res_pjsip_history: Fix multiple leaks on vector append failure.
authorCorey Farrell <git@cfware.com>
Tue, 7 Nov 2017 00:12:13 +0000 (19:12 -0500)
committerCorey Farrell <git@cfware.com>
Wed, 8 Nov 2017 03:31:12 +0000 (22:31 -0500)
Change-Id: I41e8d5183ace284095cc721f3b1fb32ade3f940f

res/res_pjsip_history.c

index 4e7dbd0..ed374d6 100644 (file)
@@ -705,10 +705,13 @@ static pj_status_t history_on_tx_msg(pjsip_tx_data *tdata)
        pj_sockaddr_cp(&entry->dst, &tdata->tp_info.dst_addr);
 
        ast_mutex_lock(&history_lock);
-       AST_VECTOR_APPEND(&vector_history, entry);
+       if (AST_VECTOR_APPEND(&vector_history, entry)) {
+               ao2_ref(entry, -1);
+               entry = NULL;
+       }
        ast_mutex_unlock(&history_lock);
 
-       if (log_level != -1) {
+       if (log_level != -1 && entry) {
                char line[256];
 
                sprint_list_entry(entry, line, sizeof(line));
@@ -745,10 +748,13 @@ static pj_bool_t history_on_rx_msg(pjsip_rx_data *rdata)
        }
 
        ast_mutex_lock(&history_lock);
-       AST_VECTOR_APPEND(&vector_history, entry);
+       if (AST_VECTOR_APPEND(&vector_history, entry)) {
+               ao2_ref(entry, -1);
+               entry = NULL;
+       }
        ast_mutex_unlock(&history_lock);
 
-       if (log_level != -1) {
+       if (log_level != -1 && entry) {
                char line[256];
 
                sprint_list_entry(entry, line, sizeof(line));
@@ -959,7 +965,9 @@ static int evaluate_history_entry(struct pjsip_history_entry *entry, struct expr
 
                /* If this is not an operator, push it to the stack */
                if (!it_queue->op) {
-                       AST_VECTOR_APPEND(&stack, it_queue);
+                       if (AST_VECTOR_APPEND(&stack, it_queue)) {
+                               goto error;
+                       }
                        continue;
                }
 
@@ -1035,7 +1043,11 @@ static int evaluate_history_entry(struct pjsip_history_entry *entry, struct expr
                if (!result) {
                        goto error;
                }
-               AST_VECTOR_APPEND(&stack, result);
+               if (AST_VECTOR_APPEND(&stack, result)) {
+                       expression_token_free(result);
+
+                       goto error;
+               }
        }
 
        /*
@@ -1056,6 +1068,7 @@ static int evaluate_history_entry(struct pjsip_history_entry *entry, struct expr
        }
        result = final->result;
        ast_free(final);
+       AST_VECTOR_FREE(&stack);
 
        return result;
 
@@ -1098,6 +1111,7 @@ static struct vector_history_t *filter_history(struct ast_cli_args *a)
 
        queue = build_expression_queue(a);
        if (!queue) {
+               AST_VECTOR_PTR_FREE(output);
                return NULL;
        }
 
@@ -1118,7 +1132,9 @@ static struct vector_history_t *filter_history(struct ast_cli_args *a)
                } else if (!res) {
                        continue;
                } else {
-                       AST_VECTOR_APPEND(output, ao2_bump(entry));
+                       if (AST_VECTOR_APPEND(output, ao2_bump(entry))) {
+                               ao2_cleanup(entry);
+                       }
                }
        }
        ast_mutex_unlock(&history_lock);