Hello,
I have discovered that calling rtpproxy_manage for a failure response will cause a segfault if certain flags are passed. E.g. A "488 Not Acceptable Here" response that calls "rtpproxy_manage("fco+SP") during a failure_route will crash.
This is because the OP_DELETE operation does not initialise the flags variable. See rtpproxy.c:1119 (rtpp_function_call(...))
I've attached a patch that will only add items to initialised lists. I assume that no flags are required for a DELETE operation, but please confirm this and review!
Regards, Hugh
On 08/28/13 13:44, Hugh Waite wrote:
Hello,
I have discovered that calling rtpproxy_manage for a failure response will cause a segfault if certain flags are passed. E.g. A "488 Not Acceptable Here" response that calls "rtpproxy_manage("fco+SP") during a failure_route will crash.
This is because the OP_DELETE operation does not initialise the flags variable. See rtpproxy.c:1119 (rtpp_function_call(...))
I've attached a patch that will only add items to initialised lists. I assume that no flags are required for a DELETE operation, but please confirm this and review!
Hi,
Thanks for the report and the patch. I'll fix it in a different way because the bencode_list_add*() functions are supposed to be safe to be called with NULL arguments. I thought they were, but it looks like they're not :)
cheers
-
Hugh Waite -
Richard Fuchs