Kinsey Moore [Tue, 25 Mar 2014 15:50:39 +0000 (15:50 +0000)]
chan_sip: Fix incorrect use of timers
If update_provisional_keepalive() is called while
send_provisional_keepalive_full() is waiting on the PVT lock, then
pvt->provisional_keepalive_sched_id will be changed to a new sched_id
value by update_provisional_keepalive(), but that new sched_id then may
be overwritten with -1 by send_provisional_keepalive_full(), killing
the pvt's reference to a schedule and "leaking" the reference.
(closes issue ASTERISK-22079)
Review: https://reviewboard.asterisk.org/r/3368/
Reported by: Jamuel Starkey, Matteo, Leif Madsen, Steve Davies
Patches:
provisional_keepalive_fix.diff uploaded by Steve Davies (license 5012)
Russ Meyerriecks [Mon, 17 Mar 2014 21:14:21 +0000 (21:14 +0000)]
callerid: Logic error in checksum processing
Callerid checksum-ing was being handled incorrectly here. When the checksum is
calculated to be 0x00, it will perform 0x100-0x00 which results in 0x100. This
value will then fail the otherwise correct callerid message.
This patch changes the logic to simply add the calculated checksum to the
transmitted 2's compliment checksum.
Kinsey Moore [Mon, 10 Mar 2014 13:15:18 +0000 (13:15 +0000)]
AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
Matthew Jordan [Fri, 7 Mar 2014 04:35:43 +0000 (04:35 +0000)]
chan_sip: Allow static realtime members to be qualified during module load.
When a static realtime peer with qualify=yes is loaded, Asterisk will fail to
send an OPTIONS request due to the lastms being equal to 0. This results in
the peer being unable to receive calls from Asterisk because the status is
permanently UNKNOWN.
This patch allows an OPTIONS request to be sent during module load by
ignoring the lastms value on startup only.
Review: https://reviewboard.asterisk.org/r/3294/
(closes issue ASTERISK-17523)
Reported by: Maciej Krajewski
Tested by: wushumasters
patches:
realtime_fix_11.7.0.txt uploaded by Trevor Peirce (license 6112)
Russell Bryant [Thu, 6 Mar 2014 23:01:26 +0000 (23:01 +0000)]
moh: fix a refcount error with realtime MOH
I observed a crash in res_musiconhold on an Asterisk 11 system using realtime
MOH. Investigation of the backtrace showed a corrupt mohclass, implying that
it got destroyed before the code expected it to. I went looking for reference
counting errors that could have caused this crash and this patch this result.
It contains 2 changes.
1) Remove a usless block of code that was impossible to reach. There was even
a comment indicating that it was impossible to reach. The conditional includes
"!ast_test_flag(global_flags, MOH_CACHERTCLASSES)" and it's inside of an if
block with the opposite check "ast_test_flag(global_flags,
MOH_CACHERTCLASSES)". There's no good reason to keep it around.
2) A similar block to #1 contained a reference counting error. It stores
state->class in the local variable mohclass without increasing its reference
count. The reference count on mohclass is decremented at the end of the
function. This block of code probably very rarely runs, which would help
explain why this system was working fine for many months before experiencing a
crash.
Kinsey Moore [Wed, 5 Mar 2014 20:31:09 +0000 (20:31 +0000)]
config: Fix inverted test
The test of the result of the stat() call was inverted such that its
output was only used if the call failed. This inverts the test so that
the output of stat() is used correctly. This was causing full reloads
on unchanged files.
(closes issue ASTERISK-23383)
Reported by: David Woolley
David M. Lee [Wed, 5 Mar 2014 16:50:48 +0000 (16:50 +0000)]
Corrected cross-platform stat nanosecond code
When nanosecond time resolution was added for identifying config file
changes, it didn't cover all of the myriad of ways that one might obtain
nanosecond time resolution off of struct stat.
Rather than complicate the #if even further figuring out one system from
the next, this patch directly tests for the three struct members I know
about today, and #ifdef's accordingly.
Add update_peer function to unistim_rtp_glue, improve other unistim_rtp_glue functions conforming to other channel drivers. Do not forget auto-detected and user-selected phone settings on 'unistim reload'
func_audiohookinheritance: Check If A Channel Was Specified
This patch prevents a crash when using the function audiohookinheritance without
setting the channel.
