Fix early_announce crash on DB connect and resource leaks (#287)

- Check fopen() return before fwrite(): when fopen fails (permissions,
  SELinux, full disk) the NULL FILE* was passed to fwrite(), causing
  segfault at address 1 inside glibc — the exact crash reported.
- Move delete stmt/result before return so they are actually reached;
  the previous code returned before the deletes, leaking on every query.
- Add cleanup of stmt/result in the catch block so an SQL exception
  does not leak the already-allocated objects.
- Guard the get_announce_file function-pointer call in onInvite()
  against NULL (module not initialised), returning 500 instead of
  crashing the process.
- Add missing <string.h> and <errno.h> includes for strerror(errno).

Closes #287

Author: Marcel Hecko

apps/early_announce/EarlyAnnounce.cpp

@@ -94,34 +94,45 @@ int get_announce_msg(const string &user, const string &domain,
 	    message + "' and language='" + language + "'";
     }
 
+    sql::Statement *stmt = NULL;
+    sql::ResultSet *result = NULL;
+
     try {
-	    
+
       DBG("Query string <%s>\n", query_string.c_str());
 
-      sql::Statement *stmt;
-      sql::ResultSet *result;
+      int ret = 1;
 
       stmt = connection->createStatement();
       result = stmt->executeQuery(query_string);
       if (result->next()) {
 	FILE *file;
 	file = fopen((*audio_file).c_str(), "wb");
-	string s = result->getString("audio");
-	fwrite(s.data(), 1, s.length(), file);
-	fclose(file);
-	return 1;
+	if (file == NULL) {
+	  ERROR("Cannot open file '%s': %s\n",
+		audio_file->c_str(), strerror(errno));
+	  *audio_file = "";
+	  ret = 0;
+	} else {
+	  string s = result->getString("audio");
+	  fwrite(s.data(), 1, s.length(), file);
+	  fclose(file);
+	}
       } else {
 	*audio_file = "";
-	return 1;
       }
 
-      delete stmt;
       delete result;
+      delete stmt;
+
+      return ret;
 
     }
 
     catch (sql::SQLException &er) {
 	ERROR("MySQL query error: %s\n", er.what());
+	delete result;
+	delete stmt;
 	*audio_file = "";
 	return 0;
     }
@@ -332,8 +343,13 @@ AmSession* EarlyAnnounceFactory::onInvite(const AmSipRequest& req, const string&
   string language = get_header_keyvalue(iptel_app_param,"Language");
   string announce_file = "";
 
+  if (get_announce_file == NULL) {
+    ERROR("early_announce module not initialized\n");
+    throw AmSession::Exception(500, MOD_NAME " not initialized");
+  }
+
   get_announce_file(req.user, req.domain, language, &announce_file);
- 
+
   return new EarlyAnnounceDialog(announce_file);
 }
 

apps/early_announce/EarlyAnnounce.h

@@ -39,6 +39,8 @@ using std::string;
 #include <cppconn/resultset.h>
 #include <cppconn/statement.h>
 #include <stdio.h>
+#include <string.h>
+#include <errno.h>
 #include <string>
 #endif