Kevin Harwell [Fri, 3 Jan 2014 18:18:22 +0000 (18:18 +0000)]
chan_unistim.c, app_meetme: compiler warnings
Fixed a couple of compiler warnings (errors in 'dev-mode') given by gcc
version 4.8.1. The one in app_meetme involved the 'sizeof-pointer-memaccess'
(see: http://gcc.gnu.org/gcc-4.8/porting_to.html) warning. The one in
chan_unistim was issuing an array out of bounds message. Fixed both so
they would no longer issue warnings and can compile again in 'dev-mode'.
func_strings: use memmove to prevent overlapping memory on strcpy
When calling REPLACE() with an empty replace-char argument, strcpy
is used to overwrite the the matching <find-char>. However as the
src and dest arguments to strcpy must not overlap, it causes other
parts of the string to be overwritten with adjacent characters and
the result is mangled. Patch replaces call to strcpy with memmove
and adds a test suite case for REPLACE.
Kevin Harwell [Tue, 31 Dec 2013 21:25:06 +0000 (21:25 +0000)]
cel_pgsql: deadlock on unload and core_event_dispatcher
A deadlock can happen between a thread unloading or reloading the cel_pgsql
module and the core_event_dispatcher taskprocessor thread. Description of
what is happening:
Thread 1 (for example, a netconsole thread):
a "module reload cel_pgsql" is launched
the thread enter the "my_unload_module" function (cel_pgsql.c)
the thread acquire the write lock on psql_columns
the thread enter the "ast_event_unsubscribe" function (event.c)
the thread try to acquire the write lock on ast_event_subs[sub->type]
the taskprocessor pop a CEL event
the thread enter the "handle_event" function (event.c)
the thread acquire the read lock on ast_event_subs[sub->type]
the thread callback the "pgsql_log" function (cel_pgsql.c), since it's a subscriber of CEL events
the thread try to acquire a read lock on psql_columns
David M. Lee [Mon, 16 Dec 2013 16:36:52 +0000 (16:36 +0000)]
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
pbx.c: put copy of ast_exten.data on stack to prevent memory corruption
During dialplan execution in pbx_extension_helper(), the contexts global
read lock prevents link list corruption, but was released with a pointer
to the ast_exten and data later used in variable substitution. Instead,
this patch removes pbx_substitute_variables() and locates a copy of the
ast_exten data on the stack before releasing the lock, where ast_exten
could get free'd by another thread performing a module reload.
(issue AST-1179)
Reported by: Thomas Arimont
(issue AST-1246)
Reported by: Alexander Hömig
Review: https://reviewboard.asterisk.org/r/3055/
app_sms: BufferOverflow when receiving odd length 16 bit message
This patch prevents an infinite loop overwriting memory when
a message is received into the unpacksms16() function, where
the length of the message is an odd number of bytes.
(closes issue ASTERISK-22590)
Reported by: Jan Juergens
Tested by: Jan Juergens
Russell Bryant [Wed, 11 Dec 2013 19:11:10 +0000 (19:11 +0000)]
Reset peer outboundproxy on sip.conf reload
If you set a peer's outboundproxy and then removed it from the config,
this would not get picked up in a config reload. This patch fixes that
by resetting it in set_peer_defaults().
Matthew Jordan [Mon, 9 Dec 2013 03:10:10 +0000 (03:10 +0000)]
res_fax_spandsp: Always init T.38 session to avoid crashes during state change
Prior to this patch, res_fax_spandsp was conservative with how it initialized
the spandsp T.38 context. It would only initialize it if the driver thought
the current state was a T.38 fax. While this works fine in nominal situations,
in certain off nominal situations, res_fax_spandsp can believe that a T.38
fax will not occur when in fact one has started. In particular, this was
discovered when res_fax would fall back to audio after timing out on a T.38
upgrade. The SIP channel driver would continue to retry the re-INVITE and -
if the remote end responded after res_fax timed out with a 200 OK - a T.38
frame would be delivered to the res_fax stack when it no longer expected it.
As it turns out, there does not appear to be any downside to always
initializing the T.38 context, other than the actual memory allocation.
Since that avoids this off nominal situation (and others which are equally
likely hard to predict), this is the safest way to avoid this problem.
Much thanks to Torrey as well for providing a scenario that reproduces this
issue.
Joshua Colp [Fri, 22 Nov 2013 17:10:01 +0000 (17:10 +0000)]
translate: Move freeing of frame to after it is used.
