git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Kevin Harwell <kharwell@digium.com>
	Mon, 19 Oct 2020 22:21:57 +0000 (17:21 -0500)
committer	Kevin Harwell <kharwell@digium.com>
	Thu, 5 Nov 2020 20:28:46 +0000 (15:28 -0500)
commit	1f169177ed8ef5f5c00e54bf669b9e50d4b2463d
tree	af04f3067ae7d576a70adb811cc7c7696d1aea5d	tree
parent	b2e8ac51f8455b27725d99cbf0d158c3655a3c2d	commit \| diff

AST-2020-001 - res_pjsip: Return dialog locked and referenced

pjproject returns the dialog locked and with a reference. However,
in Asterisk the method that handles this decrements the reference
and removes the lock prior to returning. This makes it possible,
under some circumstances, for another thread to free said dialog
before the thread that created it attempts to use it again. Of
course when the thread that created it tries to use a freed dialog
a crash can occur.

This patch makes it so Asterisk now returns the newly created
dialog both locked, and with an added reference. This allows the
caller to de-reference, and unlock the dialog when it is safe to
do so.

In the case of a new SIP Invite the lock, and reference are now
held for the entirety of the new invite handling process.
Otherwise it's possible for the dialog, or its dependent objects,
like the transaction, to disappear. For example if there is a TCP
transport error.

ASTERISK-29057 #close

Change-Id: I5ef645a47829596f402cf383dc02c629c618969e
(cherry picked from commit b87527b000af5e8e28bdc2657f11d4d4a6f07500)

include/asterisk/res_pjsip.h		diff \| blob \| blame \| history
res/res_pjsip.c		diff \| blob \| blame \| history
res/res_pjsip_pubsub.c		diff \| blob \| blame \| history
res/res_pjsip_session.c		diff \| blob \| blame \| history