[sr-dev] [tracker] Task opened: tm: possible crash if trying to aapend branch on cancelled transaction

sip-router bugtracker at sip-router.org
Mon Dec 1 21:40:18 CET 2014


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Ovidiu Sas (osas) 

Attached to Project - sip-router
Summary - tm: possible crash if trying to aapend branch on cancelled transaction
Task Type - Bug Report
Category - tm
Status - New
Assigned To - 
Operating System - All
Severity - High
Priority - High
Reported Version - 4.2
Due in Version - Undecided
Due Date - Undecided
Details - In t_append_branches.c:t_append_branches(), if a transaction is cancelled, there is a direct jump to label "canceled":

    /* test if transaction has already been canceled */
    if (t->flags & T_CANCELED) goto canceled;

Inside the "canceled" label, the "orig_msg" pointer is used without being properly initialized (it is initialized by default to NULL):

    /* update message flags, if changed in branch route */
    t->uas.request->flags = orig_msg->flags;


More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=498

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the sr-dev mailing list