When translating from one format to another it is possible
to inform the translation function that the source frame should
be freed. This was previously done immediately but shortly
afterwards the frame that was freed was accessed and used again.
This change moves code around a bit so that the frame is now
freed after it has been completely used.
(closes issue ASTERISK-22788)
Reported by: Corey Farrell
Patches:
translate-access-after-free-11up.patch uploaded by coreyfarrell (license 5909)
translate-access-after-free-1.8.patch uploaded by coreyfarrell (license 5909)
Kinsey Moore [Tue, 12 Nov 2013 14:55:49 +0000 (14:55 +0000)]
chan_dahdi: Fix crash during caller ID read
Asterisk will sometimes core dump during caller id read on analog
channels due to a negative return value from the read() in
my_get_callerid that slips through as a negative length argument to
callerid_feed() if the errno returned by DAHDI is ELAST. This change
ensures that the negative return is treated properly even when it is
ELAST.
(closes issue ASTERISK-22746)
Reported by: Michael Walton
Patches:
chan_dahdi_cid_crash_fix.r401410.patch uploaded by Michael Walton (License 6502)
Kinsey Moore [Mon, 11 Nov 2013 15:31:04 +0000 (15:31 +0000)]
app_queue: Honor penalty limits of 0
In the current app_queue code from 1.8 up to trunk the upper and lower
penalties can be set to 0 but the value is interpreted to be disabled
instead of actually setting limits. This is especially evident if min
and max limits are set to 0 and members with penalties of 0 and 1 are
in the queue since the member with penalty 1 will still receive calls.
This patch adjusts the special disabled value to be INT_MAX instead of
0.
(closes issue ASTERISK-20862)
Review: https://reviewboard.asterisk.org/r/2995/
Reported by: Schmooze Com
chan_sip: keep same local (from) tag for outgoing register requests
For outbound register requests the tag on the From line was
updated every 20 seconds prior to a successful registration
and also once for each registration renewal. That behavior
can possibly cause the registration to be denied because of
the different tag, and is not aligned with the intention of
RFC 3261 8.1.3.5 "... request constitutes a new transaction
and SHOULD have the same value of the Call-ID, To, and From
of the previous request...". This updates chan_sip to have
a field to keep the local tag in the registration structure
and use that tag for registration requests where the callid
is also unchanged.
Kevin Harwell [Tue, 5 Nov 2013 15:08:42 +0000 (15:08 +0000)]
chan_sip: notify dialog info ignores presentation indicator in callerid
The presentation indicator in a callerid (e.g. set by dialplan function
Set(CALLERID(name-pres)= ...)) is not checked when SIP Dialog Info Notifies
are generated during extension monitoring. Added a check to make sure the
name and/or number presentations on the callee (remote identity) are set to
allow. If they are restricted then "anonymous" is used instead.
(closes issue AST-1175)
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/2976/
Matthew Jordan [Thu, 31 Oct 2013 15:57:52 +0000 (15:57 +0000)]
core/loader: Don't call dlclose in a while loop
For awhile now, we've noticed continuous integration builds hanging on CentOS 6
64-bit build agents. After resolving a number of problems with symbols, strange
locks, and other shenanigans, the problem has persisted. In all cases, gdb
shows the Asterisk process stuck in loader.c on one of the infinite while loops
that calls dlclose repeatedly until success.
The documentation of dlclose states that it returns 0 on success; any other
value on error. It does not state that repeatedly calling it will eventually
clear those errors. Most likely, the repeated calls to dlclose was to force a
close by exhausting the references on the library; however, that will never
succeed if:
(a) There is some fundamental error at work in the loaded library that
precludes unloading it
(b) Some other loaded module is referencing a symbol in the currently loaded
module
This results in Asterisk sitting forever.
Since we have matching pairs of dlopen/dlclose, this patch opts to only call
dlclose once, and log out as an ERROR if dlclose fails to return success. If
nothing else, this might help to determine why on the CentOS 6 64-bit build agent
things are not closing successfully.
Rusty Newton [Tue, 29 Oct 2013 23:41:05 +0000 (23:41 +0000)]
Updates for 1.4.25 core sounds and 1.4.14 extra sounds, plus new en_GB language set
The new sound packages relate to issues: ASTERISK-22544, ASTERISK-22411, ASTERISK-21413, ASTERISK-20782
Modified sounds/Makefile for the new sound versions and to account for the new en_GB language set.