(closes issue ASTERISK-23104)
Reported by: Joel Vandal
Tested by: Joel Vandal
Patches:
asterisk-23104_audiohook_inherit_no_channel-11.diff
uploaded by Michael L. Young (license 5026)
Kinsey Moore [Tue, 4 Mar 2014 16:50:24 +0000 (16:50 +0000)]
AO2: Add an assert for bad objects
This adds an assert that will only be active if Asterisk is compiled
with DO_CRASH and allows the testsuite to fail tests that would
otherwise require log file parsing.
Kinsey Moore [Tue, 4 Mar 2014 15:31:05 +0000 (15:31 +0000)]
rtp_engine: Clean up after a failed remote bridge
Upon failure of an INVITE transaction meant to initiate a remote native
bridge, rtp_engine.c would not clean up non-reference-counted bridge
instance pointers leaving a dangling pointer which was being used to
perform a local native bridge after the other channel had hung up. This
lead to dereferencing into freed memory and plenty of AO2 errors. This
change allows the remote native bridge loop to clean up properly when
the bridge fails.
(closes issue ASTERISK-23310)
Reported by: Jeremy Laine
Tzafrir Cohen [Sun, 2 Mar 2014 10:58:13 +0000 (10:58 +0000)]
Makefile: replace -O6 with -O3
-O6 is not a legal option of gcc. Unofficially gcc considers it to be
equivalent of -O3. clang chalks on it, though. This commit sets the
default optimization flag to be -O3, like gcc actually considered it.
David M. Lee [Thu, 27 Feb 2014 16:23:11 +0000 (16:23 +0000)]
Fix memory stomping bug in astman.
This memset complained in dev mod on my Ubuntu box. The memset is both
unnecessary and dangerous. At this point, m hasn't been initialized
yet, so the memset will write off to whatever address happens to be
on the stack at the time.
Corey Farrell [Thu, 27 Feb 2014 15:59:15 +0000 (15:59 +0000)]
res_fax: Warn that minrate=2400 is not valid for V.27 instead of failing load.
Change minrate from 2400 to 4800 on config reload in response to changes from
ASTERISK-22790 only. Any config with minrate of 2400 that would fail before
r405693 will still fail.
Comment out many settings in res_fax.conf.sample. The defaults are set in
res_fax.c, so setting the same value in sample config does nothing but make
the sample config more fragile.
(closes issue ASTERISK-23231)
Reported by: David Brillert
Review: https://reviewboard.asterisk.org/r/3261/
Matthew Jordan [Thu, 27 Feb 2014 12:39:34 +0000 (12:39 +0000)]
rtp_engine: fix crash during remote native bridging when calling get_codecs
When two RTP channels are in a remote bridge, the remote bridging loop in
rtp_engine will periodically check to see if the two channels can still be
bridged. One of the many things it checks is whether or not the codecs have
changed on the channel. If the codec has changed, it will break out of the
loop to re-determine which type of bridge is appropriate.
In order to perform this check, the ast_rtp_glue virtual table's get_codec
callback is called for each channel. The callback implementations assume
that the channel tech private is valid when called; as such, there has
always been some code in place to check whether or not the channel pvt is
NULL before calling. However, this check is insufficient.
The channels are unlocked during the remote bridging loop. It is possible
for a channel to get masqueraded between the check for the pvt being NULL and
the actual call to get_codec. When this occurs, the callback is called with a
ZOMBIE channel, which now has a NULL pvt. Crash.
While this has always been possible in Asterisk 1.8, it is much more likely to
occur in Asterisk 11 and later versions due to the timing changes that occur
when getting the codec from a channel. Note that this is much more likely to be
reproduced on slow, boggy hardware running Asterisk 11 - but fairly rarely
otherwise.
Also Note: This crash was also caught by the various SIP blind transfer tests,
in addition to the bug report Alec filed.
Review: https://reviewboard.asterisk.org/r/3247/
(closes issue ASTERISK-21737)
Reported by: Alec Davis
Tested by: Alec Davis
Kevin Harwell [Fri, 21 Feb 2014 20:18:45 +0000 (20:18 +0000)]
app_forkcdr: ForkCDR v option does not keep CDR variables for subsequent records
When the 'v' option is specified to ForkCDR application, AST_CDR_FLAG_KEEP_VARS
flag is set only for the first CDR in the chain. So ForkCDR works fine with this
option only once. After the second and further calls to ForkCDR, CDR variables
get cleared on all CDRs besides the first one and moved to the newly forked CDR.
