res_pjsip_outbound_publish: eventually crashes when no response is ever received

When Asterisk attempts to send SIP outbound publish information and no response is ever received (no 200 okay, 412, 423) the system eventually crashes. A response is never received because the system Asterisk is attempting to send publish information to is not available. The underlying pjsip framework attempts to send publish information. After several attempts it calls back into the Asterisk outbound publish code. At this point if the "client->queue" is empty Asterisk attempts to schedule a refresh which utilizes "rdata" and since no response was received the given "rdata" struture is NULL. Attempting to dereference a NULL object of course results in a crash. The fix here removes the dependency on rdata for schedule_publish_refresh. Instead param->expiration is now passed to it as this is set to -1 if no response is received. Also added a notification when no response is received. ASTERISK-24635 #close Reported by: Marco Paland Review: https://reviewboard.asterisk.org/r/4384/ ........ Merged revisions 431490 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431491 65c4cc65-6c06-0410-ace0-fbb531ad65f3
10 years ago · 5c9f1b3f51
parent 6a76740b83
commit 5c9f1b3f51
1 changed files with 8 additions and 7 deletions
--- a/res/res_pjsip_outbound_publish.c
+++ b/res/res_pjsip_outbound_publish.c
@ -273,18 +273,15 @@ static void cancel_publish_refresh(struct ast_sip_outbound_publish_client *clien
 }

 /*! \brief Helper function which sets up the timer to send publication */
-static void schedule_publish_refresh(struct ast_sip_outbound_publish_client *client, pjsip_rx_data *rdata)
+static void schedule_publish_refresh(struct ast_sip_outbound_publish_client *client, int expiration)
 {
 	struct ast_sip_outbound_publish *publish = ao2_bump(client->publish);
 	pj_time_val delay = { .sec = 0, };
-	pjsip_expires_hdr *expires;

 	cancel_publish_refresh(client);

-	/* Determine when we should refresh - we favor the Expires header if possible */
-	expires = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_EXPIRES, NULL);
-	if (expires) {
-		delay.sec = expires->ivalue - PJSIP_PUBLISHC_DELAY_BEFORE_REFRESH;
+	if (expiration > 0) {
+		delay.sec = expiration - PJSIP_PUBLISHC_DELAY_BEFORE_REFRESH;
 	}
 	if (publish->expiration && ((delay.sec > publish->expiration) || !delay.sec)) {
 		delay.sec = publish->expiration;
@ -922,10 +919,14 @@ static void sip_outbound_publish_callback(struct pjsip_publishc_cbparam *param)
 		AST_LIST_REMOVE_HEAD(&client->queue, entry);
 		ast_free(client->sending);
 		client->sending = NULL;
+		if (!param->rdata) {
+			ast_log(LOG_NOTICE, "No response received for outbound publish '%s'\n",
+				ast_sorcery_object_get_id(publish));
+		}
 	}

 	if (AST_LIST_EMPTY(&client->queue)) {
-		schedule_publish_refresh(client, param->rdata);
+		schedule_publish_refresh(client, param->expiration);
 	}

 end: