Update for 15.1.3

chan_skinny creates a new thread for each new session.  In trying
to be a good cleanup citizen, the threads are joinable and the
unload_module function does a pthread_cancel() and a pthread_join()
on any sessions that are active at that time.  This has an
unintended side effect though. Since you can call pthread_join on a
thread that's already terminated, pthreads keeps the thread's
storage around until you explicitly call pthread_join (or
pthread_detach()).   Since only the module_unload function was
calling pthread_join, and even then only on the ones active at the
tme, the storage for every thread/session ever created sticks
around until asterisk exits.

* A thread can detach itself so the session_destroy() function
  now calls pthread_detach() just before it frees the session
  memory allocation.  The module_unload function still takes care
  of the ones that are still active should the module be unloaded.

ASTERISK-27452
Reported by: Juan Sacco

Change-Id: I9af7268eba14bf76960566f891320f97b974e6dd

.version

@@ -1 +1 @@
-15.1.2
+15.1.3

ChangeLog

@@ -1,3 +1,33 @@
+2017-12-01 19:42 +0000  Asterisk Development Team <asteriskteam@digium.com>
+
+	* asterisk 15.1.3 Released.
+
+2017-11-30 14:38 +0000 [f79ec1ccc8]  George Joseph <gjoseph@digium.com>
+
+	* AST-2017-013: chan_skinny: Call pthread_detach when sess threads end
+
+	  chan_skinny creates a new thread for each new session.  In trying
+	  to be a good cleanup citizen, the threads are joinable and the
+	  unload_module function does a pthread_cancel() and a pthread_join()
+	  on any sessions that are active at that time.  This has an
+	  unintended side effect though. Since you can call pthread_join on a
+	  thread that's already terminated, pthreads keeps the thread's
+	  storage around until you explicitly call pthread_join (or
+	  pthread_detach()).   Since only the module_unload function was
+	  calling pthread_join, and even then only on the ones active at the
+	  tme, the storage for every thread/session ever created sticks
+	  around until asterisk exits.
+
+	  * A thread can detach itself so the session_destroy() function
+	    now calls pthread_detach() just before it frees the session
+	    memory allocation.  The module_unload function still takes care
+	    of the ones that are still active should the module be unloaded.
+
+	  ASTERISK-27452
+	  Reported by: Juan Sacco
+
+	  Change-Id: I9af7268eba14bf76960566f891320f97b974e6dd
+
 2017-11-10 16:59 +0000  Asterisk Development Team <asteriskteam@digium.com>
 
 	* asterisk 15.1.2 Released.

asterisk-15.1.2-summary.html

@@ -1,15 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-15.1.2</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-15.1.2</h3><h3 align="center">Date: 2017-11-10</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#closed_issues">Closed Issues</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release is a point release of an existing major version. The changes included were made to address problems that have been identified in this release series, or are minor, backwards compatible new features or improvements. Users should be able to safely upgrade to this version if this release series is already in use. Users considering upgrading from a previous version are strongly encouraged to review the UPGRADE.txt document as well as the CHANGES document for information about upgrading to this release series.</p><p>The data in this summary reflects changes that have been made since the previous release, asterisk-15.1.1.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Richard Mudgett <rmudgett@digium.com><br/>1 Ben Ford <bford@digium.com><br/></td><td width="33%"><td width="33%">1 Michael Maier <m1278468@mailbox.org><br/>1 shaurya jain <shaurya@contaque.com><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27387">ASTERISK-27387</a>: Regression: pjsip 13.18.0 - from_user - "+" character isn't allowed any more<br/>Reported by: Michael Maier<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=f0cebe232127479692b8d48ea36d5a1af2042dae">[f0cebe2321]</a> Ben Ford -- res_pjsip: Add to list of valid characters for from_user.</li>
-</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27391">ASTERISK-27391</a>: Regression: Deadlock between AOR named lock and pjproject grp lock<br/>Reported by: shaurya jain<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=7ebf5a938657a164585704f7acf2d5e3f849fed8">[7ebf5a9386]</a> Richard Mudgett -- res_pjsip_registrar.c: Fix AOR and pjproject group deadlock.</li>
-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>res_pjsip/pjsip_configuration.c |    4 ++--
-res_pjsip_registrar.c           |   29 ++++++++++++++++++-----------
-2 files changed, 20 insertions(+), 13 deletions(-)</pre><br></html>

asterisk-15.1.3-summary.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-15.1.3</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-15.1.3</h3><h3 align="center">Date: 2017-12-01</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2017-013.html">AST-2017-013</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-15.1.2.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">1 George Joseph <gjoseph@digium.com><br/></td><td width="33%"><td width="33%">1 Juan Sacco<br/>1 George Joseph <gjoseph@digium.com><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Channels/chan_skinny</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27452">ASTERISK-27452</a>: Security: chan_skinny:  Memory exhaustion if flooded with unauthenticated requests<br/>Reported by: George Joseph<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=f79ec1ccc88090f3bc5641ef0e7399d23d94905c">[f79ec1ccc8]</a> George Joseph -- AST-2017-013: chan_skinny: Call pthread_detach when sess threads end</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>

asterisk-15.1.3-summary.txt

@@ -1,8 +1,8 @@
                                 Release Summary
 
-                                asterisk-15.1.2
+                                asterisk-15.1.3
 
