From ea7e7cd8ede6503b7d317608edf4f3e7f9eaadb3 Mon Sep 17 00:00:00 2001
From: Matthew Nicholson <mnicholson@digium.com>
Date: Mon, 8 Nov 2010 18:59:20 +0000
Subject: [PATCH] Modify our handling of 491 responses to drop any pending
 reinvite retry scheduler entries if we get a new 491.

This prevents a scheduler entry from leaking if we receive a 491 response when one is pending.  If a scheduler entry leaks, the pvt it is associated my get destroyed before the scheduler entry fires, and then memory corruption and crashes can occur when the scheduled reinvite attempts to access and modify the memory of the destroyed pvt.

ABE-2543


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@294163 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_sip.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index c6d1a8941a..37206448a5 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -13497,6 +13497,14 @@ static void handle_response_invite(struct sip_pvt *p, int resp, char *rest, stru
 				} else {
 					wait = ast_random() % 2000;
 				}
+
+				if (p->waitid != -1) {
+					if (option_debug > 2)
+						ast_log(LOG_DEBUG, "Reinvite race during existing reinvite race. Abandoning previous reinvite retry.\n");
+					AST_SCHED_DEL(sched, p->waitid);
+					p->waitid = -1;
+				}
+
 				p->waitid = ast_sched_add(sched, wait, sip_reinvite_retry, p);
 				if (option_debug > 2)
 					ast_log(LOG_DEBUG, "Reinvite race. Waiting %d secs before retry\n", wait);
-- 
2.47.3