David M. Lee [Tue, 29 Oct 2013 14:52:26 +0000 (14:52 +0000)]
Backport r373119 from 11 to go along with RAII_VAR support.
In order to use nested functions on some versions of GCC (e.g. GCC on OS X),
the -fnested-functions flag must be passed to the compiler. This patch adds
detection logic to ./configure to add the flag if necessary.
Matthew Jordan [Tue, 29 Oct 2013 12:40:30 +0000 (12:40 +0000)]
Remove some spammy debug messages; improve clarity of others
Debug messages aren't free. Even when the debug level is sufficiently low such
that the messages are never evaluated, there is a cost to having to parse
Asterisk logs that contain debug messages that (a) fail to convey sufficient
information or (b) occur so frequently as to be next to meaningless. Based on
having to stare at lots of DEBUG messages, this patch makes the following
changes:
* channel.c: When copying variables from a parent channel to a child channel,
specify the channels involved. Do not log anything for a variable that is not
inherited; the fact that it doesn't have an _ or __ already signifies that it
won't be inherited.
* pbx.c: Specify what function evaluation has occurred that created the result.
* translate.c: Bump up the translator path messages to 10. I've never once had
to use these debug messages, and for each format that is registered (on
startup) and unregistered (on shutdown) the entire f^2 matrix is logged out.
For short tests in the Asterisk Test Suite, this should make finding the
actual test much easier.
* xmldoc.c: The debug message that 'blah' is not found in the tree is expected.
Often, description elements - which are not required - are not provided.
This debug message adds no additional value, as it is not indicative of an
error or helpful in debugging which element did not contain a 'blah' element
as a child. If an element is supposed to contain a child element, then that
XML tree should have failed validation in the first place.
rtp_engine: fix rtp payloads copy and improve argument names
In function ast_rtp_instance_early _bridge_make_compatible the
use of instance 0/1 as arguments doesn't clearly communicate a
direction that the copying of payloads from the source channel
to the destination channel will occur, making it more probable
to have the arguments to ast_rtp_codecs_payloads_copy() put in
the reverse order. This patch renames the arguments with _dst
and _src suffixes and corrects the copy direction.
pbx.c: fix confused match caller id that deleted exten still in hash
This fixes a bug where a zero length callerid match adjacent to a no
match callerid extension entry would be deleted together, which then
resulted in hashtable references to free'd memory. A third state of
the matchcid value has been added to indicate match to any extension
which allows enforcing comparison of matchcid on/off without errors.
Joshua Colp [Wed, 23 Oct 2013 11:10:19 +0000 (11:10 +0000)]
chan_sip: Fix an issue where an incompatible audio format may be added to SDP.
If preferred codecs included any non-audio format the code would
mistakenly add the audio format, even if it was not a joint capability
with the remote side.
Matthew Jordan [Tue, 22 Oct 2013 22:36:45 +0000 (22:36 +0000)]
res_rtp_asterisk: Fix crash when RTCP is not available during SSRC change
In r400089, a patch was put in to correct erroneous RTCP statistic resets.
Unfortunately, ast_rtp_read can be called on an RTP instance that does not
have RTCP information. This patch prevents that crash by only resetting
the statistics if we do actually have an RTCP instance.
(issue AST-1174)
(closes issue ASTERISK-22667)
Reported by: John Bigelow
Walter Doekes [Fri, 18 Oct 2013 14:40:29 +0000 (14:40 +0000)]
Properly copy/remove the device state cache flag over a masquerade.
In r378303 the AST_FLAG_DISABLE_DEVSTATE_CACHE flag was added that tells
the devstate system to not cache states for non-real devices. However,
when optimizing away channels (ast_do_masquerade), that flag wasn't
copied.
In my case, using Local devices as queue members created a situation
where the endpoint was considered in use, but the state change of the
device being available again was ignored (not cached). The endpoint
channel was optimized into the (previously) Local channel, but kept
the do-not-cache flag. The end result being that the queue member
apparently stayed in use forever.
(closes issue ASTERISK-22718)
Reported by: Walter Doekes
Walter Doekes [Wed, 16 Oct 2013 11:04:03 +0000 (11:04 +0000)]
Don't check all realtime queues when doing "queue show some_queue".
When using realtime queues, queues have to be fetched from the database
every now and then to see if any info has been changed or to see if the
queue has been removed. When fetching info for an individual queue, the
pruning of other queues is unnecessarily costly.
Mark Michelson [Tue, 15 Oct 2013 14:52:54 +0000 (14:52 +0000)]
Prevent chan_sip from sending duplicate BYEs.
