIBE's 200 OK. The previous solution was to push the NOTIFY, but now pjproject looks for the NOTIFY on send and delays it until after it auto-replies. If the NOTIFY is not there when it looks to send, pjproject will assert. */ - serialized_pubsub_on_refresh_timeout(sub_tree); + pubsub_on_refresh_timeout(sub_tree); #else if (ast_sip_push_task(sub_tree->serializer, serialized_pubsub_on_refresh_timeout, ao2_bump(sub_tree))) { /* If we can't push the NOTIFY refreshing task...we'll just go with it. */ diff --git a/third-party/pjproject/patches/0010-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new-129fb323a66dd1fd16880fe5ba5e6a57.patch b/third-party/pjproject/patches/0010-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new-129fb323a66dd1fd16880fe5ba5e6a57.patch new file mode 100644 index 0000000000..009060a124 --- /dev/null +++ b/third-party/pjproject/patches/0010-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new-129fb323a66dd1fd16880fe5ba5e6a57.patch @@ -0,0 +1,46 @@ +From ac685b30c17be461b2bf5b46a772ed9742b8e985 Mon Sep 17 00:00:00 2001 +From: Riza Sulistyo +Date: Thu, 9 Feb 2023 13:19:23 +0700 +Subject: [PATCH] Make sure that NOTIFY tdata is set before sending it. + +--- + pjsip/src/pjsip-simple/evsub.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/pjsip/src/pjsip-simple/evsub.c b/pjsip/src/pjsip-simple/evsub.c +index da0a9b416..68c1d3951 100644 +--- a/pjsip/src/pjsip-simple/evsub.c ++++ b/pjsip/src/pjsip-simple/evsub.c +@@ -2216,23 +2216,26 @@ static void on_tsx_state_uas( pjsip_evsub *sub, pjsip_transaction *tsx, + } + + } else { + sub->state = old_state; + sub->state_str = old_state_str; + } + + /* Send the pending NOTIFY sent by app from inside + * on_rx_refresh() callback. + */ +- pj_assert(sub->pending_notify); +- status = pjsip_evsub_send_request(sub, sub->pending_notify); +- sub->pending_notify = NULL; ++ //pj_assert(sub->pending_notify); ++ /* Make sure that pending_notify is set. */ ++ if (sub->pending_notify) { ++ status = pjsip_evsub_send_request(sub, sub->pending_notify); ++ sub->pending_notify = NULL; ++ } + + } else if (pjsip_method_cmp(&tsx->method, &pjsip_notify_method)==0) { + + /* Handle authentication */ + if (tsx->state == PJSIP_TSX_STATE_COMPLETED && + (tsx->status_code==401 || tsx->status_code==407)) + { + pjsip_tx_data *tdata; + pj_status_t status; + pjsip_rx_data *rdata = event->body.tsx_state.src.rdata; +-- +2.39.1 +