[sr-dev] Crash in rtpproxy-ng module
Richard Fuchs
rfuchs at sipwise.com
Wed Aug 28 20:24:06 CEST 2013
On 08/28/13 13:44, Hugh Waite wrote:
> Hello,
>
> I have discovered that calling rtpproxy_manage for a failure response
> will cause a segfault if certain flags are passed.
> E.g. A "488 Not Acceptable Here" response that calls
> "rtpproxy_manage("fco+SP") during a failure_route will crash.
>
> This is because the OP_DELETE operation does not initialise the flags
> variable. See rtpproxy.c:1119 (rtpp_function_call(...))
>
> I've attached a patch that will only add items to initialised lists. I
> assume that no flags are required for a DELETE operation, but please
> confirm this and review!
Hi,
Thanks for the report and the patch. I'll fix it in a different way
because the bencode_list_add*() functions are supposed to be safe to be
called with NULL arguments. I thought they were, but it looks like
they're not :)
cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20130828/0c4e8afb/attachment.pgp>
More information about the sr-dev
mailing list