From 3329141e74a56d8efdfe9fd2fe0e5385a0c3c196 Mon Sep 17 00:00:00 2001 From: William King Date: Sun, 15 Sep 2013 15:57:17 -0700 Subject: [PATCH 1/4] Don't risk the double free, use switch_safe_free here same as in ~15 lines. --- src/mod/applications/mod_httapi/mod_httapi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mod/applications/mod_httapi/mod_httapi.c b/src/mod/applications/mod_httapi/mod_httapi.c index e5bfac12ae..6ae3001804 100644 --- a/src/mod/applications/mod_httapi/mod_httapi.c +++ b/src/mod/applications/mod_httapi/mod_httapi.c @@ -2343,7 +2343,7 @@ static char *load_cache_data(http_file_context_t *context, const char *url) if ((p = strchr(dext, '?'))) { *p = '\0'; ext = dext; - } else free(dext); + } else switch_safe_free(dext); } context->cache_file_base = switch_core_sprintf(context->pool, "%s%s%s", globals.cache_path, SWITCH_PATH_SEPARATOR, digest); From aa222c7aea4670df8aa2f9239f6dc5c680958164 Mon Sep 17 00:00:00 2001 From: William King Date: Sun, 15 Sep 2013 16:05:11 -0700 Subject: [PATCH 2/4] While sofia does garbage collection, in other locations we still call su_free after calls to sip_header_as_string. So adding it here too since we've finished using the full_contact variable. --- src/mod/endpoints/mod_sofia/sofia.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index ca9ba7ddec..fcd9c5870f 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -9034,6 +9034,10 @@ void sofia_handle_sip_i_invite(switch_core_session_t *session, nua_t *nua, sofia switch_assert(sql); sofia_glue_execute_sql_now(profile, &sql, SWITCH_TRUE); + + if ( full_contact ) { + su_free(nua_handle_home(tech_pvt->nh), full_contact); + } } if (is_nat) { From b91d6e430af611f0d4fd0067b64786d2c1041390 Mon Sep 17 00:00:00 2001 From: William King Date: Sun, 15 Sep 2013 16:19:19 -0700 Subject: [PATCH 3/4] How did the use after free not blowup in the last 3 years since it was modified? --- src/mod/applications/mod_fifo/mod_fifo.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/mod/applications/mod_fifo/mod_fifo.c b/src/mod/applications/mod_fifo/mod_fifo.c index 7c236ef6d2..1affefa3e4 100644 --- a/src/mod/applications/mod_fifo/mod_fifo.c +++ b/src/mod/applications/mod_fifo/mod_fifo.c @@ -1637,7 +1637,6 @@ static void *SWITCH_THREAD_FUNC o_thread_run(switch_thread_t *thread, void *obj) fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE); status = switch_ivr_originate(NULL, &session, &cause, originate_string, h->timeout, NULL, NULL, NULL, NULL, ovars, SOF_NONE, NULL); - free(originate_string); if (status != SWITCH_STATUS_SUCCESS) { @@ -1694,6 +1693,10 @@ static void *SWITCH_THREAD_FUNC o_thread_run(switch_thread_t *thread, void *obj) end: + if ( originate_string ){ + switch_safe_free(originate_string); + } + switch_event_destroy(&ovars); if (node) { switch_mutex_lock(node->update_mutex); From fb318e3be9c26f0332b6ea9a7c1be9b63d7a1d39 Mon Sep 17 00:00:00 2001 From: Jeff Lenk Date: Sun, 15 Sep 2013 18:48:10 -0600 Subject: [PATCH 4/4] FS-5784 try this with visual studio express 2010 --- Freeswitch.2010.express.sln | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Freeswitch.2010.express.sln b/Freeswitch.2010.express.sln index e554a13076..419e84e6c7 100644 --- a/Freeswitch.2010.express.sln +++ b/Freeswitch.2010.express.sln @@ -346,6 +346,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "make_math_fixed_tables", "l EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "make_cielab_luts", "libs\spandsp\src\msvc\make_cielab_luts.2010.vcxproj", "{85F0CF8C-C7AB-48F6-BA19-CC94CF87F981}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "make_t43_gray_code_tables", "libs\spandsp\src\msvc\make_t43_gray_code_tables.2010.vcxproj", "{EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution All|Win32 = All|Win32 @@ -2086,6 +2088,15 @@ Global {85F0CF8C-C7AB-48F6-BA19-CC94CF87F981}.Release|Win32.Build.0 = All|Win32 {85F0CF8C-C7AB-48F6-BA19-CC94CF87F981}.Release|x64.ActiveCfg = All|Win32 {85F0CF8C-C7AB-48F6-BA19-CC94CF87F981}.Release|x64.Build.0 = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.All|Win32.ActiveCfg = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.All|Win32.Build.0 = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.All|x64.ActiveCfg = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.Debug|Win32.ActiveCfg = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.Debug|Win32.Build.0 = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.Debug|x64.ActiveCfg = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.Release|Win32.ActiveCfg = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.Release|Win32.Build.0 = All|Win32 + {EDDB8AB9-C53E-44C0-A620-0E86C2CBD5D5}.Release|x64.ActiveCfg = All|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE