res_pjsip: Prevent crashes when PJPROJECT presents an rdata with no message
authorMatthew Jordan <mjordan@digium.com>
Mon, 6 Oct 2014 00:31:48 +0000 (00:31 +0000)
committerMatthew Jordan <mjordan@digium.com>
Mon, 6 Oct 2014 00:31:48 +0000 (00:31 +0000)
commit45b7b474aca2a4213a0f4ef06debb17a30d60b2d
tree9ad22e18a272d29afae83bc2dfc14dbf2e7c7ea8
parentf27f41a288c313f27a2dc1ae311e2184decb3bea
res_pjsip: Prevent crashes when PJPROJECT presents an rdata with no message

When a message that exceeds the PJ_MAX_PKT_SIZE is sent over a reliable
transport, it is possible (although it shouldn't occur) for pjproject to pass
up an rdata object with a NULL msg in the msg_info. Needless to say, things
that attempt to dereference this are in for a rough ride.

In particular, this caused crashes in three different locations, all of which
are 'low level' enough to intercept an rdata object early in processing:

(1) res_pjsip_logger
(2) res_hep_pjsip
(3) res_pjsip/distributor

Anything that can intercept an rdata object before res_pjsip/distributor should
be defensive when looking at the received packet.

#SIPit31

ASTERISK-24369 #close
Reported by: Matt Jordan
........

Merged revisions 424618 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 424619 from http://svn.asterisk.org/svn/asterisk/branches/13

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424620 65c4cc65-6c06-0410-ace0-fbb531ad65f3
res/res_hep_pjsip.c
res/res_pjsip/pjsip_distributor.c
res/res_pjsip_logger.c