From: Richard Mudgett <rmudgett@digium.com>
Date: Fri, 30 Sep 2011 22:05:10 +0000 (+0000)
Subject: Fix segfault in analog_ss_thread() not checking ast_read() for NULL.
X-Git-Tag: 1.8.8.0-rc1~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d9b980ab8312ab9adc5b22256c98f4302abf254;p=thirdparty%2Fasterisk.git

Fix segfault in analog_ss_thread() not checking ast_read() for NULL.

NOTE: The problem was reported against v1.6.2.  It is unlikely to ever
happen on v1.8 and above since chan_dahdi.c:analog_ss_thread() is unlikely
to be used.  The version in sig_analog.c has largely replaced it.

(closes issue ASTERISK-18648)
Reported by: Stephan Bosch
Patches:
      jira_asterisk_18648_v1.8.patch (license #5621) patch uploaded by rmudgett
Tested by: Stephan Bosch


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@338800 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 423f5c0cea..8511745c68 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -10610,9 +10610,14 @@ static void *analog_ss_thread(void *data)
 						ast_log(LOG_WARNING, "DTMFCID timed out waiting for ring. "
 							"Exiting simple switch\n");
 						ast_hangup(chan);
-						return NULL;
+						goto quit;
 					}
 					f = ast_read(chan);
+					if (!f) {
+						/* Hangup received waiting for DTMFCID. Exiting simple switch. */
+						ast_hangup(chan);
+						goto quit;
+					}
 					if (f->frametype == AST_FRAME_DTMF) {
 						dtmfbuf[k++] = f->subclass.integer;
 						ast_log(LOG_DEBUG, "CID got digit '%c'\n", f->subclass.integer);