From cdfbc02df164a9bc49e23900fae66e696c4623aa Mon Sep 17 00:00:00 2001 From: Kevin Harwell Date: Wed, 6 Nov 2013 21:58:17 +0000 Subject: [PATCH] app_queue: crash if first agent is "busy" If the first agent/member (via CLI "queue show") in a queue is "busy" (dnd, circuit busy, etc...) and no agents answered then app_queue would crash. This occurred because while the calling of agent(s) remained valid the channel on "busy" agent would be set to NULL and then later dereferenced upon a second "rna" function call. The original intention of the code is to have only valid "call attempt" objects (channels != NULL) checked while attempting to call agent(s). It does this by building a "call_next" list of valid "call attempt" objects. In the case of the "busy" agent subsequent builds of the valid "call attempt" list would sometimes include (the case mentioned above) an invalid "call attempt" object. The fix was to make sure the "call attempt" list was appropriately built on every iteration. A NULL sanity check was also added at the original offending spot of the crash just in case another one slipped by somehow. (closes issue ASTERISK-22644) Reported by: Marco Signorini Review: https://reviewboard.asterisk.org/r/2983/ ........ Merged revisions 402517 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@402518 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- apps/app_queue.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps/app_queue.c b/apps/app_queue.c index 522c602c19..a1e495e6b6 100644 --- a/apps/app_queue.c +++ b/apps/app_queue.c @@ -4467,6 +4467,8 @@ static struct callattempt *wait_for_answer(struct queue_ent *qe, struct callatte } prev = o; } + } else if (prev) { + prev->call_next = NULL; } numlines++; } @@ -4927,7 +4929,9 @@ skip_frame:; if (!*to) { for (o = start; o; o = o->call_next) { - rna(orig, qe, o->chan, o->interface, o->member->membername, 1); + if (o->chan) { + rna(orig, qe, o->chan, o->interface, o->member->membername, 1); + } } publish_dial_end_event(qe->chan, outgoing, NULL, "NOANSWER");