| Summary: | ASTERISK-25037: res_pjsip_outbound_registration: Potential crash in off-nominal failure case when sending message | ||
| Reporter: | Joshua C. Colp (jcolp) | Labels: | |
| Date Opened: | 2015-04-30 06:10:38 | Date Closed: | 2015-04-30 10:50:25 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Resources/res_pjsip_outbound_registration |
| Versions: | 13.3.2 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | The res_pjsip_outbound_registration module currently assumes that a failure return from the pjsip_regc_send function means that the attempt to send the message has failed. While this is true in some cases the registration callback may still be invoked. This is a probably because both the caller of pjsip_regc_send and the registration callback will decrement the reference count of the client state. This is incorrect. If the callback has been invoked the caller of pjsip_regc_send MUST NOT decrement the reference count. If this happens a few times to the same client state it will eventually be destroyed prematurely causing a subsequent registration to potentially crash Asterisk. | ||
| Comments: | |||