Jean Aunis [Thu, 7 Sep 2017 09:41:09 +0000 (11:41 +0200)]
bridge : Fix one-way direct-media when early bridging with native_rtp
When two channels were early bridged in a native_rtp bridge, the RTP description
on one side was not updated when the other side answered.
This patch forbids non-answered channels to enter a native_rtp bridge, and
triggers a bridge reconfiguration when an ANSWER frame is received.
Alexander Traud [Mon, 18 Sep 2017 15:00:31 +0000 (17:00 +0200)]
res_srtp: lower log level of auth failures
Previously, sRTP authentication failures were reported on log level WARNING.
When such failures happen, each RT(C)P packet is affected, spamming the log.
Now, those failures are reported at log level VERBOSE 2. Furthermore, the
amount is further reduced (previously all two seconds, now all three seconds).
Additionally, the new log entry informs whether media (RTP) or statistics (RTCP)
are affected.
Richard Mudgett [Fri, 25 Aug 2017 22:01:57 +0000 (17:01 -0500)]
AST-2017-008: Improve RTP and RTCP packet processing.
Validate RTCP packets before processing them.
* Validate that the received packet is of a minimum length and apply the
RFC3550 RTCP packet validation checks.
* Fixed potentially reading garbage beyond the received RTCP record data.
* Fixed rtp->themssrc only being set once when the remote could change
the SSRC. We would effectively stop handling the RTCP statistic records.
* Fixed rtp->themssrc to not treat a zero value as special by adding
rtp->themssrc_valid to indicate if rtp->themssrc is available.
ASTERISK-27274
Make strict RTP learning more flexible.
Direct media can cause strict RTP to attempt to learn a remote address
again before it has had a chance to learn the remote address the first
time. Because of the rapid relearn requests, strict RTP could latch onto
the first remote address and fail to latch onto the direct media remote
address. As a result, you have one way audio until the call is placed on
and off hold.
The new algorithm learns remote addresses for a set time (1.5 seconds)
before locking the remote address. In addition, we must see a configured
number of remote packets from the same address in a row before switching.
* Fixed strict RTP learning from always accepting the first new address
packet as the new stream.
* Fixed strict RTP to initialize the expected sequence number with the
last received sequence number instead of the last transmitted sequence
number.
* Fixed the predicted next sequence number calculation in
rtp_learning_rtp_seq_update() to handle overflow.
Sean Bright [Wed, 13 Sep 2017 19:14:25 +0000 (15:14 -0400)]
res_calendar: On reload, update all configuration
This changes the behavior of res_calendar to drop all existing calendars
and re-create them whenever a reload is done. The Calendar API provides
no way for configuration information to be pushed down to calendar
'techs' so updated settings would not take affect until a module
unload/load was done or Asterisk was restarted.
Asterisk 15+ already has a configuration option 'fetch_again_at_reload'
that performs a similar function.
Also fix a tiny memory leak in res_calendar_caldav while we're at it.
George Joseph [Wed, 13 Sep 2017 21:23:54 +0000 (15:23 -0600)]
res_pjsip: Filter out non SIP(S) requests
Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416). This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.
URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme. Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.
Sean Bright [Wed, 13 Sep 2017 14:38:11 +0000 (10:38 -0400)]
chan_rtp: Use μ-law by default instead of signed linear
Multicast/Unicast RTP do not use SDP so we need to use a format that
cleanly maps to one of the static RTP payload types. Without this
change, an Originate to a Multicast or Unicast channel without a format
specified would produce no audio on the receiving device.
George Joseph [Mon, 11 Sep 2017 10:46:35 +0000 (04:46 -0600)]
res_pjsip: Add handling for incoming unsolicited MWI NOTIFY
A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.
res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.
Walter Doekes [Sun, 10 Sep 2017 11:17:27 +0000 (13:17 +0200)]
res/res_pjsip: Fix localnet checks in pjsip, part 2.
In 45744fc53, I mistakenly broke SDP media address rewriting by
misinterpreting which address was checked in the localnet comparison.
Instead of checking the remote peer address to decide whether we need
media address rewriting, we check our local media address: if it's
local, then we rewrite. This feels awkward, but works and even made
directmedia work properly if you set local_net. (For the record: for
local peers, the SDP media rewrite code is not called, so the
comparison does no harm there.)
MS-SQL has no native Enum-type support and therefore
needs to work with constraints.
