From: Kinsey Moore <kmoore@digium.com>
Date: Wed, 26 Feb 2014 13:33:52 +0000 (+0000)
Subject: PJSIP: Prevent crash if channel has gone away
X-Git-Tag: 12.2.0-rc1~128
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4dfffc124e4219edaed918197130af106e69c50;p=thirdparty%2Fasterisk.git

PJSIP: Prevent crash if channel has gone away

It is currently possible for an ast_sip_session to exist without an
associated channel as is the case when a new invite is coming in or
just after a hangup is issued on a chan_pjsip channel. Part of the
attended transfer code assumed the channel would be non-NULL and used
it as such causing a crash. This bug was exposed thanks to the attended
transfer ARI test in the test suite.

(closes issue ASTERISK-23287)
Reported by: Matt Jordan


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@408941 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/res/res_pjsip_refer.c b/res/res_pjsip_refer.c
index 916cf5eb94..399e9e6720 100644
--- a/res/res_pjsip_refer.c
+++ b/res/res_pjsip_refer.c
@@ -421,6 +421,10 @@ static int refer_attended(void *data)
 	RAII_VAR(struct refer_attended *, attended, data, ao2_cleanup);
 	int response = 0;
 
+	if (!attended->transferer_second->channel) {
+		return -1;
+	}
+
 	ast_debug(3, "Performing a REFER attended transfer - Transferer #1: %s Transferer #2: %s\n",
 		ast_channel_name(attended->transferer_chan), ast_channel_name(attended->transferer_second->channel));