It always sets the KEEP_VARS flag on the first CDR in the chain, instead of the
most recent CDR which is used as a base to fork a new CDR.
This patch sets KEEP_VARS flag on the most recent CDR on the stack (the CDR used
for forking).
Kevin Harwell [Fri, 21 Feb 2014 15:24:27 +0000 (15:24 +0000)]
channel.c: MOH is not working for transferee after attended transfer
Updated the code to check to see if MOH is playing on the transferor and if
so then start it on the channel that replaces it during a masquerade.
Example scenario of the problem:
Alice calls Bob and then Bob begins the attended transfer process into a queue.
Upon going on hold Alice hears music and so does Bob once he is in the queue.
Bob then transfers Alice into the queue and then music for Alice stops even
though she should be hearing it since has now replaced Bob in the queue.
The problem that was occurring is that once the channel was masqueraded the app
(queues, confbridge, etc...) had no way of knowing that the channel had just
been swapped out thus it did not start music for the present channel.
Credit to Olle Johansson for pointing me in the right direction on this issue.
(closes issue ASTERISK-19499)
Reported by: Timo Teräs
Review: https://reviewboard.asterisk.org/r/3226/
Michael L. Young [Fri, 21 Feb 2014 00:46:35 +0000 (00:46 +0000)]
app_chanspy: Documentation Update To Clarify "x" Option
When using the "x" option (specify a DTMF digit to exit the application), it is
not obvious in the documentation that this only works when spying on a channel.
If a channel being used to spy on other channels is waiting to connect to a
channel or is no longer attached to a channel, the DTMF is ignored.
As noted on the issue tracker, since there are workarounds available and this is
a rarely used option we are opting for a documentation change here.
(closes issue ASTERISK-22661)
Reported by: Chris Hillman
Patches:
asterisk-22661-doc-clarify-chan_spy.diff
uploaded by Michael L. Young (license 5026)
Richard Mudgett [Wed, 19 Feb 2014 19:01:05 +0000 (19:01 +0000)]
config: Add file size and nanosecond resolution fields to the cached modified config file information.
Repeatedly modifying config files and reloading too fast sometimes fails
to reload the configuration because the cached modification timestamp has
one second resolution.
* Added file size and nanosecond resolution fields to the cached config
file modification timestamp information. Now if the file size changes or
the file system supports nanosecond resolution the modified file has a
better chance of being detected for reload.
* Added a missing unlock in an off-nominal code path.
Matthew Jordan [Sun, 16 Feb 2014 03:14:52 +0000 (03:14 +0000)]
pbx: Handle a completely empty dialplan during a context merge
It is highly unlikely, but - at least in Asterisk 12 - theoretically possible
to load Asterisk with no dialplan whatsoever. If that occurs, and some other
module (that is not a pbx module) attempts to merge its contexts into the
dialplan, the existing merge routine will crash. This is because it is not
insane, and rightly believes that you provided some sort of dialplan,
somewhere.
This patch will gracefully merge the contexts in such a case. Note that this
is highly unlikely to occur in 1.8/11, as features will most likely provide
some dialplan via parking. However, in Asterisk 12, parking is now provided
by res_parking, and hence may create its dialplan later.
(closes issue ASTERISK-23297)
Reported by: CJ Oster
In pbx.c ast_custom_function_unregister(), a list
of escalations being removed from the list wasn't
being free'd creating a leak. This patch corrects
that by freeing the records.
Walter Doekes [Mon, 10 Feb 2014 16:33:21 +0000 (16:33 +0000)]
res_config_pgsql: Fix ast_update2_realtime calls.
Fix so multiple updates from a single call works (add missing ',').
Remove bogus ast_free's that weren't supposed to be there.
Moved a few spaces for readability.
Tzafrir Cohen [Sun, 9 Feb 2014 15:34:53 +0000 (15:34 +0000)]
chan_dahdi: handle DAHDI_EVENT_REMOVED on a pri D-Channel
When a DAHDI device is removed at run-time it sends the event
DAHDI_EVENT_REMOVED on each channel. This is intended to signal the
userspace program to close the respective file handle, as the driver of
the device will need all of them closed to properly clean-up.
