chan_dahdi: Fix segfault dereferencing a NULL tech_pvt.
authorRichard Mudgett <rmudgett@digium.com>
Mon, 29 Oct 2012 15:56:13 +0000 (15:56 +0000)
committerRichard Mudgett <rmudgett@digium.com>
Mon, 29 Oct 2012 15:56:13 +0000 (15:56 +0000)
The tech support customer was using the AMI Redirect action shortly after
a call was placed.  While the channel tried to do an ast_read(), the
masquerade resulting from the channel redirect took place.  The masquerade
in the middle of the ast_read() resulted in the segfault.

(closes issue AST-1025)
Reported by: Trey Blancher
Patches:
      jira_ast_1025_v1.8_v2.patch (license #5621) patch uploaded by rmudgett
........

Merged revisions 375361 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 375362 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 375363 from http://svn.asterisk.org/svn/asterisk/branches/11

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@375364 65c4cc65-6c06-0410-ace0-fbb531ad65f3

channels/chan_dahdi.c

index 85f9f05..b69bf3f 100644 (file)
@@ -9130,11 +9130,20 @@ static struct ast_frame *dahdi_read(struct ast_channel *ast)
                CHANNEL_DEADLOCK_AVOIDANCE(ast);
 
                /*
-                * For PRI channels, we must refresh the private pointer because
-                * the call could move to another B channel while the Asterisk
-                * channel is unlocked.
+                * Check to see if the channel is still associated with the same
+                * private structure.  While the Asterisk channel was unlocked
+                * the following events may have occured:
+                *
+                * 1) A masquerade may have associated the channel with another
+                * technology or private structure.
+                *
+                * 2) For PRI calls, call signaling could change the channel
+                * association to another B channel (private structure).
                 */
-               p = ast_channel_tech_pvt(ast);
+               if (ast_channel_tech_pvt(ast) != p) {
+                       /* The channel is no longer associated.  Quit gracefully. */
+                       return &ast_null_frame;
+               }
        }
 
        idx = dahdi_get_index(ast, p, 0);