| Summary: | ASTERISK-23254: Bad ao2_find() usage in pjsip_options.c | ||
| Reporter: | Richard Mudgett (rmudgett) | Labels: | |
| Date Opened: | 2014-02-04 18:57:01.000-0600 | Date Closed: | 2014-03-25 12:34:41 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip |
| Versions: | 12.0.0 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) jira_asterisk_23254_v12_v2.patch ( 1) jira_asterisk_23254_v12_v3.patch ( 2) jira_asterisk_23254_v12_v4.patch ( 3) jira_asterisk_23254_v12.patch | |
| Description: | In the res/res_pjsip/pjsip_options.c:on_endpoint() function the ao2_find is useless because it will never match anything.
{code} if (ao2_find(contacts, arg, OBJ_NODATA | OBJ_POINTER)) { return CMP_MATCH; } {code} As a result pjsip_options.c:find_endpoints() will never return any matching endpoints and the pjsip_options.c:qualify_contact() will not have an endpoint to qualify. pjsip_options.c:qualify_contact() needs to check if it actually finds an endpoint before sending the qualify. If it cannot find an endpoint it needs to generate an ERROR message and return. A crash is likely if an endpoint is not found and the qualify message is challenged for authentication. Alternatively, a configured default endpoint could be used as a final fallback before failing. {code} if (!endpoint_local) { struct ao2_iterator *endpoint_iterator = find_endpoints(contact); /* try to find endpoints that are associated with the contact */ if (endpoint_iterator) { /* find "first" endpoint in order to authenticate - actually any endpoint should do that matched on the contact */ endpoint_local = ao2_iterator_next(endpoint_iterator); ao2_iterator_destroy(endpoint_iterator); } } {code} | ||
| Comments: | By: Richard Mudgett (rmudgett) 2014-02-05 17:20:00.098-0600 The ao2_find will not return anything because the OBJ_NODATA flag is passed. In this case ao2_find will always return NULL. Also the ao2_find with that container does not know how to match arg to items in the container. The particular container is created with no cmp function so by default ao2_find matches any object. The ao2_find needs to be replaced with an ao2_callback and a matching function. By: Richard Mudgett (rmudgett) 2014-03-20 16:16:51.726-0500 [^jira_asterisk_23254_v12.patch] - Fixes finding an endpoint when given a contact. The endpoint's contacts are matched by contact URI using a simple strcmp(). By: Richard Mudgett (rmudgett) 2014-03-21 12:55:53.658-0500 [^jira_asterisk_23254_v12_v2.patch] - Changes find_endpoints() to find_an_endpoint() since there is no sense in finding all when we are only going to use the first one found. Also fixes qualify contact ref leaks. A BUGBUG testing message is in place to know when an endpoint is successfully found. By: Richard Mudgett (rmudgett) 2014-03-21 14:05:53.898-0500 [^jira_asterisk_23254_v12_v3.patch] - Fixes updating the authenticate_qualify option on aor contacts when they are (re)scheduled after a (re)load. See ASTERISK-23514 By: Richard Mudgett (rmudgett) 2014-03-21 18:37:22.909-0500 [^jira_asterisk_23254_v12_v4.patch] - Patch put up for review. Reviewboard: https://reviewboard.asterisk.org/r/3381/ | ||