This event has long since been handled in chan_dahdi (chan_zap at the
time). However the event that is sent on a D-Channel of a "PRI" (ISDN)
span simply gets ignored.
This commit adds handling for closing the file descriptor (and shutting
down the span, while we're at it).
It also adds a CLI command 'pri destroy span <N>' to destroy the span
and its DAHDI channels.
Richard Mudgett [Fri, 7 Feb 2014 17:16:42 +0000 (17:16 +0000)]
chan_iax2: Block unnecessary control frames to/from the wire.
Establishing an IAX2 call between Asterisk v1.4 and v1.8 (or later)
results in an unexpected call disconnect. The problem happens because
newer values in the enum ast_control_frame_type are not consistent between
the branch versions of Asterisk.
For example:
1) v1.4 calls v1.8 (or later) using IAX2
2) v1.8 answers and sends a connected line update control frame. (on v1.8
AST_CONTROL_CONNECTED_LINE = 22)
3) v1.4 receives the control frame as an end-of-q (on v1.4
AST_CONTROL_END_OF_Q = 22)
4) v1.4 disconnects the call once the receive queue becomes empty.
Several things are done by this patch to fix the problem and attempt to
prevent it from happening again in the future:
* Added a warning at the definition of enum ast_control_frame_type about
how to add new control frame values.
* Made block sending and receiving control frames that have no reason to
go over the wire.
* Extended the connectedline iax.conf parameter to also include the
redirecting information updates.
* Updated the connectedline iax.conf parameter documentation to include a
notice that the parameter must be "no" when the peer is an Asterisk v1.4
instance.
Tzafrir Cohen [Fri, 7 Feb 2014 12:59:04 +0000 (12:59 +0000)]
indications.conf: add stutter tone; end properly
* If the "stutter" (voicemail indication) tone is indeed a stutter tone,
and it ends with a constant tone, make sure that it is the dial tone.
This was done for India (in), Mexico (mx) and the Philippines (ph).
* If no "stutter" tone exists for a country, provide one. This was done for
Spain (es), Malaysia (my) and Venezuela (ve).
Rusty Newton [Wed, 5 Feb 2014 22:58:08 +0000 (22:58 +0000)]
formats/format_wav: enhancing log message "Not a wav file" to be clear on what is supported
Modifying the log message to be more specific as to what is supported. Specifically it seems format_wav supports only PCM encoded versions with a lower-case '.wav' extension.
(closes issues ASTERISK-22310)
Reported by: Jim Credland
Review: https://reviewboard.asterisk.org/r/3188/
Kinsey Moore [Wed, 5 Feb 2014 20:30:53 +0000 (20:30 +0000)]
Logger: Fix handling of absolute paths
This fixes path handling for log files so that an extra / is not
appended to the file path when the path is absolute (begins with /).
This would previously result in different but functionally equivalent
paths in the output of 'logger show channels'.
Joshua Colp [Tue, 4 Feb 2014 02:19:22 +0000 (02:19 +0000)]
res_clialiases: Fix crash when reloading and re-aliasing an alias that is in use.
The code assumed that unregistering the alias would always succeed while in
practice this is not actually true. A common case is the "reload" command itself.
If the cli_aliases.conf configuration file was changed and reload executed the
command would fail to unregister and ultimately point to freed memory.
The reload process now checks whether unregistering succeeded or not and if not
the old CLI alias is retained.
(closes issue ASTERISK-19773)
Reported by: Joel Vandal
Corey Farrell [Sat, 1 Feb 2014 00:22:52 +0000 (00:22 +0000)]
app_stack: protect against missing parameters to STACK_PEEK and LOCAL_PEEK
STACK_PEEK requires 2 parameters and LOCAL_PEEK requires 1 parameter. This
protects against situations where those parameters are blank or missing by
logging an error and returning.
(closes issue ASTERISK-23220)
Reported by: James Sharp
Matthew Jordan [Fri, 31 Jan 2014 23:18:17 +0000 (23:18 +0000)]
app_dial: Allow macro/gosub pre-bridge execution to occur on priorities
The parsing for the destination of the macro/gosub uses the '^' character to
separate out context, extension, and priority. However, the logic for the
macro/gosub execution was written such that it would only do the actual
macro/gosub jump if a '^' character existed. This doesn't apply when the
macro/gosub jump occurs in a priority/priority label. This patch changes
the logic so that the parsing still occurs, but the jump will occur even
for priorities/priority labels.
