[OpenSIPS-Devel] [OpenSIPS/opensips] c78b9e: rtpengine: fix use-after-free of flags string in b...
Norm Brandinger
noreply at github.com
Fri Apr 17 13:48:36 UTC 2026
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: c78b9e908b2896efbef3f7b0f9a111c4399ac34a
https://github.com/OpenSIPS/opensips/commit/c78b9e908b2896efbef3f7b0f9a111c4399ac34a
Author: Norm Brandinger <n.brandinger at gmail.com>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
M modules/rtpengine/rtpengine.c
Log Message:
-----------
rtpengine: fix use-after-free of flags string in bencode dictionary (#3816)
parse_flags() stores pointers into the pkg-allocated flags_nt.s buffer
via bencode_str() and bencode_dictionary_add_len(), which hold references
(not copies). The buffer was freed via pkg_free() before
send_rtpe_command() serialized the dictionary, causing garbled output
for key=value flags like media-address.
Fix by deferring the free via bencode_buffer_destroy_add(), which
ensures the buffer lives until bencode_buffer_free() is called after
the command is sent.
Fixes: https://github.com/OpenSIPS/opensips/issues/3784
To unsubscribe from these emails, change your notification settings at https://github.com/OpenSIPS/opensips/settings/notifications
More information about the Devel
mailing list