cellular-infrastructure
/
osmo-sip-connector
mirror of https://gerrit.osmocom.org/osmo-sip-connector
8
0
Fork 0
Code Issues Releases Wiki Activity

fix use-after-free in SIP re-INVITE 

Copy the m_mode before freeing the parser.
Address sanitizer aborted with:

20210601033017695 DSIP INFO re-INVITE for call 854A5CDA8037073 (sip.c:192)
=================================================================
==8583==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000003250 at pc 0x55c3b4624dc5 bp 0x7ffe8a4464d0 sp 0x7ffe8a4464c8
READ of size 8 at 0x612000003250 thread T0
    #0 0x55c3b4624dc4 in sdp_get_sdp_mode ../../../src/osmo-sip-connector/src/sdp.c:72
    #1 0x55c3b462be9e in sip_handle_reinvite ../../../src/osmo-sip-connector/src/sip.c:202
    #2 0x55c3b462d676 in nua_callback ../../../src/osmo-sip-connector/src/sip.c:397
[...]

Change-Id: I4c48832f01e61e98536de8f164ab5a3caa64f34a
changes/74/24474/1
Neels Hofmeyr 2021-06-01 03:33:59 +02:00
parent d9e57e5f08
commit 97c7916892
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/sdp.c
View File

@ -68,8 +68,8 @@ bool sdp_get_sdp_mode(const sip_t *sip, sdp_mode_t *mode) {
return sdp_sendrecv;
}
sdp_parser_free(parser);
*mode = sdp->sdp_media->m_mode;
sdp_parser_free(parser);
return true;
}