From 519d65096a6a5c6702f194c29da45140ce698c01 Mon Sep 17 00:00:00 2001
From: Matthew Jordan <mjordan@digium.com>
Date: Thu, 4 Oct 2012 02:09:43 +0000
Subject: Check for presence of buddy in info/dinfo handlers
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-19532
Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=374335

The res_jabber resource module uses the ASTOBJ library for managing its ref
counted objects.  After calling ASTOBJ_CONTAINER_FIND to locate a buddy object,
the pointer to the object has to be checked to see if the buddy existed.
Prior to this patch, the buddy object was not checked for NULL; with this patch
in both aji_client_info_handler and aji_dinfo_handler the pointer is checked
before used and, if no buddy object was found, the handlers return an error
code.

---
 res/res_jabber.c |   12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/res/res_jabber.c b/res/res_jabber.c
index 764ec6d..7d4eb66 100644
--- a/res/res_jabber.c
+++ b/res/res_jabber.c
@@ -2004,6 +2004,12 @@ static int aji_client_info_handler(void *data, ikspak *pak)
 	struct aji_resource *resource = NULL;
 	struct aji_buddy *buddy = ASTOBJ_CONTAINER_FIND(&client->buddies, pak->from->partial);
 
+	if (!buddy) {
+		ast_log(LOG_NOTICE, "JABBER: Received client info from unknown buddy: %s.\n", pak->from->full);
+		ASTOBJ_UNREF(client, ast_aji_client_destroy);
+		return IKS_FILTER_EAT;
+	}
+
 	resource = aji_find_resource(buddy, pak->from->resource);
 	if (pak->subtype == IKS_TYPE_RESULT) {
 		if (!resource) {
@@ -2071,6 +2077,12 @@ static int aji_dinfo_handler(void *data, ikspak *pak)
 	struct aji_resource *resource = NULL;
 	struct aji_buddy *buddy = ASTOBJ_CONTAINER_FIND(&client->buddies, pak->from->partial);
 
+	if (!buddy) {
+		ast_log(LOG_NOTICE, "JABBER: Received client info from unknown buddy: %s.\n", pak->from->full);
+		ASTOBJ_UNREF(client, ast_aji_client_destroy);
+		return IKS_FILTER_EAT;
+	}
+
 	if (pak->subtype == IKS_TYPE_ERROR) {
 		ast_log(LOG_WARNING, "Received error from a client, turn on jabber debug!\n");
 		ASTOBJ_UNREF(client, ast_aji_client_destroy);
-- 
1.7.10.4

