From: Chris Rienzo Date: Mon, 7 Apr 2014 16:37:24 +0000 (-0400) Subject: mod_rayo: fix memory corruption in dial, input, output X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f9262486a540e03627585a391cc361f3df3e229;p=thirdparty%2Ffreeswitch.git mod_rayo: fix memory corruption in dial, input, output --- diff --git a/src/mod/event_handlers/mod_rayo/mod_rayo.c b/src/mod/event_handlers/mod_rayo/mod_rayo.c index 9c9fed2aa8..1f8449a7a2 100644 --- a/src/mod/event_handlers/mod_rayo/mod_rayo.c +++ b/src/mod/event_handlers/mod_rayo/mod_rayo.c @@ -2462,7 +2462,7 @@ static void *SWITCH_THREAD_FUNC rayo_dial_thread(switch_thread_t *thread, void * goto done; } call->dcp_jid = switch_core_strdup(RAYO_POOL(call), dcp_jid); - call->dial_request_id = iks_find_attrib(iq, "id"); + call->dial_request_id = switch_core_strdup(RAYO_POOL(call), iks_find_attrib_soft(iq, "id")); switch_log_printf(SWITCH_CHANNEL_UUID_LOG(rayo_call_get_uuid(call)), SWITCH_LOG_INFO, "%s has control of call\n", dcp_jid); uuid = switch_core_strdup(dtdata->pool, rayo_call_get_uuid(call)); @@ -2571,7 +2571,7 @@ static void *SWITCH_THREAD_FUNC rayo_dial_thread(switch_thread_t *thread, void * if (strncmp("+OK", api_stream.data, strlen("+OK"))) { switch_log_printf(SWITCH_CHANNEL_UUID_LOG(uuid), SWITCH_LOG_INFO, "Failed to originate call\n"); - if (call->dial_request_id) { + if (!zstr(call->dial_request_id)) { call->dial_request_failed = 1; call->dial_request_id = NULL; @@ -2608,7 +2608,7 @@ static void *SWITCH_THREAD_FUNC rayo_dial_thread(switch_thread_t *thread, void * switch_mutex_unlock(RAYO_ACTOR(call)->mutex); } else { switch_mutex_lock(RAYO_ACTOR(call)->mutex); - if (call->dial_request_id) { + if (!zstr(call->dial_request_id)) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "Failed to exec originate API\n"); call->dial_request_failed = 1; call->dial_request_id = NULL; @@ -3140,7 +3140,7 @@ static void on_call_originate_event(struct rayo_client *rclient, switch_event_t switch_log_printf(SWITCH_CHANNEL_UUID_LOG(RAYO_ID(call)), SWITCH_LOG_DEBUG, "Got originate event\n"); switch_mutex_lock(RAYO_ACTOR(call)->mutex); - if (call->dial_request_id) { + if (!zstr(call->dial_request_id)) { /* send response to DCP */ response = iks_new("iq"); iks_insert_attrib(response, "from", RAYO_JID(globals.server)); @@ -3178,7 +3178,7 @@ static void on_call_end_event(switch_event_t *event) switch_log_printf(SWITCH_CHANNEL_UUID_LOG(RAYO_ID(call)), SWITCH_LOG_DEBUG, "Got channel destroy event\n"); switch_mutex_lock(RAYO_ACTOR(call)->mutex); - if (!call->dial_request_id && !call->dial_request_failed) { + if (zstr(call->dial_request_id) && !call->dial_request_failed) { switch_event_dup(&call->end_event, event); RAYO_DESTROY(call); RAYO_UNLOCK(call); /* decrement ref from creation */ diff --git a/src/mod/event_handlers/mod_rayo/rayo_input_component.c b/src/mod/event_handlers/mod_rayo/rayo_input_component.c index acb3decc6b..862c1aaa3c 100644 --- a/src/mod/event_handlers/mod_rayo/rayo_input_component.c +++ b/src/mod/event_handlers/mod_rayo/rayo_input_component.c @@ -604,8 +604,8 @@ static iks *start_call_input(struct input_component *component, switch_core_sess component->barge_event = iks_find_bool_attrib(input, "barge-event"); component->start_timers = iks_find_bool_attrib(input, "start-timers"); component->term_digit = iks_find_char_attrib(input, "terminator"); - component->recognizer = iks_find_attrib(input, "recognizer"); - component->language = iks_find_attrib(input, "language"); + component->recognizer = switch_core_strdup(RAYO_POOL(input), iks_find_attrib_soft(input, "recognizer")); + component->language = switch_core_strdup(RAYO_POOL(input), iks_find_attrib_soft(input, "language")); component->handler = handler; component->speech_mode = strcmp(iks_find_attrib_soft(input, "mode"), "dtmf"); diff --git a/src/mod/event_handlers/mod_rayo/rayo_output_component.c b/src/mod/event_handlers/mod_rayo/rayo_output_component.c index c713450fd1..af426cb225 100644 --- a/src/mod/event_handlers/mod_rayo/rayo_output_component.c +++ b/src/mod/event_handlers/mod_rayo/rayo_output_component.c @@ -76,7 +76,7 @@ static struct rayo_component *create_output_component(struct rayo_actor *actor, output_component->repeat_times = iks_find_int_attrib(output, "repeat-times"); output_component->max_time_ms = iks_find_int_attrib(output, "max-time"); output_component->start_paused = iks_find_bool_attrib(output, "start-paused"); - output_component->renderer = iks_find_attrib(output, "renderer"); + output_component->renderer = switch_core_strdup(RAYO_POOL(actor), iks_find_attrib_soft(output, "renderer")); } else { switch_core_destroy_memory_pool(&pool); } diff --git a/src/mod/event_handlers/mod_rayo/rayo_record_component.c b/src/mod/event_handlers/mod_rayo/rayo_record_component.c index 1f3f3a6850..2dfd817364 100644 --- a/src/mod/event_handlers/mod_rayo/rayo_record_component.c +++ b/src/mod/event_handlers/mod_rayo/rayo_record_component.c @@ -170,7 +170,7 @@ static struct rayo_component *record_component_create(struct rayo_actor *actor, switch_core_new_memory_pool(&pool); record_component = switch_core_alloc(pool, sizeof(*record_component)); - record_component = RECORD_COMPONENT(rayo_component_init(RAYO_COMPONENT(record_component), pool, type, "record", fs_file_path, actor, client_jid));\ + record_component = RECORD_COMPONENT(rayo_component_init(RAYO_COMPONENT(record_component), pool, type, "record", fs_file_path, actor, client_jid)); if (record_component) { record_component->max_duration = iks_find_int_attrib(record, "max-duration"); record_component->initial_timeout = iks_find_int_attrib(record, "initial-timeout");