From 3108457d8f96a133fe2ab4212710b03dd2fbd967 Mon Sep 17 00:00:00 2001 From: Naveen Albert Date: Wed, 24 Nov 2021 02:21:23 +0000 Subject: [PATCH] chan_sip: Fix crash when accessing RURI before initiating outgoing call Attempting to access ${CHANNEL(ruri)} in a pre-dial handler before initiating an outgoing call will cause Asterisk to crash. This is because a null field is accessed, resulting in an offset from null and subsequent memory access violation. Since RURI is not guaranteed to exist, we now check if the base pointer is non-null before calculating an offset. ASTERISK-29772 Change-Id: Icd3b02f07256bbe6615854af5717074087b95a83 --- channels/sip/dialplan_functions.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/channels/sip/dialplan_functions.c b/channels/sip/dialplan_functions.c index 7c34fc9023..74106d1be7 100644 --- a/channels/sip/dialplan_functions.c +++ b/channels/sip/dialplan_functions.c @@ -166,8 +166,12 @@ int sip_acf_channel_read(struct ast_channel *chan, const char *funcname, char *p } else if (!strcasecmp(args.param, "uri")) { ast_copy_string(buf, p->uri, buflen); } else if (!strcasecmp(args.param, "ruri")) { - char *tmpruri = REQ_OFFSET_TO_STR(&p->initreq, rlpart2); - ast_copy_string(buf, tmpruri, buflen); + if (p->initreq.data) { + char *tmpruri = REQ_OFFSET_TO_STR(&p->initreq, rlpart2); + ast_copy_string(buf, tmpruri, buflen); + } else { + return -1; + } } else if (!strcasecmp(args.param, "useragent")) { ast_copy_string(buf, p->useragent, buflen); } else if (!strcasecmp(args.param, "peername")) {