From ae098f7d86ba022d34b1fcd013a8504b023648f7 Mon Sep 17 00:00:00 2001 From: Razvan Crainea Date: Mon, 20 Nov 2023 15:17:50 +0200 Subject: [PATCH] b2b_logic: unlink entity in the tuple before destroying This prevents a crash generated while trying to iterate through the tuple bridging_entities in the local route - since the entity has been destroyed, but not removed from the tuple, accessing it may cause in invalid memory access and crashes. Thanks go to @BTa7BxrHYn on GitHub for reporting it Close #3240 --- modules/b2b_logic/bridging.c | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/b2b_logic/bridging.c b/modules/b2b_logic/bridging.c index 8d66ae328d8..54fac2d853b 100644 --- a/modules/b2b_logic/bridging.c +++ b/modules/b2b_logic/bridging.c @@ -2147,6 +2147,7 @@ int b2bl_bridge_msg(struct sip_msg* msg, str* key, int entity_no, str *adv_ct) } old_entity->peer = NULL; + tuple->bridge_entities[(entity_no?0:1)] = NULL; /* remove the disconected entity from the tuple */ if(0 == b2bl_drop_entity(old_entity, tuple)) {