When a 200 OK for an initial INVITE is received, we were doing
the right thing by ACKing and sending an immediate BYE. However,
we also were doing the wrong thing and queuing an answer frame,
thus causing the call to be answered. This would cause the call
to be hung up by the channel thread, thus resulting in a second
BYE being sent out.
In this fix, I also have set the hangupcause to be correct since
the initial BYE being sent by Asterisk had an unknown hangup
cause. I have changed to using "Bearer capabilty not available"
since the call was hung up due to an SDP offer/answer error.
(closes issue ASTERISK-22621)
reported by Kinsey Moore
Mark Michelson [Mon, 14 Oct 2013 21:32:11 +0000 (21:32 +0000)]
chan_sip: Do not increment the SDP version between 183 and 200 responses.
Bumping the SDP version number can cause interoperability problems
since receivers of the responses will expect that a 200 SDP will
be identical to a previous 183 SDP.
(closes issue ASTERISK-21204)
reported by NITESH BANSAL
Patches:
dont-increment-session-version-in-2xx-after-183.patch uploaded by NITESH BANSAL (License #6418)
Kinsey Moore [Tue, 8 Oct 2013 22:26:03 +0000 (22:26 +0000)]
Add warning when compiling with iODBC support
When running configure, libiodbc2 development headers will fulfill the
requirement for ODBC development headers, but will not function
properly. This adds a warning when libiodbc2 development headers are
detected instead of unixodbc development headers.
(closes issue ASTERISK-22459)
Reported by: Patrick Maille
Tested by: Walter Doekes
Patches:
issueA22459_warn_when_using_iodbc.patch uploaded by Walter Doekes (License 5674)
Kinsey Moore [Tue, 8 Oct 2013 18:17:31 +0000 (18:17 +0000)]
Fix func_config list entry allocation
The AST_CONFIG dialplan function defined in func_config.c allocates its
config file list entries using ast_malloc. List entry allocations
destined for use with Asterisk's linked list API must be ast_calloc()d
or otherwise initialized so that list pointers are set to NULL. These
uses of ast_malloc have been replaced by ast_calloc to prevent
dereferencing of uninitialized pointer values when traversing the list.
(closes issue ASTERISK-22483)
Reported by: Brian Scott
app_queue: Fix Queuelog EXITWITHKEY only logging two of four fields
Commit r62462 added two extra fields for logging "the original position the
caller entered the queue at, and the amount of time the caller was waiting in
the queue." But when r75969 was merged from 1.4 into trunk (r75977), these two
fields disappeared. Those two extra fields were not logged in 1.4 and when the
patch was merged, those fields went away.
Therefore, this is a regression and was caught by the reporter because he was
reading the awesome "Asterisk: The Definitive Guide" book.
(closes issue ASTERISK-22197)
Reported by: Dalius M.
Tested by: Dalius M.
Patches:
asterisk-22197-q-log-exitwithkey.diff
uploaded by Michael L. Young (license 5026)
Kinsey Moore [Thu, 3 Oct 2013 18:25:21 +0000 (18:25 +0000)]
res_rtp_multicast: Ensure SSRC is set properly
This fixes a bug where the SSRC field on multicast RTP can be stuck at
0 which can cause problems for endpoints trying to make sense of
incoming streams.
The member reg in the peercnt structure is an unsigned char and peercnt_modify()
is expecting an unsigned char argument which gets assigned to peercnt->reg.
This patch fixes that by casting the integer argument being passed to
peercnt_modify to unsigned char.
Kinsey Moore [Mon, 30 Sep 2013 15:19:23 +0000 (15:19 +0000)]
chan_sip: Allow Asterisk to retry after 403 on register
This adds a global option in chan_sip to allow it to continue
attempting registration if a 403 is received, clearing the cached nonce
and treating it as a non-fatal response. Normally, this would cause
registration attempts to that endpoint to stop.
Matthew Jordan [Sat, 28 Sep 2013 22:20:22 +0000 (22:20 +0000)]
res_rtp_asterisk: Correct erroneous lost packet information in RTCP reports
RTCP's calculation of the number of lost packets in an RTP stream is based on
that stream's sequence number count, the number of received packets, and how
many packets we expect to receive. When the SSRC for an RTP stream changes,
there can - and almost always will be - a large jump in the next packet's
timestamp and sequence number. If we don't reset the number of received
packets, sequence number count, and other metrics used by RTCP, the next RR/SR
report will use the previous SSRC's values to calculate the lost packet count
for the new SSRC - resulting in a very large number of lost packets.
