[sr-dev] git:kamailio_3.0: dialog(k): avoid double free

Daniel-Constantin Mierla miconda at gmail.com
Fri Nov 27 14:55:57 CET 2009 

Module: sip-router
Branch: kamailio_3.0
Commit: 9dca82405261dd925f845a98f2da26f7b1d12b54
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9dca82405261dd925f845a98f2da26f7b1d12b54

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Fri Nov 27 14:32:29 2009 +0100

dialog(k): avoid double free

- rested current dialog pointer when distroying dialog to avoid double
  free done from post script callback
- reported by Klaus Feichtinger

---

 modules_k/dialog/dlg_hash.c    |    4 ++++
 modules_k/dialog/dlg_profile.c |   10 ++++++++++
 modules_k/dialog/dlg_profile.h |    4 ++++
 3 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/modules_k/dialog/dlg_hash.c b/modules_k/dialog/dlg_hash.c
index 65e5876..e879a1a 100644
--- a/modules_k/dialog/dlg_hash.c
+++ b/modules_k/dialog/dlg_hash.c
@@ -153,6 +153,9 @@ inline void destroy_dlg(struct dlg_cell *dlg)
 
 	run_dlg_callbacks( DLGCB_DESTROY , dlg, 0, DLG_DIR_NONE, 0);
 
+	if(dlg==get_current_dlg_pointer())
+		reset_current_dlg_pointer();
+
 	if (dlg->cbs.first)
 		destroy_dlg_callbacks_list(dlg->cbs.first);
 
@@ -172,6 +175,7 @@ inline void destroy_dlg(struct dlg_cell *dlg)
 		shm_free(dlg->cseq[DLG_CALLEE_LEG].s);
 
 	shm_free(dlg);
+	dlg = 0;
 }
 
 
diff --git a/modules_k/dialog/dlg_profile.c b/modules_k/dialog/dlg_profile.c
index 1ee09cf..8df5792 100644
--- a/modules_k/dialog/dlg_profile.c
+++ b/modules_k/dialog/dlg_profile.c
@@ -69,6 +69,16 @@ static struct dlg_profile_table* new_dlg_profile( str *name,
 		unsigned int size, unsigned int has_value);
 
 
+struct dlg_cell *get_current_dlg_pointer(void)
+{
+	return current_dlg_pointer;
+}
+
+void reset_current_dlg_pointer(void)
+{
+	current_dlg_pointer = NULL;
+}
+
 /*!
  * \brief Add profile definitions to the global list
  * \see new_dlg_profile
diff --git a/modules_k/dialog/dlg_profile.h b/modules_k/dialog/dlg_profile.h
index 2e9158f..c865c5e 100644
--- a/modules_k/dialog/dlg_profile.h
+++ b/modules_k/dialog/dlg_profile.h
@@ -79,6 +79,10 @@ struct dlg_profile_table {
 };
 
 
+struct dlg_cell *get_current_dlg_pointer(void);
+
+void reset_current_dlg_pointer(void);
+
 /*!
  * \brief Add profile definitions to the global list
  * \see new_dlg_profile

More information about the sr-dev mailing list