From: Kevin Harwell Date: Fri, 30 Jan 2015 17:41:02 +0000 (+0000) Subject: res_pjsip_outbound_publish: eventually crashes when no response is ever received X-Git-Tag: 14.0.0-beta1~1270 X-Git-Url: http://git.asterisk.org/gitweb/?p=asterisk%2Fasterisk.git;a=commitdiff_plain;h=5c9f1b3f5171bc4b72ec0d5ae29799dcf99d5995 res_pjsip_outbound_publish: eventually crashes when no response is ever received When Asterisk attempts to send SIP outbound publish information and no response is ever received (no 200 okay, 412, 423) the system eventually crashes. A response is never received because the system Asterisk is attempting to send publish information to is not available. The underlying pjsip framework attempts to send publish information. After several attempts it calls back into the Asterisk outbound publish code. At this point if the "client->queue" is empty Asterisk attempts to schedule a refresh which utilizes "rdata" and since no response was received the given "rdata" struture is NULL. Attempting to dereference a NULL object of course results in a crash. The fix here removes the dependency on rdata for schedule_publish_refresh. Instead param->expiration is now passed to it as this is set to -1 if no response is received. Also added a notification when no response is received. ASTERISK-24635 #close Reported by: Marco Paland Review: https://reviewboard.asterisk.org/r/4384/ ........ Merged revisions 431490 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431491 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/res/res_pjsip_outbound_publish.c b/res/res_pjsip_outbound_publish.c index 9073f7c..8b6f6e4 100644 --- a/res/res_pjsip_outbound_publish.c +++ b/res/res_pjsip_outbound_publish.c @@ -273,18 +273,15 @@ static void cancel_publish_refresh(struct ast_sip_outbound_publish_client *clien } /*! \brief Helper function which sets up the timer to send publication */ -static void schedule_publish_refresh(struct ast_sip_outbound_publish_client *client, pjsip_rx_data *rdata) +static void schedule_publish_refresh(struct ast_sip_outbound_publish_client *client, int expiration) { struct ast_sip_outbound_publish *publish = ao2_bump(client->publish); pj_time_val delay = { .sec = 0, }; - pjsip_expires_hdr *expires; cancel_publish_refresh(client); - /* Determine when we should refresh - we favor the Expires header if possible */ - expires = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_EXPIRES, NULL); - if (expires) { - delay.sec = expires->ivalue - PJSIP_PUBLISHC_DELAY_BEFORE_REFRESH; + if (expiration > 0) { + delay.sec = expiration - PJSIP_PUBLISHC_DELAY_BEFORE_REFRESH; } if (publish->expiration && ((delay.sec > publish->expiration) || !delay.sec)) { delay.sec = publish->expiration; @@ -922,10 +919,14 @@ static void sip_outbound_publish_callback(struct pjsip_publishc_cbparam *param) AST_LIST_REMOVE_HEAD(&client->queue, entry); ast_free(client->sending); client->sending = NULL; + if (!param->rdata) { + ast_log(LOG_NOTICE, "No response received for outbound publish '%s'\n", + ast_sorcery_object_get_id(publish)); + } } if (AST_LIST_EMPTY(&client->queue)) { - schedule_publish_refresh(client, param->rdata); + schedule_publish_refresh(client, param->expiration); } end: