kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-19 19:52:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resources/res_phoneprov: fix memory leak and heap-use-after-free

Browse Source 
* heap-use-after-free happens when we free "cfg"
but then use "value" which refers to it

* A memory leak occurs because in some cases
it is not released "defaults"

ASTERISK-25721 #close
Reported by: Badalyan Vyacheslav
Tested by: Badalyan Vyacheslav

Change-Id: I3807d3f4726df6864430ec144cf6265d3f538469
This commit is contained in:
Badalyan Vyacheslav
2016-02-10 04:42:11 +00:00
parent 68643f83cd
commit c4d9f46878
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
res/res_phoneprov.c
View File

@@ -1193,8 +1193,7 @@ static struct ast_http_uri phoneprovuri = {
static struct varshead *get_defaults(void) static struct varshead *get_defaults(void)
{ {
struct ast_config *phoneprov_cfg; struct ast_config *phoneprov_cfg, *cfg = CONFIG_STATUS_FILEINVALID;
struct ast_config *cfg;
const char *value; const char *value;
struct ast_variable *v; struct ast_variable *v;
struct ast_var_t *var; struct ast_var_t *var;
@@ -1233,10 +1232,12 @@ static struct varshead *get_defaults(void)
if (!value) { if (!value) {
if ((cfg = ast_config_load("sip.conf", config_flags)) && cfg != CONFIG_STATUS_FILEINVALID) { if ((cfg = ast_config_load("sip.conf", config_flags)) && cfg != CONFIG_STATUS_FILEINVALID) {
value = ast_variable_retrieve(cfg, "general", "bindport"); value = ast_variable_retrieve(cfg, "general", "bindport");
ast_config_destroy(cfg);
} }
} }
var = ast_var_assign(variable_lookup[AST_PHONEPROV_STD_SERVER_PORT], S_OR(value, "5060")); var = ast_var_assign(variable_lookup[AST_PHONEPROV_STD_SERVER_PORT], S_OR(value, "5060"));
if (cfg && cfg != CONFIG_STATUS_FILEINVALID) {
ast_config_destroy(cfg);
}
AST_VAR_LIST_INSERT_TAIL(defaults, var); AST_VAR_LIST_INSERT_TAIL(defaults, var);
value = ast_variable_retrieve(phoneprov_cfg, "general", pp_general_lookup[AST_PHONEPROV_STD_PROFILE]); value = ast_variable_retrieve(phoneprov_cfg, "general", pp_general_lookup[AST_PHONEPROV_STD_PROFILE]);
@@ -1288,6 +1289,7 @@ static int load_users(void)
if (!(cfg = ast_config_load("users.conf", config_flags)) if (!(cfg = ast_config_load("users.conf", config_flags))
|| cfg == CONFIG_STATUS_FILEINVALID) { || cfg == CONFIG_STATUS_FILEINVALID) {
ast_log(LOG_WARNING, "Unable to load users.conf\n"); ast_log(LOG_WARNING, "Unable to load users.conf\n");
ast_var_list_destroy(defaults);
return -1; return -1;
} }
@@ -1337,6 +1339,7 @@ static int load_users(void)
} }
} }
ast_config_destroy(cfg); ast_config_destroy(cfg);
ast_var_list_destroy(defaults);
return 0; return 0;
} }