Corey Farrell [Thu, 30 Jan 2014 20:26:52 +0000 (20:26 +0000)]
res_rtp_asterisk & udptl: fix port selection to work with SELinux restrictions
ast_bind to a port reserved for another program by SELinux causes
errno == EACCES. This caused random failures when binding rtp or
udptl sockets. Treat EACCES as a non-fatal error, try next port.
Asterisk's RADIUS module currently build against libradiusclient-ng, but this
project has been superseeded by libfreeradius-client. The API is 99% compatible
except that the header name has changed, the library name has changed, and
the configuration file location has changed.
(closes issue ASTERISK-22980)
Reported by: Jeremy Lainé
Patches:
freeradius-client.patch uploaded by sharky (license 6561)
rtp_engine: improved handling of get_rtp_info failure
In ast_rtp_instance_make_compatible(), after a failure of
channel tech call get_rtp_info() to return peer_instance,
the null pointer would be passed to ao2_ref, producing an
error that looked like a refernce counting problem but is
not. This patch corrects that and adds helpful LOG_ERROR
messages to indicate which failure path occurred.
Russell Bryant [Mon, 27 Jan 2014 20:34:31 +0000 (20:34 +0000)]
Allow nested #includes in extconfig.conf
extconfig.conf was hard-coded to not allow nested includes for some reason.
The code has been this way since a patch was merged for ASTERISK-3333 (revision
4889), which was a significant update to this code ("Merge config updates").
I can't figure out any good reason why this should be limited. This patch just
removes the limit and uses the default nesting depth limit.
Russell Bryant [Mon, 27 Jan 2014 01:07:07 +0000 (01:07 +0000)]
Protect ast_filestream object when on a channel
The ast_filestream object gets tacked on to a channel via
chan->timingdata. It's a reference counted object, but the reference
count isn't used when putting it on a channel. It's theoretically
possible for another thread to interfere with the channel while it's
unlocked and cause the filestream to get destroyed.
Use the astobj2 reference count to make sure that as long as this code
path is holding on the ast_filestream and passing it into the file.c
playback code, that it knows it's valid.
Richard Mudgett [Fri, 24 Jan 2014 22:56:09 +0000 (22:56 +0000)]
CEL: Protect data structures during reload and shutdown.
The CEL data structures need to be protected during a configuration reload
and shutdown. Asterisk crashed during a shutdown because CEL events were
still in flight and the CEL data structures were already destroyed.
* Protected the appset and linkedids ao2 containers using the reload_lock.
* Added NULL checks before use of the appset and linkedids ao2 containers
in case the CEL module is already shutdown.
* Fixed overloading of the linkedids held objects reference count. During
shutdown any held objects would be leaked.
* Fixed memory leak of linkedids held objects if the LINKEDID_END is not
being tracked. The objects in the linkedids container were not removed if
the LINKEDID_END event is not used.
* Added access protection to the appset container during the CLI "cel show
status" command.
* Made CEL config reload not set defaults if the cel.conf file is invalid.
pbx.c: Pre-initialize timezone to avoid crash on destroy
In ast_build_timing, initialize the timezone value to NULL
in order to avoid deferencing an uninitialized value later
when calling ast_destroy_timing. The timezone value could
be uninitialized if ast_build_timing were to fail due to a
zero length time string.
(closes issue ASTERISK-22861)
Reported by: Sebastian Murray-Roberts
Review: https://reviewboard.asterisk.org/r/3134/
Patches:
ast_build_timing-initialize-timezone.patch uploaded by coreyfarrell (license 5909)
Kinsey Moore [Wed, 22 Jan 2014 18:27:19 +0000 (18:27 +0000)]
chan_sip: Decline image streams on unsupported transports
This change allows chan_sip to decline individual image streams over
unsupported transports in the SDP of the 200 response. Previously,
an image stream offer with RTP/AVP as the transport would cause
chan_sip to respond with a 488.
