From 2c757b4ab762d9c8eeddd4e44a43d44134e62b48 Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Wed, 11 Jul 2007 22:53:26 +0000 Subject: [PATCH] The function make_trunk() can fail and return -1 instead of a valid new call number. Fix the uses of this function to handle this instead of treating it as the new call number. This would cause a deadlock and memory corruption. (possible cause of issue #9614 and others, patch by me) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@74766 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_iax2.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index c8007acbab..5bc629fa35 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -6959,7 +6959,9 @@ retryowner: check_provisioning(&sin, fd, ies.serviceident, ies.provver); /* If we're in trunk mode, do it now, and update the trunk number in our frame before continuing */ if (ast_test_flag(iaxs[fr->callno], IAX_TRUNK)) { - fr->callno = make_trunk(fr->callno, 1); + int new_callno; + if ((new_callno = make_trunk(fr->callno, 1)) != -1) + fr->callno = new_callno; } /* For security, always ack immediately */ if (delayreject) @@ -8072,8 +8074,11 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data /* If this is a trunk, update it now */ ast_copy_flags(iaxs[callno], &cai, IAX_TRUNK | IAX_SENDANI | IAX_NOTRANSFER | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF); - if (ast_test_flag(&cai, IAX_TRUNK)) - callno = make_trunk(callno, 1); + if (ast_test_flag(&cai, IAX_TRUNK)) { + int new_callno; + if ((new_callno = make_trunk(callno, 1)) != -1) + callno = new_callno; + } iaxs[callno]->maxtime = cai.maxtime; if (cai.found) ast_copy_string(iaxs[callno]->host, pds.peer, sizeof(iaxs[callno]->host));