This patch modifies res_rtp_asterisk such that, if it detects a SSRC change, it
will reset the various values used by the RTCP calculations. From the
perspective of RTCP, this appears as a new media stream - which is what it is.
Review: https://reviewboard.asterisk.org/r/2886/
(closes issue AST-1174)
Reported by: Thomas Arimont
Matthew Jordan [Sat, 28 Sep 2013 21:25:19 +0000 (21:25 +0000)]
Add check for openSUSE when detecting bfd library
In ASTERISK-17842, some additional library checks were added to the configure
script so that the bfd library could be found on CentOS and Fedora systems.
As it turns out, openSUSE requires an additional library. This patch adds
another check to the configure script for openSUSE that will add that library.
Jonathan Rose [Fri, 27 Sep 2013 17:13:19 +0000 (17:13 +0000)]
chan_sip: Reject calls on 200 OKs if no SDP has been received
When Asterisk receives a 200 OK in response to an invite, that peer should have
sent an SDP at some point by then. If the channel has never received an SDP,
media won't have been set and the remote address won't be known. Endpoints in
general should not be doing this. This patch makes it so that Asterisk will
simply hang up a call if it sends a 200 OK at this point. So far this odd
behavior for endpoints has only been observed in tests which involved manually
created SIP transactions in SIPp.
(closes issue ASTERISK-22424)
Reported by: Jonathan Rose
Review: https://reviewboard.asterisk.org/r/2827/
Richard Mudgett [Wed, 25 Sep 2013 20:23:07 +0000 (20:23 +0000)]
chan_dahdi: CLI "core stop gracefully" has needless delay for PRI and SS7.
The PRI and SS7 link control threads are not stopped correctly when the
chan_dahdi.so module is unloaded. The link control threads pri_dchannel()
and ss7_linkset() are not awakened from a poll() to cancel the thread.
* Added a SIGURG signal after requesting the thread cancel to break the
link control thread poll() immediately.
For SS7 it was slightly worse, the link poll() timeout would always be
whatever was the last libss7 scheduled event time used. If no libss7
scheduled event was pending, the thread could run more often than
necessary.
* Set nextms to 60 seconds for the ss7_linkset() poll() if there is no
other libss7 scheduled event.
Michael L. Young [Wed, 25 Sep 2013 19:25:57 +0000 (19:25 +0000)]
chan_sip: Fix Realtime Peer Update Problem When Un-registering And Expires Header In 200ok
1st Issue
When a realtime peer sends an un-REGISTER request, Asterisk
un-registers the peer but the database table record still has regseconds and
fullcontact for the peer. This results in calls attempting to be routed to the
peer which is no longer registered. The expected behavior is to get
busy/congested when attempting to call an un-registered peer through the
dialplan.
What was discovered is that we are clearing out the peer's registration in the
database in parse_register_contact() when calling expire_register() but then
upon returning from parse_register_contact(), update_peer() is run which stores
back in the database table regseconds and fullcontact.
2nd Issue
The reporter pointed out that the 200 ok being returned by Asterisk
after un-registering a peer contains a Contact header with ;expires= and the
Expires header is not set to 0. This is actually a regression.
Tests were created for this second issue (ASTERISK-22548). The tests have been
reviewed and a Ship It! was received on those tests.
This patch does the following:
* Do not ignore the Expires header value even when it is set to 0. The patch
sets the pvt->expiry earlier on in the function so that it is set properly and
used.
* If pvt->expiry is 0, do not call update_peer since that means the peer has
already been un-registered and there is no need to update the database record
again since nothing has changed.
(closes issue ASTERISK-22428)
Reported by: Ben Smithurst
Tested by: Ben Smithurst, Michael L. Young
Patches:
asterisk-22428-rt-peer-update-and-expires-header.diff
by Michael L. Young (license 5026)
Jonathan Rose [Thu, 19 Sep 2013 16:34:46 +0000 (16:34 +0000)]
chan_sip: Make direct media reinvites for T38 put Asterisk in the media path
Prior to this patch, Asterisk would incorrectly use the previous endpoint
addresses in SDP in spite of providing its own port. T38 is never meant to
be done through directmedia and Asterisk should always be in the media path
for these streams.
