RuhNetConsulting
/
rtpengine
mirror of https://github.com/sipwise/rtpengine
1
1
Fork 0
Code Issues 0 Projects 0 Releases 822 Wiki Activity
Browse Source

MT#57848 safeguard against NULL dereferences 

Make sure we don't try to send on closed sockets or to endpoints which
haven't been initialised.

Fixes unexpected fallout from 83c7336e

Change-Id: If73d61e52edeb72257515adab7428ecef82c2797
pull/1694/head
Richard Fuchs 2 years ago
parent
4ab95a049f
commit
8266b2da78
5 changed files with 8 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -0
      daemon/call.c
  2. +1
    -1
      daemon/media_player.c
  3. +2
    -0
      daemon/rtcp.c
  4. +1
    -1
      daemon/t38.c
  5. +2
    -0
      lib/socket.c

+ 2
- 0
daemon/call.c View File

@ -1055,6 +1055,8 @@ enum call_stream_state call_stream_state_machine(struct packet_stream *ps) {
static const str fake_rtp = STR_CONST_INIT("\x80\x7f\xff\xff\x00\x00\x00\x00"
"\x00\x00\x00\x00");
struct stream_fd *sfd = l->data;
if (sfd->socket.fd == -1 || ps->endpoint.address.family == NULL)
continue;
socket_sendto(&sfd->socket, fake_rtp.s, fake_rtp.len, &ps->endpoint);
atomic64_inc(&ps->stats_out.packets);
atomic64_add(&ps->stats_out.bytes, fake_rtp.len);


+ 1
- 1
daemon/media_player.c View File

@ -230,7 +230,7 @@ static void send_timer_rtcp(struct send_timer *st, struct ssrc_ctx *ssrc_out) {
static bool __send_timer_send_1(struct rtp_header *rh, struct packet_stream *sink, struct codec_packet *cp) {
struct stream_fd *sink_fd = sink->selected_sfd;
if (!sink_fd || sink_fd->socket.fd == -1)
if (!sink_fd || sink_fd->socket.fd == -1 || sink->endpoint.address.family == NULL)
return false;
log_info_stream_fd(sink->selected_sfd);


+ 2
- 0
daemon/rtcp.c View File

@ -1575,6 +1575,8 @@ void rtcp_send_report(struct call_media *media, struct ssrc_ctx *ssrc_out) {
if (!ps->selected_sfd || !rtcp_ps->selected_sfd)
return;
if (ps->selected_sfd->socket.fd == -1 || ps->endpoint.address.family == NULL)
return;
media_update_stats(media);


+ 1
- 1
daemon/t38.c View File

@ -223,7 +223,7 @@ static int t38_gateway_handler(t38_core_state_t *stat, void *user_data, const ui
struct stream_fd *sfd = NULL;
if (ps)
sfd = ps->selected_sfd;
if (sfd) {
if (sfd && sfd->socket.fd != -1 && ps->endpoint.address.family != NULL) {
for (int i = 0; i < count; i++) {
ilog(LOG_DEBUG, "Sending %u UDPTL bytes", (unsigned int) s->len);
socket_sendto(&sfd->socket, s->str, s->len, &ps->endpoint);


+ 2
- 0
lib/socket.c View File

@ -359,6 +359,8 @@ static ssize_t __ip_sendmsg(socket_t *s, struct msghdr *mh, const endpoint_t *ep
static ssize_t __ip_sendto(socket_t *s, const void *buf, size_t len, const endpoint_t *ep) {
struct sockaddr_storage sin;
if (!ep->address.family)
return -1;
ep->address.family->endpoint2sockaddr(&sin, ep);
return sendto(s->fd, buf, len, 0, (void *) &sin, ep->address.family->sockaddr_size);
}


Write Preview
Loading…
Cancel
Save