chan_dahdi: Fix segfault dereferencing a NULL tech_pvt.

The tech support customer was using the AMI Redirect action shortly after
a call was placed.  While the channel tried to do an ast_read(), the
masquerade resulting from the channel redirect took place.  The masquerade
in the middle of the ast_read() resulted in the segfault.

(closes issue AST-1025)
Reported by: Trey Blancher
Patches:
      jira_ast_1025_v1.8_v2.patch (license #5621) patch uploaded by rmudgett

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@375361 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index fd219707d9b2823e161bd0de7215a73549006399..889b92c75c5596c48ff20352ed8e49fd21b4d283 100644 (file)
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -8931,11 +8931,20 @@ static struct ast_frame *dahdi_read(struct ast_channel *ast)
                CHANNEL_DEADLOCK_AVOIDANCE(ast);
 
                /*
-                * For PRI channels, we must refresh the private pointer because
-                * the call could move to another B channel while the Asterisk
-                * channel is unlocked.
+                * Check to see if the channel is still associated with the same
+                * private structure.  While the Asterisk channel was unlocked
+                * the following events may have occured:
+                *
+                * 1) A masquerade may have associated the channel with another
+                * technology or private structure.
+                *
+                * 2) For PRI calls, call signaling could change the channel
+                * association to another B channel (private structure).
                 */
-               p = ast->tech_pvt;
+               if (ast->tech_pvt != p) {
+                       /* The channel is no longer associated.  Quit gracefully. */
+                       return &ast_null_frame;
+               }
        }
 
        idx = dahdi_get_index(ast, p, 0);