(closes issue ASTERISK-17273)
Reported by: Kevin Stewart
(closes issue ASTERISK-18706)
Reported by: Jeremy Kister
Kinsey Moore [Wed, 18 Sep 2013 19:54:36 +0000 (19:54 +0000)]
Fix jitter buffer log file creation
This adjusts '/'-to-'#' replacement to replace all instances of '/'
instead of just the first to ensure that the jitter buffer log file
gets the correct name as per Richard Kenner's suggestion.
(closes issue ASTERISK-21036)
Reported by: Richard Kenner
Michael L. Young [Wed, 18 Sep 2013 01:32:36 +0000 (01:32 +0000)]
Fix Segfault When Syntax Of A Line Under [applicationmap] Is Invalid
When processing the lines under the [applicationmap] context in features.conf, a
segfault occurs from attempting to process a line with an invalid syntax
(basically missing most of the arguments).
Example:
[applicationmap]
automon=*6
* This patch moves the checking for empty arguments to before they are accessed.
* Also, checked the "todo" comment and removed it. Some applications do not
require arguments.
(closes issue ASTERISK-22416)
Reported by: CGI.NET
Tested by: CGI.NET
Patches:
asterisk-22416-check-syntax-first_v2.diff by Michael L. Young (license 5026)
Richard Mudgett [Mon, 16 Sep 2013 16:37:56 +0000 (16:37 +0000)]
chan_iax2: Fix saving the wrong expiry time in astdb.
When a new IAX2 client registers, the astdb database is updated with the
value of minregexpire defined in iax.conf instead of using the expiry time
that is provided by the client. The provided expiry time of the client is
updated after inserting the astdb entry. As a consequence, restarting or
reloading asterisk creates clients whose registration may expire before
they reregister. The clients are therefore unavailable after minregexpire
seconds until they reregister.
* Move updating of the expiry time to before inserting into the astdb.
(closes issue ASTERISK-22504)
Reported by: Stefan Wachtler
Patches:
chan_iax2.c.patch (license #6533) patch uploaded by Stefan Wachtler
David M. Lee [Fri, 13 Sep 2013 20:47:54 +0000 (20:47 +0000)]
Don't write to /tmp/refs when REF_DEBUG is not defined.
If MALLOC_DEBUG is enabled, then the debug destructor for the container
is used, which would erroneously write to /tmp/refs. This patch only
uses the debug destructor if ref_debug is used.
Kinsey Moore [Fri, 13 Sep 2013 13:31:24 +0000 (13:31 +0000)]
Fix several crashes in MeetMeAdmin
This change ensures that MeetMeAdmin commands requiring a user actually
get a user and fixes another issue where an extra dereference could
occur for a last-entered user being ejected if a user identifier was
also provided.
(closes issue ASTERISK-21907)
Reported by: Alex Epshteyn
Review: https://reviewboard.asterisk.org/r/2844/
Jonathan Rose [Thu, 12 Sep 2013 16:35:37 +0000 (16:35 +0000)]
res_musiconhold: Fix reference leaks caused when reloading with REF_DEBUG set
Due to a faulty function for debugging reference decrementing, it was possible
to reduce the refcount on the wrong object if two moh classes of the same name
were in the moh class container.
(closes issue ASTERISK-22252)
Reported by: Walter Doekes
Patches:
18_moh_debug_ref_patch.diff Uploaded by Jonathan Rose (license 6182)
Rusty Newton [Thu, 12 Sep 2013 00:00:51 +0000 (00:00 +0000)]
'queue add member' help text correction
You are adding dial strings to the queue, not channels. An aribitrary string
could be used, but you are typically referencing a channel. Correcting the
command help text.
(issue ASTERISK-22263)
(closes issue ASTERISK-22263)
Reported By: Rusty Newton
Jonathan Rose [Wed, 11 Sep 2013 19:39:36 +0000 (19:39 +0000)]
chan_sip: Reject calls without prior SDP on 200 OK
If we receive a 200 OK without SDP, we will now check to see if
the remote address has been established for that channel's RTP
session and if the to tag for that channel has changed from
the most recent to tag in a response less than 200.
If either a change has been made since the last to-tag was
received or the remote address is unset, then we will drop
the call.
(closes issue ASTERISK-22424)
Reported by: Jonathan Rose
Review: https://reviewboard.asterisk.org/r/2827/diff/#index_header
Richard Mudgett [Mon, 9 Sep 2013 23:15:38 +0000 (23:15 +0000)]
MALLOC_DEBUG: Change fence magic number to be completely different from the freed magic number.
