Commit 8b381d89 authored by Sébastien Le Stum's avatar Sébastien Le Stum Committed by Sébastien Blin

sipaccount: prevent use-after-free on error in onComplete

Using release() on a unique_ptr container will transfer the ownership
and actually empty the unique_ptr, leaving it NULL.

Fix a potential use-after-free if the send_request fails by scoping in
the release of the context pointer.

Change-Id: I495964fd9b0edd24b528649bace679369a967dd5
parent 5325b647
......@@ -2242,15 +2242,16 @@ SIPAccount::onComplete(void* token, pjsip_event* event)
cseq_hdr->cseq += 1;
// Resend request
ctx* token_ptr = c.release();
status = pjsip_endpt_send_request(acc->link_.getEndpoint(),
new_request,
-1,
c.release(),
token_ptr,
&onComplete);
if (status != PJ_SUCCESS) {
JAMI_ERR("Unable to send request: %s", sip_utils::sip_strerror(status).c_str());
acc->messageEngine_.onMessageSent(c->to, c->id, false);
acc->messageEngine_.onMessageSent(token_ptr->to, token_ptr->id, false);
}
return;
} else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment