From: Damien Wedhorn <voip@facts.com.au>
Date: Sun, 20 Jan 2013 03:06:28 +0000 (+0000)
Subject: Fix issues with skinny sessions
X-Git-Tag: 13.0.0-beta1~2187
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=822f5f5ff1826af11175e5dd026ec35eba443a07;p=thirdparty%2Fasterisk.git

Fix issues with skinny sessions

Fixes a couple of issues with the way skinny handles sessions by ensuring
sessions aren't used after being freed. Some other minor changes.

Review: https://reviewboard.asterisk.org/r/2272/
........

Merged revisions 379582 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@379583 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 4ca5fba448..01ed1b3e89 100644
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -6865,15 +6865,21 @@ static void destroy_session(struct skinnysession *s)
 	AST_LIST_TRAVERSE_SAFE_BEGIN(&sessions, cur, list) {
 		if (cur == s) {
 			AST_LIST_REMOVE_CURRENT(list);
-			if (s->fd > -1)
+			if (s->fd > -1) {
 				close(s->fd);
+			}
 
-			if (!s->device)
-				ast_atomic_fetchadd_int(&unauth_sessions, -1);
+			if (s->device) {
+				s->device->session = NULL;
+			} else {
+ 				ast_atomic_fetchadd_int(&unauth_sessions, -1);
+			}
 
 			ast_mutex_destroy(&s->lock);
 
 			ast_free(s);
+
+			break;
 		}
 	}
 	AST_LIST_TRAVERSE_SAFE_END
@@ -7011,21 +7017,22 @@ static void *skinny_session(void *data)
 		res = get_input(s);
 		if (res < 0) {
 			ast_verb(3, "Ending Skinny session from %s (bad input)\n", ast_inet_ntoa(s->sin.sin_addr));
-			break;
+			destroy_session(s);
+			return NULL;
 		}
 
 		if (res > 0)
 		{
 			if (!(req = skinny_req_parse(s))) {
-				destroy_session(s);
 				ast_verb(3, "Ending Skinny session from %s (failed parse)\n", ast_inet_ntoa(s->sin.sin_addr));
+				destroy_session(s);
 				return NULL;
 			}
 
 			res = handle_message(req, s);
 			if (res < 0) {
-				destroy_session(s);
 				ast_verb(3, "Ending Skinny session from %s\n", ast_inet_ntoa(s->sin.sin_addr));
+				destroy_session(s);
 				return NULL;
 			}
 		}