pjproject_bundled: Crash on pj_ssl_get_info() while ioqueue_on_read_complete().
authorAlexander Traud <pabstraud@compuserve.com>
Fri, 7 Apr 2017 13:06:11 +0000 (15:06 +0200)
committerAlexander Traud <pabstraud@compuserve.com>
Fri, 7 Apr 2017 13:06:11 +0000 (15:06 +0200)
When the Asterisk channel driver res_pjsip offers SIP-over-TLS, sometimes, not
reproducible, Asterisk crashed in pj_ssl_sock_get_info() because a NULL pointer
was read. This change avoids this crash.

ASTERISK-26927 #close

Change-Id: I24a6011b44d1426d159742ff4421cf806a52938b

third-party/pjproject/patches/0048-r5576-svn-backport-tls-crash.patch [new file with mode: 0644]

diff --git a/third-party/pjproject/patches/0048-r5576-svn-backport-tls-crash.patch b/third-party/pjproject/patches/0048-r5576-svn-backport-tls-crash.patch
new file mode 100644 (file)
index 0000000..b5edc71
--- /dev/null
@@ -0,0 +1,32 @@
+Index: /pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c\r
+===================================================================\r
+--- a/pjlib/src/pj/ssl_sock_ossl.c     (revision 5564)\r
++++ b/pjlib/src/pj/ssl_sock_ossl.c     (revision 5565)\r
+@@ -145,5 +145,6 @@\r
+     SSL_STATE_NULL,\r
+     SSL_STATE_HANDSHAKING,\r
+-    SSL_STATE_ESTABLISHED\r
++    SSL_STATE_ESTABLISHED,\r
++    SSL_STATE_ERROR\r
+ };\r
\r
+@@ -1907,4 +1908,8 @@\r
+                       buf->len += size_;\r
+               \r
++                    if (status != PJ_SUCCESS) {\r
++                        ssock->ssl_state = SSL_STATE_ERROR;\r
++                    }\r
++\r
+                   ret = (*ssock->param.cb.on_data_read)(ssock, buf->data,\r
+                                                         buf->len, status,\r
+@@ -2658,5 +2663,9 @@\r
+       /* Current cipher */\r
+       cipher = SSL_get_current_cipher(ssock->ossl_ssl);\r
+-      info->cipher = (SSL_CIPHER_get_id(cipher) & 0x00FFFFFF);\r
++      if (cipher) {\r
++          info->cipher = (SSL_CIPHER_get_id(cipher) & 0x00FFFFFF);\r
++      } else {\r
++          info->cipher = PJ_TLS_UNKNOWN_CIPHER;\r
++      }\r
\r
+       /* Remote address */\r