From 0a81d3795d3d781a824e9e578b7327daf1afe64e Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Mon, 29 Oct 2012 15:49:22 +0000 Subject: [PATCH] chan_dahdi: Fix segfault dereferencing a NULL tech_pvt. The tech support customer was using the AMI Redirect action shortly after a call was placed. While the channel tried to do an ast_read(), the masquerade resulting from the channel redirect took place. The masquerade in the middle of the ast_read() resulted in the segfault. (closes issue AST-1025) Reported by: Trey Blancher Patches: jira_ast_1025_v1.8_v2.patch (license #5621) patch uploaded by rmudgett git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@375361 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_dahdi.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index fd219707d9..889b92c75c 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -8931,11 +8931,20 @@ static struct ast_frame *dahdi_read(struct ast_channel *ast) CHANNEL_DEADLOCK_AVOIDANCE(ast); /* - * For PRI channels, we must refresh the private pointer because - * the call could move to another B channel while the Asterisk - * channel is unlocked. + * Check to see if the channel is still associated with the same + * private structure. While the Asterisk channel was unlocked + * the following events may have occured: + * + * 1) A masquerade may have associated the channel with another + * technology or private structure. + * + * 2) For PRI calls, call signaling could change the channel + * association to another B channel (private structure). */ - p = ast->tech_pvt; + if (ast->tech_pvt != p) { + /* The channel is no longer associated. Quit gracefully. */ + return &ast_null_frame; + } } idx = dahdi_get_index(ast, p, 0); -- 2.47.3