Race conditions between freeing a nul terminated string and
ast_strdup()'ing it are more likely to be detected if the fence and freed
magic numbers are completely different.
David M. Lee [Mon, 9 Sep 2013 19:56:02 +0000 (19:56 +0000)]
Fix DEBUG_THREADS when lock is acquired in __constructor__
This patch fixes some long-standing bugs in debug threads that were
exacerbated with recent Optional API work in Asterisk 12.
With debug threads enabled, on some systems, there's a lock ordering
problem between our mutex and glibc's mutex protecting its module list
(Ubuntu Lucid, glibc 2.11.1 in this instance). In one thread, the module
list will be locked before acquiring our mutex. In another thread, our
mutex will be locked before locking the module list (which happens in
the depths of calling backtrace()).
This patch fixes this issue by moving backtrace() calls outside of
critical sections that have the mutex acquired. The bigger change was to
reentrancy tracking for ast_cond_{timed,}wait, which wrongly assumed
that waiting on the mutex was equivalent to a single unlock (it actually
suspends all recursive locks on the mutex).
Kinsey Moore [Fri, 6 Sep 2013 19:16:14 +0000 (19:16 +0000)]
Fix Jabber/XMPP distributed MWI
The mailbox and context are swapped on the receiving end for all users
of Jabber and XMPP distributed MWI in Asterisk 1.8 and all more recent
versions. This swaps those values to be correct when publishing to the
internal event system from Jabber/XMPP distributed MWI state.
(closes issue ASTERISK-22435)
Reported by: abelbeck
Tested by: Michael Keuter
Patches:
asterisk-1.8-res_jabber-aji_handle_pubsub_event.patch uploaded by abelbeck
asterisk-11-res_xmpp-xmpp_pubsub_handle_event.patch uploaded by abelbeck
Richard Mudgett [Thu, 5 Sep 2013 17:28:14 +0000 (17:28 +0000)]
chan_iax2: Fix stray reference to worker thread idle_list.
* Fix stray reference to idle_list in cleanup_thread_list(). This may be
the reason for the note in iax2_process_thread() about threads not being
removed from the task lists.
* Move cleanup_thread_list(&idle_list) to after the other lists are
cleaned up.
Richard Mudgett [Thu, 5 Sep 2013 17:07:44 +0000 (17:07 +0000)]
chan_iax2: Fix bridgecallno deadlock avoidance.
* Fix bridgecallno deadlock avoidance. When doing deadlock avoidance, you
need to retest the status of values for each loop to see if you still need
the lock for bridgecallno.
* As a safety check, after acquiring the bridgecallno lock you should
check if iaxs[bridgecallno] is NULL just like the current callno checks.
* Move setting thread->iostate to IAX_IOSTATE_IDLE to after processing any
deferred frames to ensure that the iostate is IDLE when it is placed back
into the idle list. defer_full_frame() tries to ensure
iax2_process_thread() wakes up to process the frame.
Richard Mudgett [Wed, 4 Sep 2013 15:54:37 +0000 (15:54 +0000)]
chan_misdn: Fix misdn debug output printed with arbitrary verbose levels.
Fix the misdn debug output to remote consoles. chan_misdn uses
ast_console_puts() which doesn't know about verbose levels. Better to use
ast_verbose() instead. Without this patch the misdn debug messages are
appended to the verbose level which ever was set by the message sent to
the console before, i.e. any undefined level.
Kevin Harwell [Fri, 30 Aug 2013 16:58:34 +0000 (16:58 +0000)]
Fix memory leak
Fixed a features.c test that leaked a reference to a parked call. This caused
chancount to never reach 0, so graceful shutdown stops. Also added an
unregister test.
Richard Mudgett [Fri, 30 Aug 2013 16:46:52 +0000 (16:46 +0000)]
test_substituition: Fix failed test reporting to actually report failure.
You cannot put the "Testing <blah> pass/fail" on a single line before
actually performing the test. Now any additional failure information is
logged before the test pass/fail announcement.
Matthew Jordan [Tue, 27 Aug 2013 17:55:59 +0000 (17:55 +0000)]
AST-2013-005: Fix crash caused by invalid SDP
If the SIP channel driver processes an invalid SDP that defines media
descriptions before connection information, it may attempt to reference
the socket address information even though that information has not yet
been set. This will cause a crash.
This patch adds checks when handling the various media descriptions that
ensures the media descriptions are handled only if we have connection
information suitable for that media.