(closes issue ASTERISK-22988)
Reported by: adomjan
Original patch by: adomjan
Rusty Newton [Fri, 17 Jan 2014 15:39:23 +0000 (15:39 +0000)]
Documentation: doc fixes across various parts of the code for ASTERISK issues 23061,23028,23046,23027
Fixes typos of "transfered" instead of "transferred" in various code. Fixes incorrect gosub param help text for app_queue.
Fixes Asterisk man pages containing unquoted minus signs. Adds note about the "textsupport" option in sip.conf.sample.
(issue ASTERISK-23061)
(issue ASTERISK-23028)
(issue ASTERISK-23046)
(issue ASTERISK-23027)
(closes issue ASTERISK-23061)
(closes issue ASTERISK-23028)
(closes issue ASTERISK-23046)
(closes issue ASTERISK-23027)
Reported by: Eugene, Jeremy Laine, Denis Pantsyrev
Patches:
transferred.patch uploaded by Jeremy Laine (license 6561)
hyphen.patch uploaded by Jeremy Laine (license 6561)
sip.conf.sample.patch uploaded by Eugene (license 6360)
Kevin Harwell [Thu, 16 Jan 2014 17:27:05 +0000 (17:27 +0000)]
res_fax: check_modem_rate() returned incorrect rate for V.27
According to the new standard for V.27 and V.32 they are able to transmit
at a bit rate of 4,800 or 9,600. The check_mode_rate function needed to be
updated to reflect this. Also, because of this change the default 'minrate'
value was updated to be 4800.
(closes issue ASTERISK-22790)
Reported by: Paolo Compagnini
Patches:
res_fax.txt uploaded by looserouting (license 6548)
Joshua Colp [Wed, 15 Jan 2014 16:34:45 +0000 (16:34 +0000)]
cel_manager: Don't crash if configuration file is invalid.
The cel_manager module did not properly handle the case where the
configuration file was invalid. The module will now output a warning
message and disable itself if this occurs.
chan_sip: No BYE message sent after INVITE with Replaces
Setting channel state DOWN is an unnecessary step that was
only being done in handle_invite_replaces(). This changes
that by removing the call and reducing locking.
(closes issue ASTERISK-23010)
Reported by: Ryan Tilton
Review: https://reviewboard.asterisk.org/r/3116/
chan_sip: fix Local From tag on outbound register regression
In ASTERISK-12117, an improvement to insure consistant local from tags
on outbound registrations resulted in an undesirable behavior - caused
by leftover unexpired sip_pvt dialogs (with the previous cseq number),
resulting in many uncessary REGISTER requests. Instead of significant
rework of transmit_register(), this change deletes the dialogs after a
200 OK response indiciating a successful registration, keeping the old
dialogs from interfering with normal operation.
(closes issue ASTERISK-22946)
Reported by: Stephan Eisvogel
Review: https://reviewboard.asterisk.org/r/3109/
Matthew Jordan [Tue, 14 Jan 2014 15:31:08 +0000 (15:31 +0000)]
chan_sip: Hangup transferer/transferee when transfer to Parking fails
When performing a SIP transfer to a Park extension, if the Park fails, chan_sip
will currently not hang up either the transferer or the transfer target. This
results in the channels being orphaned with no thread to service frames,
resulting in stuck channels.
This patch immediately hangs up the two channels if a Park fails.
(closes issue ASTERISK-22834)
Reported by: rsw686
(closes issue ASTERISK-23047)
Reported by: Tommy Thompson
Kinsey Moore [Tue, 7 Jan 2014 19:49:27 +0000 (19:49 +0000)]
Add the missing part of r400140
When the patch to add retry-on-forbidden-response was committed, part
of the patch for chan_sip was not committed which caused the feature to
be entirely nonfunctional. This corrects the code in question.
In r404674 the AST_TEST_DEFINE(test_REPLACE) test was added
that made use of a function that doesn't exist in 1.8. This
fixes that by reverting to directly accessing chan varshead.
Kevin Harwell [Fri, 3 Jan 2014 21:57:11 +0000 (21:57 +0000)]
cel_pgsql: module not correctly reloading
Upon reload the module unconditionally "unloaded" the module (freeing memory
and setting pointers to NULL) and then when attempting a "load" if the config
file had not changed then nothing would be reinitialized.