-                                Date: 2017-11-10
+                                Date: 2017-12-01
 
                            <asteriskteam@digium.com>
 
@@ -21,17 +21,19 @@
 
                                  [Back to Top]
 
-   This release is a point release of an existing major version. The changes
-   included were made to address problems that have been identified in this
-   release series, or are minor, backwards compatible new features or
-   improvements. Users should be able to safely upgrade to this version if
-   this release series is already in use. Users considering upgrading from a
-   previous version are strongly encouraged to review the UPGRADE.txt
-   document as well as the CHANGES document for information about upgrading
-   to this release series.
+   This release has been made to address one or more security vulnerabilities
+   that have been identified. A security advisory document has been published
+   for each vulnerability that includes additional information. Users of
+   versions of Asterisk that are affected are strongly encouraged to review
+   the advisories and determine what action they should take to protect their
+   systems from these issues.
+
+   Security Advisories:
+
+     * AST-2017-013
 
    The data in this summary reflects changes that have been made since the
-   previous release, asterisk-15.1.1.
+   previous release, asterisk-15.1.2.
 
      ----------------------------------------------------------------------
 
@@ -49,8 +51,8 @@
    this release.
 
    Coders                   Testers                  Reporters                
-   1 Richard Mudgett                                 1 Michael Maier          
-   1 Ben Ford                                        1 shaurya jain           
+   1 George Joseph                                   1 Juan Sacco             
+                                                     1 George Joseph          
 
      ----------------------------------------------------------------------
 
@@ -63,21 +65,13 @@
 
   Bug
 
-    Category: Resources/res_pjsip
+    Category: Channels/chan_skinny
 
-   ASTERISK-27387: Regression: pjsip 13.18.0 - from_user - "+" character
-   isn't allowed any more
-   Reported by: Michael Maier
-     * [f0cebe2321] Ben Ford -- res_pjsip: Add to list of valid characters
-       for from_user.
-
-    Category: pjproject/pjsip
-
-   ASTERISK-27391: Regression: Deadlock between AOR named lock and pjproject
-   grp lock
-   Reported by: shaurya jain
-     * [7ebf5a9386] Richard Mudgett -- res_pjsip_registrar.c: Fix AOR and
-       pjproject group deadlock.
+   ASTERISK-27452: Security: chan_skinny: Memory exhaustion if flooded with
+   unauthenticated requests
+   Reported by: George Joseph
+     * [f79ec1ccc8] George Joseph -- AST-2017-013: chan_skinny: Call
+       pthread_detach when sess threads end
 
      ----------------------------------------------------------------------
 
@@ -88,6 +82,4 @@
    This is a summary of the changes to the source code that went into this
    release that was generated using the diffstat utility.
 
- res_pjsip/pjsip_configuration.c |    4 ++--
- res_pjsip_registrar.c           |   29 ++++++++++++++++++-----------
- 2 files changed, 20 insertions(+), 13 deletions(-)
+ 0 files changed

channels/chan_skinny.c

@@ -7426,6 +7426,11 @@ static void destroy_session(struct skinnysession *s)
 	}
 	ast_mutex_unlock(&s->lock);
 	ast_mutex_destroy(&s->lock);
+
+	if (s->t != AST_PTHREADT_NULL) {
+		pthread_detach(s->t);
+	}
+
 	ast_free(s);
 }
 
@@ -7512,11 +7517,6 @@ static void *skinny_session(void *data)
 	int eventmessage = 0;
 	struct pollfd fds[1];
 
-	if (!s) {
-		ast_log(LOG_WARNING, "Bad Skinny Session\n");
-		return 0;
-	}
-
 	ast_log(LOG_NOTICE, "Starting Skinny session from %s\n", ast_inet_ntoa(s->sin.sin_addr));
 
 	pthread_cleanup_push(skinny_session_cleanup, s);
@@ -7682,6 +7682,7 @@ static void *accept_thread(void *ignore)
 		s->keepalive_timeout_sched = -1;
 
 		if (ast_pthread_create(&s->t, NULL, skinny_session, s)) {
+			s->t = AST_PTHREADT_NULL;
 			destroy_session(s);
 		}
 	}