kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 12:16:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make code that updates BRIDGEPEER variable thread-safe.

Browse Source 
It is not safe to read the name field of an ast_channel without the channel
locked.  This patch fixes some places in channel.c where this was being done,
and lead to crashes related to masquerades.

(closes issue #14623)
Reported by: guillecabeza


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@181423 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Russell Bryant
2009-03-11 21:42:58 +00:00
parent f97c929946
commit aedf566905
1 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
main/channel.c
View File

@@ -4060,6 +4060,29 @@ static enum ast_bridge_result ast_generic_bridge(struct ast_channel *c0, struct
return res;
}
static void update_bridgepeer(struct ast_channel *c0, struct ast_channel *c1)
{
const char *c0_name;
const char *c1_name;
ast_channel_lock(c1);
c1_name = ast_strdupa(c1->name);
ast_channel_unlock(c1);
ast_channel_lock(c0);
if (!ast_strlen_zero(pbx_builtin_getvar_helper(c0, "BRIDGEPEER"))) {
pbx_builtin_setvar_helper(c0, "BRIDGEPEER", c1_name);
}
c0_name = ast_strdupa(c0->name);
ast_channel_unlock(c0);
ast_channel_lock(c1);
if (!ast_strlen_zero(pbx_builtin_getvar_helper(c1, "BRIDGEPEER"))) {
pbx_builtin_setvar_helper(c1, "BRIDGEPEER", c0_name);
}
ast_channel_unlock(c1);
}
/*! \brief Bridge two channels together */
enum ast_bridge_result ast_channel_bridge(struct ast_channel *c0, struct ast_channel *c1,
struct ast_bridge_config *config, struct ast_frame **fo, struct ast_channel **rc)
@@ -4176,7 +4199,7 @@ enum ast_bridge_result ast_channel_bridge(struct ast_channel *c0, struct ast_cha
res = 0;
break;
}
if (!to) {
if (time_left_ms >= 5000 && config->warning_sound && config->play_warning && ast_test_flag(config, AST_FEATURE_WARNING_ACTIVE)) {
int t = (time_left_ms + 500) / 1000; /* round to nearest second */
@@ -4204,7 +4227,7 @@ enum ast_bridge_result ast_channel_bridge(struct ast_channel *c0, struct ast_cha
ast_log(LOG_DEBUG, "Unbridge signal received. Ending native bridge.\n");
continue;
}
/* Stop if we're a zombie or need a soft hangup */
if (ast_test_flag(c0, AST_FLAG_ZOMBIE) || ast_check_hangup_locked(c0) ||
ast_test_flag(c1, AST_FLAG_ZOMBIE) || ast_check_hangup_locked(c1)) {
@@ -4221,13 +4244,9 @@ enum ast_bridge_result ast_channel_bridge(struct ast_channel *c0, struct ast_cha
ast_check_hangup(c1) ? "Yes" : "No");
break;
}
/* See if the BRIDGEPEER variable needs to be updated */
if (!ast_strlen_zero(pbx_builtin_getvar_helper(c0, "BRIDGEPEER")))
pbx_builtin_setvar_helper(c0, "BRIDGEPEER", c1->name);
if (!ast_strlen_zero(pbx_builtin_getvar_helper(c1, "BRIDGEPEER")))
pbx_builtin_setvar_helper(c1, "BRIDGEPEER", c0->name);
update_bridgepeer(c0, c1);
if (c0->tech->bridge &&
(config->timelimit == 0) &&
(c0->tech->bridge == c1->tech->bridge) &&
@@ -4278,7 +4297,7 @@ enum ast_bridge_result ast_channel_bridge(struct ast_channel *c0, struct ast_cha
break;
}
}
if (((c0->writeformat != c1->readformat) || (c0->readformat != c1->writeformat) ||
(c0->nativeformats != o0nativeformats) || (c1->nativeformats != o1nativeformats)) &&
!(c0->generator || c1->generator)) {
@@ -4299,10 +4318,7 @@ enum ast_bridge_result ast_channel_bridge(struct ast_channel *c0, struct ast_cha
o1nativeformats = c1->nativeformats;
}
if (!ast_strlen_zero(pbx_builtin_getvar_helper(c0, "BRIDGEPEER")))
pbx_builtin_setvar_helper(c0, "BRIDGEPEER", c1->name);
if (!ast_strlen_zero(pbx_builtin_getvar_helper(c1, "BRIDGEPEER")))
pbx_builtin_setvar_helper(c1, "BRIDGEPEER", c0->name);
update_bridgepeer(c0, c1);
res = ast_generic_bridge(c0, c1, config, fo, rc, config->nexteventts);
if (res != AST_BRIDGE_RETRY) {