By moving the "unload" to occur conditionally (reload only) after an attempted
configuration load, but before module "loading" alleviates the issue. The module
now loads/unloads/reloads correctly.
Kevin Harwell [Fri, 3 Jan 2014 18:18:22 +0000 (18:18 +0000)]
chan_unistim.c, app_meetme: compiler warnings
Fixed a couple of compiler warnings (errors in 'dev-mode') given by gcc
version 4.8.1. The one in app_meetme involved the 'sizeof-pointer-memaccess'
(see: http://gcc.gnu.org/gcc-4.8/porting_to.html) warning. The one in
chan_unistim was issuing an array out of bounds message. Fixed both so
they would no longer issue warnings and can compile again in 'dev-mode'.
func_strings: use memmove to prevent overlapping memory on strcpy
When calling REPLACE() with an empty replace-char argument, strcpy
is used to overwrite the the matching <find-char>. However as the
src and dest arguments to strcpy must not overlap, it causes other
parts of the string to be overwritten with adjacent characters and
the result is mangled. Patch replaces call to strcpy with memmove
and adds a test suite case for REPLACE.
Kevin Harwell [Tue, 31 Dec 2013 21:25:06 +0000 (21:25 +0000)]
cel_pgsql: deadlock on unload and core_event_dispatcher
A deadlock can happen between a thread unloading or reloading the cel_pgsql
module and the core_event_dispatcher taskprocessor thread. Description of
what is happening:
Thread 1 (for example, a netconsole thread):
a "module reload cel_pgsql" is launched
the thread enter the "my_unload_module" function (cel_pgsql.c)
the thread acquire the write lock on psql_columns
the thread enter the "ast_event_unsubscribe" function (event.c)
the thread try to acquire the write lock on ast_event_subs[sub->type]
the taskprocessor pop a CEL event
the thread enter the "handle_event" function (event.c)
the thread acquire the read lock on ast_event_subs[sub->type]
the thread callback the "pgsql_log" function (cel_pgsql.c), since it's a subscriber of CEL events
the thread try to acquire a read lock on psql_columns
David M. Lee [Mon, 16 Dec 2013 16:36:52 +0000 (16:36 +0000)]
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
pbx.c: put copy of ast_exten.data on stack to prevent memory corruption
During dialplan execution in pbx_extension_helper(), the contexts global
read lock prevents link list corruption, but was released with a pointer
to the ast_exten and data later used in variable substitution. Instead,
this patch removes pbx_substitute_variables() and locates a copy of the
ast_exten data on the stack before releasing the lock, where ast_exten
could get free'd by another thread performing a module reload.
(issue AST-1179)
Reported by: Thomas Arimont
(issue AST-1246)
Reported by: Alexander Hömig
Review: https://reviewboard.asterisk.org/r/3055/
app_sms: BufferOverflow when receiving odd length 16 bit message
This patch prevents an infinite loop overwriting memory when
a message is received into the unpacksms16() function, where
the length of the message is an odd number of bytes.
(closes issue ASTERISK-22590)
Reported by: Jan Juergens
Tested by: Jan Juergens
Russell Bryant [Wed, 11 Dec 2013 19:11:10 +0000 (19:11 +0000)]
Reset peer outboundproxy on sip.conf reload
If you set a peer's outboundproxy and then removed it from the config,
this would not get picked up in a config reload. This patch fixes that
by resetting it in set_peer_defaults().
Matthew Jordan [Mon, 9 Dec 2013 03:10:10 +0000 (03:10 +0000)]
res_fax_spandsp: Always init T.38 session to avoid crashes during state change
Prior to this patch, res_fax_spandsp was conservative with how it initialized
the spandsp T.38 context. It would only initialize it if the driver thought
the current state was a T.38 fax. While this works fine in nominal situations,
in certain off nominal situations, res_fax_spandsp can believe that a T.38
fax will not occur when in fact one has started. In particular, this was
discovered when res_fax would fall back to audio after timing out on a T.38
upgrade. The SIP channel driver would continue to retry the re-INVITE and -
if the remote end responded after res_fax timed out with a 200 OK - a T.38
frame would be delivered to the res_fax stack when it no longer expected it.
As it turns out, there does not appear to be any downside to always
initializing the T.38 context, other than the actual memory allocation.
Since that avoids this off nominal situation (and others which are equally
likely hard to predict), this is the safest way to avoid this problem.
