From c52ac4817c933e9cb2fab6f293f9346ba6de7dca Mon Sep 17 00:00:00 2001 From: Anthony Minessale Date: Tue, 11 Feb 2014 04:05:40 +0500 Subject: [PATCH] FS-6128 FS-6200 --resolve allocating the sofia_private on the nua_handle seems to lead to memory corruption, changing it back to malloc as done in the version before the regression --- src/mod/endpoints/mod_sofia/sofia.c | 6 ++--- src/mod/endpoints/mod_sofia/sofia_reg.c | 35 +++++++++---------------- 2 files changed, 14 insertions(+), 27 deletions(-) diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index bbb5c6e89c..ccceababb0 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -1525,10 +1525,8 @@ static void our_sofia_event_callback(nua_event_t event, sofia_gateway_t *gateway = NULL; if ((gateway = sofia_reg_find_gateway(sofia_private->gateway_name))) { - nua_handle_bind(gateway->nh, NULL); - gateway->sofia_private = NULL; - nua_handle_destroy(gateway->nh); - gateway->nh = NULL; + gateway->state = REG_STATE_FAILED; + gateway->failure_status = status; sofia_reg_release_gateway(gateway); } } else { diff --git a/src/mod/endpoints/mod_sofia/sofia_reg.c b/src/mod/endpoints/mod_sofia/sofia_reg.c index ab3cd8dc76..7a78dc796a 100644 --- a/src/mod/endpoints/mod_sofia/sofia_reg.c +++ b/src/mod/endpoints/mod_sofia/sofia_reg.c @@ -47,7 +47,7 @@ static void sofia_reg_new_handle(sofia_gateway_t *gateway_ptr, int attach) nua_handle_bind(gateway_ptr->nh, NULL); nua_handle_destroy(gateway_ptr->nh); gateway_ptr->nh = NULL; - gateway_ptr->sofia_private = NULL; + sofia_private_free(gateway_ptr->sofia_private); } gateway_ptr->nh = nua_handle(gateway_ptr->profile->nua, NULL, @@ -56,10 +56,8 @@ static void sofia_reg_new_handle(sofia_gateway_t *gateway_ptr, int attach) NUTAG_CALLSTATE_REF(ss_state), SIPTAG_FROM_STR(gateway_ptr->register_from), TAG_END()); if (attach) { if (!gateway_ptr->sofia_private) { - gateway_ptr->sofia_private = su_alloc(gateway_ptr->nh->nh_home, sizeof(*gateway_ptr->sofia_private)); - switch_assert(gateway_ptr->sofia_private); + switch_zmalloc(gateway_ptr->sofia_private, sizeof(*gateway_ptr->sofia_private)); } - memset(gateway_ptr->sofia_private, 0, sizeof(*gateway_ptr->sofia_private)); switch_set_string(gateway_ptr->sofia_private->gateway_name, gateway_ptr->name); nua_handle_bind(gateway_ptr->nh, gateway_ptr->sofia_private); @@ -83,7 +81,7 @@ static void sofia_reg_new_sub_handle(sofia_gateway_subscription_t *gw_sub_ptr) nua_handle_bind(gw_sub_ptr->nh, NULL); nua_handle_destroy(gw_sub_ptr->nh); gw_sub_ptr->nh = NULL; - gw_sub_ptr->sofia_private = NULL; + sofia_private_free(gw_sub_ptr->sofia_private); } gw_sub_ptr->nh = nua_handle(gateway_ptr->profile->nua, NULL, @@ -92,10 +90,8 @@ static void sofia_reg_new_sub_handle(sofia_gateway_subscription_t *gw_sub_ptr) SIPTAG_TO_STR(gateway_ptr->register_to), NUTAG_CALLSTATE_REF(ss_state), SIPTAG_FROM_STR(gateway_ptr->register_from), TAG_END()); if (!gw_sub_ptr->sofia_private) { - gw_sub_ptr->sofia_private = su_alloc(gw_sub_ptr->nh->nh_home, sizeof(*gw_sub_ptr->sofia_private)); - switch_assert(gw_sub_ptr->sofia_private); + switch_zmalloc(gw_sub_ptr->sofia_private, sizeof(*gw_sub_ptr->sofia_private)); } - memset(gw_sub_ptr->sofia_private, 0, sizeof(*gw_sub_ptr->sofia_private)); switch_set_string(gw_sub_ptr->sofia_private->gateway_name, gateway_ptr->name); nua_handle_bind(gw_sub_ptr->nh, gw_sub_ptr->sofia_private); @@ -108,7 +104,7 @@ static void sofia_reg_kill_sub(sofia_gateway_subscription_t *gw_sub_ptr) { sofia_gateway_t *gateway_ptr = gw_sub_ptr->gateway; - gw_sub_ptr->sofia_private = NULL; + sofia_private_free(gw_sub_ptr->sofia_private); if (gw_sub_ptr->nh) { nua_handle_bind(gw_sub_ptr->nh, NULL); @@ -142,7 +138,7 @@ static void sofia_reg_kill_reg(sofia_gateway_t *gateway_ptr) switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Destroying registration handle for %s\n", gateway_ptr->name); } - gateway_ptr->sofia_private = NULL; + sofia_private_free(gateway_ptr->sofia_private); nua_handle_bind(gateway_ptr->nh, NULL); nua_handle_destroy(gateway_ptr->nh); gateway_ptr->nh = NULL; @@ -2190,24 +2186,17 @@ void sofia_reg_handle_sip_r_register(int status, tagi_t tags[]) { sofia_gateway_t *gateway = NULL; + + + if (!sofia_private) { + nua_handle_destroy(nh); + return; + } if (sofia_private && !zstr(sofia_private->gateway_name)) { gateway = sofia_reg_find_gateway(sofia_private->gateway_name); } - - if (status >= 500) { - if (sofia_private && gateway) { - nua_handle_bind(gateway->nh, NULL); - gateway->sofia_private = NULL; - nua_handle_destroy(gateway->nh); - gateway->nh = NULL; - - } else { - nua_handle_destroy(nh); - } - } - if (sofia_private && gateway) { reg_state_t ostate = gateway->state; switch (status) {