Thanks to Walter Doekes, OSSO B.V., for reporting, testing, and providing
the solution to this problem.
Matthew Jordan [Tue, 27 Aug 2013 15:49:14 +0000 (15:49 +0000)]
AST-2013-004: Fix crash when handling ACK on dialog that has no channel
A remote exploitable crash vulnerability exists in the SIP channel driver if an
ACK with SDP is received after the channel has been terminated. The handling
code incorrectly assumed that the channel would always be present.
This patch adds a check such that the SDP will only be parsed and applied if
Asterisk has a channel present that is associated with the dialog.
Note that the patch being applied was modified only slightly from the patch
provided by Walter Doekes of OSSO B.V.
(closes issue ASTERISK-21064)
Reported by: Colin Cuthbertson
Tested by: wdoekes, Colin Cutherbertson
patches:
issueA21064_fix.patch uploaded by wdoekes (License 5674)
Richard Mudgett [Fri, 23 Aug 2013 15:34:27 +0000 (15:34 +0000)]
Fix memory corruption when trying to get "core show locks".
Review https://reviewboard.asterisk.org/r/2580/ tried to fix the mismatch
in memory pools but had a math error determining the buffer size and
didn't address other similar memory pool mismatches.
* Effectively reverted the previous patch to go in the same direction as
trunk for the returned memory pool of ast_bt_get_symbols().
* Fixed memory leak in ast_bt_get_symbols() when BETTER_BACKTRACES is
defined.
* Fixed some formatting in ast_bt_get_symbols().
* Fixed sig_pri.c freeing memory allocated by libpri when MALLOC_DEBUG is
enabled.
* Fixed __dump_backtrace() freeing memory from ast_bt_get_symbols() when
MALLOC_DEBUG is enabled.
* Moved __dump_backtrace() because of compile issues with the utils
directory.
(closes issue ASTERISK-22221)
Reported by: Matt Jordan
Walter Doekes [Thu, 22 Aug 2013 08:19:02 +0000 (08:19 +0000)]
Add _IO_stdin_used in version-script to fix SIGBUSes on Sparc.
The --version-script,asterisk.exports linker flag (and the module
exports) didn't provide _IO_stdin_used in the list of exported symbols.
That causes some kind of libc compatibility mode to kick in, where
stdio file structures (stdout/stderr) land somewhere else. In the
case of the Sparc, they landed on misaligned memory.
This became apparent first after r376428 (Reorder startup sequence)
when a lot of ast_log's were replaced with fprintf's. Writing to
stderr triggered a SIGBUS. (Compared to x86 and amd64 architectures,
the Sparc is very picky about memory alignment.)
(issue ASTERISK-21763)
(issue ASTERISK-21665)
Reported by: Jeremy Kister
Review: https://reviewboard.asterisk.org/r/2760/
Matthew Jordan [Wed, 21 Aug 2013 14:56:09 +0000 (14:56 +0000)]
Set 14400 as the default max bit rate if T38MaxBitRate is not specified
If an endpoint fails to include the T38MaxBitRate attribute during negotiation,
Asterisk will negotiate a bit rate of 2400 instead of the ITU recommended
bit rate of 14400. This patch fixes this by making AST_T38_RATE_14400 the
'default' value of the enum by assigning it a value of 0, such that if an
endpoint fails to include the attribute, the default will be 14400.
Note that Walter Doekes included the nice comment in frame.h about why we are
purposefully assigning AST_T38_RATE_14400 a value of 0.
(closes issue ASTERISK-22275)
Reported by: Andreas Steinmetz
patches:
fax-fix.patch uploaded by anstein (License 6523)
Michael L. Young [Wed, 21 Aug 2013 02:09:21 +0000 (02:09 +0000)]
Fix Not Storing Current Incoming Recv Address
In 1.8, r384779 introduced a regression by retrieving an old dialog and keeping
the old recv address since recv was already set. This has caused a problem when
a proxy is involved since responses to incoming requests from the proxy server,
after an outbound call is established, are never sent to the correct recv
address.
In 11, r382322 introduced this regression.
The fix is to revert that change and always store the recv address on incoming
requests.
Thank you Walter Doekes for helping to point out this error and Mark Michelson
for your input/review of the fix.
(closes issue ASTERISK-22071)
Reported by: Alex Zarubin
Tested by: Alex Zarubin, Karsten Wemheuer
Patches:
asterisk-22071-store-recvd-address.diff by Michael L. Young (license 5026)
projects / thirdparty / asterisk.git / log