Much thanks to Torrey as well for providing a scenario that reproduces this
issue.
Joshua Colp [Fri, 22 Nov 2013 17:10:01 +0000 (17:10 +0000)]
translate: Move freeing of frame to after it is used.
When translating from one format to another it is possible
to inform the translation function that the source frame should
be freed. This was previously done immediately but shortly
afterwards the frame that was freed was accessed and used again.
This change moves code around a bit so that the frame is now
freed after it has been completely used.
(closes issue ASTERISK-22788)
Reported by: Corey Farrell
Patches:
translate-access-after-free-11up.patch uploaded by coreyfarrell (license 5909)
translate-access-after-free-1.8.patch uploaded by coreyfarrell (license 5909)
Kinsey Moore [Tue, 12 Nov 2013 14:55:49 +0000 (14:55 +0000)]
chan_dahdi: Fix crash during caller ID read
Asterisk will sometimes core dump during caller id read on analog
channels due to a negative return value from the read() in
my_get_callerid that slips through as a negative length argument to
callerid_feed() if the errno returned by DAHDI is ELAST. This change
ensures that the negative return is treated properly even when it is
ELAST.
(closes issue ASTERISK-22746)
Reported by: Michael Walton
Patches:
chan_dahdi_cid_crash_fix.r401410.patch uploaded by Michael Walton (License 6502)
Kinsey Moore [Mon, 11 Nov 2013 15:31:04 +0000 (15:31 +0000)]
app_queue: Honor penalty limits of 0
In the current app_queue code from 1.8 up to trunk the upper and lower
penalties can be set to 0 but the value is interpreted to be disabled
instead of actually setting limits. This is especially evident if min
and max limits are set to 0 and members with penalties of 0 and 1 are
in the queue since the member with penalty 1 will still receive calls.
This patch adjusts the special disabled value to be INT_MAX instead of
0.
(closes issue ASTERISK-20862)
Review: https://reviewboard.asterisk.org/r/2995/
Reported by: Schmooze Com
chan_sip: keep same local (from) tag for outgoing register requests
For outbound register requests the tag on the From line was
updated every 20 seconds prior to a successful registration
and also once for each registration renewal. That behavior
can possibly cause the registration to be denied because of
the different tag, and is not aligned with the intention of
RFC 3261 8.1.3.5 "... request constitutes a new transaction
and SHOULD have the same value of the Call-ID, To, and From
of the previous request...". This updates chan_sip to have
a field to keep the local tag in the registration structure
and use that tag for registration requests where the callid
is also unchanged.
Kevin Harwell [Tue, 5 Nov 2013 15:08:42 +0000 (15:08 +0000)]
chan_sip: notify dialog info ignores presentation indicator in callerid
The presentation indicator in a callerid (e.g. set by dialplan function
Set(CALLERID(name-pres)= ...)) is not checked when SIP Dialog Info Notifies
are generated during extension monitoring. Added a check to make sure the
name and/or number presentations on the callee (remote identity) are set to
allow. If they are restricted then "anonymous" is used instead.
(closes issue AST-1175)
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/2976/
Matthew Jordan [Thu, 31 Oct 2013 15:57:52 +0000 (15:57 +0000)]
core/loader: Don't call dlclose in a while loop
For awhile now, we've noticed continuous integration builds hanging on CentOS 6
64-bit build agents. After resolving a number of problems with symbols, strange
locks, and other shenanigans, the problem has persisted. In all cases, gdb
shows the Asterisk process stuck in loader.c on one of the infinite while loops
that calls dlclose repeatedly until success.
The documentation of dlclose states that it returns 0 on success; any other
value on error. It does not state that repeatedly calling it will eventually
clear those errors. Most likely, the repeated calls to dlclose was to force a
close by exhausting the references on the library; however, that will never
succeed if:
(a) There is some fundamental error at work in the loaded library that
precludes unloading it
(b) Some other loaded module is referencing a symbol in the currently loaded
module
This results in Asterisk sitting forever.
Since we have matching pairs of dlopen/dlclose, this patch opts to only call
dlclose once, and log out as an ERROR if dlclose fails to return success. If
nothing else, this might help to determine why on the CentOS 6 64-bit build agent
things are not closing successfully.
projects / thirdparty / asterisk.git / log
