res_pjsip: Copy default_from_user to avoid crash.

The default_from_user retrieval function was pulling the default_from_user from the global configuration struct in an unsafe way. If using a database as a backend configuration store, the global configuration struct is short-lived, so grabbing a pointer from it results in referencing freed memory. The fix here is to copy the default_from_user value out of the global configuration struct. Thanks go to John Hardin for discovering this problem and proposing the patch on which this fix is based. ASTERISK-25390 #close Reported by Mark Michelson Change-Id: I6b96067a495c1259da768f4012d44e03e7c6148c
2025-10-12 15:45:18 +00:00 · 2015-09-10 09:49:45 -05:00
parent 16fa1cbb6c
commit 9d1f176e29
3 changed files with 12 additions and 11 deletions
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -2046,9 +2046,11 @@ char *ast_sip_get_endpoint_identifier_order(void);
 * is no better option (such as an endpoint-configured from_user or
 * caller ID number).
 *
- * \retval The global default_from_user value.
+ * \param[out] from_user The default from user
+ * \param size The buffer size of from_user
+ * \return nothing
 */
-const char *ast_sip_get_default_from_user(void);
+void ast_sip_get_default_from_user(char *from_user, size_t size);

 /*! \brief Determines whether the res_pjsip module is loaded */
 #define CHECK_PJSIP_MODULE_LOADED()				\