AST-2012-006: Fix crash in UPDATE handling when no channel owner exists

If Asterisk receives a SIP UPDATE request after a call has been terminated and
the channel has been destroyed but before the SIP dialog has been destroyed, a
condition exists where a connected line update would be attempted on a
non-existing channel.  This would cause Asterisk to crash.  The patch resolves
this by first ensuring that the SIP dialog has an owning channel before
attempting a connected line update.  If an UPDATE request is received and no
channel is associated with the dialog, a 481 response is sent.

(closes issue ASTERISK-19770)
Reported by: Thomas Arimont
Tested by: Matt Jordan
Patches:
  ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)
........

Merged revisions 363106 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 363107 from http://svn.asterisk.org/svn/asterisk/branches/10

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363108 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 6143718..2acb2b3 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -23032,6 +23032,10 @@ static int handle_request_update(struct sip_pvt *p, struct sip_request *req)
                transmit_response(p, "501 Method Not Implemented", req);
                return 0;
        }
+       if (!p->owner) {
+               transmit_response(p, "481 Call/Transaction Does Not Exist", req);
+               return 0;
+       }
        if (get_rpid(p, req)) {
                struct ast_party_connected_line connected;
                struct ast_set_party_connected_line update_connected;