Since these constraints need unique names the suggested approach
referenced in the following alembic documentation has been applied:
http://bit.ly/2x9r8pb
chan_sip: when getting sip pvt return failure if not found
In handle_request_invite, when processing a pickup, a call
is made to get_sip_pvt_from_replaces to locate the pvt for
the subscription. The pvt is assumed to be valid when zero
is returned indicating no error, and is dereferenced which
can cause a crash if it was not found.
This change checks the not found case and returns -1 which
allows the calling code to fail appropriately.
Sean Bright [Wed, 6 Sep 2017 15:50:53 +0000 (11:50 -0400)]
app_waitforsilence: Cleanup & don't treat missing frames as 'noise'
* WaitForSilence completes successfully if it receives no media in the
specified timeout, but when acting as WaitForNoise that logic needs
to be reversed.
* Use standard argument parsing macros and add some error checking for
invalid values.
* The documentation indicated that the first argument to both
WaitForSilence and WaitForNoise was required when it was not. Update
the documentation to reflect that.
* Wrap up some behavior in structs to avoid boolean checks all over the
place.
George Joseph [Fri, 1 Sep 2017 10:17:02 +0000 (04:17 -0600)]
stasis/control: Fix possible deadlock with swap channel
If an error occurs during a bridge impart it's possible that
the "bridge_after" callback might try to run before
control_swap_channel_in_bridge has been signalled to continue.
Since control_swap_channel_in_bridge is holding the control lock
and the callback needs it, a deadlock will occur.
* control_swap_channel_in_bridge now only holds the control
lock while it's actually modifying the control structure and
releases it while the bridge impart is running.
* bridge_after_cb is now tolerant of impart failures.
chan_sip: Do not change IP address in SDP origin line (o=) in SIP reINVITE
If directmedia=yes is configured, when call is answered, Asterisk sends reINVITE
to both parties to set up media path directly between the endpoints.
In this reINVITE msg SDP origin line (o=) contains IP address of endpoint
instead of IP of asterisk. This behavior violates RFC3264, sec 8:
"When issuing an offer that modifies the session,
the "o=" line of the new SDP MUST be identical to that in the
previous SDP, except that the version in the origin field MUST
increment by one from the previous SDP."
This patch assures IP address of Asterisk is always sent in
SDP origin line.
Alexander Traud [Wed, 6 Sep 2017 08:02:19 +0000 (10:02 +0200)]
res_srtp: Add support for libsrtp2.1.
Asterisk is able to use libSRTP 2.0.x. However since libSRTP 2.1.x, the macro
SRTP_AES_ICM got renamed to SRTP_AES_ICM_128. Beside to still compile with
previous versions of libSRTP, this change allows libSRTP 2.1.x as well.
Ben Ford [Tue, 5 Sep 2017 14:35:12 +0000 (09:35 -0500)]
chan_pjsip: Suppress frame warnings.
When rtp_keepalive is on for a PJSIP endpoint dialing to another
Asterisk instance also using PJSIP, Asterisk will continue to print
warning messages about not being able to send frames of a certain
type. This suppresses that warning message.
Sean Bright [Tue, 5 Sep 2017 15:05:48 +0000 (11:05 -0400)]
formats: Restore previous fread() behavior
Some formats are able to handle short reads while others are not, so
restore the previous behavior for the format modules so that we don't
have spurious errors when playing back files.
Walter Doekes [Tue, 5 Sep 2017 14:16:01 +0000 (16:16 +0200)]
res/res_pjsip: Standardize/fix localnet checks across pjsip.
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.
For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.
Therefore, checks like this look wrong, but are right:
/* See if where we are sending this request is local or not, and if
not that we can get a Contact URI to modify */
if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
ast_debug(5, "Request is being sent to local address, "
"skipping NAT manipulation\n");
(In the list == localnet == DENY == skip NAT manipulation.)
And conversely, other checks that looked right, were wrong.
This change adds two macro's to reduce the confusion and uses those
instead:
George Joseph [Tue, 5 Sep 2017 10:23:04 +0000 (04:23 -0600)]
res_pjsip_t38: Make t38_reinvite_response_cb tolerant of NULL channel
t38_reinvite_response_cb can get called by res_pjsip_session's
session_inv_on_tsx_state_changed in situations where session->channel
is NULL. If it is, the ast_log warning segfaults because it tries
to get the channel name from a NULL channel.
* Check session->channel and print "unknown channel" when it's NULL.
sanitize_tdata was assuming all URIs were SIP URIs so when a non
SIP uri was in the From, To or Contact headers, the unconditional
cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused
a segfault when trying to access uri->other_param.
* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)
checks before attempting to cast or use the returned uri.
ASTERISK-27152 Reported-by: Ross Beer
Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
Joshua Colp [Mon, 22 May 2017 15:36:38 +0000 (15:36 +0000)]
res_rtp_asterisk: Only learn a new source in learn state.
This change moves the logic which learns a new source address
for RTP so it only occurs in the learning state. The learning
state is entered on initial allocation of RTP or if we are
told that the remote address for the media has changed. While
in the learning state if we continue to receive media from
the original source we restart the learning process. It is
only once we receive a sufficient number of RTP packets from
the new source that we will switch to it. Once this is done
the closed state is entered where all packets that do not
originate from the expected source are dropped.
The learning process has also been improved to take into
account the time between received packets so a flood of them
while in the learning state does not cause media to be switched.
Finally RTCP now drops packets which are not for the learned
SSRC if strict RTP is enabled.
Richard Mudgett [Tue, 29 Aug 2017 19:22:15 +0000 (14:22 -0500)]
bridge_native_rtp.c: Fixup native_rtp_framehook()
* Fix framehook to test frame type for control frame.
* Made framehook exit early if frame type is not a control frame.
* Eliminated RAII_VAR in framehook.
* Use switch instead of else-if ladder for control frame handling.
Sean Bright [Fri, 25 Aug 2017 18:44:35 +0000 (14:44 -0400)]
voicemail: Fix various abuses of mkstemp
mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.
In the case of app_minivm, we also now properly clean up any temporary
files that we create.
Sean Bright [Fri, 25 Aug 2017 17:20:16 +0000 (13:20 -0400)]
app_record: Resolve some absolute vs. relative filename bugs
If the Record() application is called with a relative filename that
includes directories, we were not properly creating the intermediate
directories and Record() would fail.
Secondarily, updated the documentation for RECORDED_FILE to mention
that it does not include a filename extension.
Finally, rewrote the '%d' functionality to be a bit more straight
forward and less noisy.
Torrey Searle [Mon, 21 Aug 2017 09:28:52 +0000 (11:28 +0200)]
res/res_pjsip_session: allow SDP answer to be regenerated
If an SDP answer hasn't been sent yet, it's legal to change it.
This is required for PJSIP_DTMF_MODE to work correctly, and can
also have use in the future for updating codecs too.
Michael Kuron [Sun, 20 Aug 2017 13:15:37 +0000 (15:15 +0200)]
res_xmpp: fix inverted return code check in OAuth
fetch_access_token calls func_curl via ast_func_read. The latter returns 0 upon
success and -1 if the function is not available.
This commit inverts the return code check so that an error is printed if the
module is not loaded and not if it is loaded.
George Joseph [Wed, 16 Aug 2017 20:43:10 +0000 (14:43 -0600)]
Fix downloader not working with curl
The codec/dpma downloader wasn't handling curl correctly. The logic
that transforms makeopts into a bash-sourceable file wasn't
handling the make 'or' command in DOWNLOAD_TIMEOUT so bash was
looking for an 'or' command.
That logic has been eliminated. Instead of trying to transform
and source makeopts, the downloader now calls a make scriptlet
to print the value of a specific variable. This way, make handles
the ors (or any other make construct that happens to creep into
that file).
Richard Mudgett [Tue, 15 Aug 2017 20:15:58 +0000 (15:15 -0500)]
configure: Check cache for valid pjproject tarball before downloading.
On a fresh Asterisk source directory, the bundled pjproject tarball is
unconditionally downloaded even if the tarball is already in a specified
cache directory.
* Made check if the pjproject tarball is valid in the cache directory
before downloading the tarball on a fresh source directory.
Richard Mudgett [Tue, 15 Aug 2017 16:14:20 +0000 (11:14 -0500)]
res_pjsip: Fix prune_on_boot to remove only contacts for the host.
* Check that the contact's reg_server matches the host's name before
deleting any prune_on_boot contacts. We don't want to delete reliable
transport contacts made with other servers if the ps_contacts database
table is shared with other servers.
Thanks to Ross Beer for pointing out that the original prune logic would
delete reliable transport contacts from other servers.
Richard Mudgett [Thu, 10 Aug 2017 19:18:01 +0000 (14:18 -0500)]
STUN/netsock2: Fix some valgrind uninitialized memory findings.
* netsock2.c: Test the addr->len member first as it may be the only member
initialized in the struct.
* stun.c:ast_stun_handle_packet(): The combinded[] local array could get
used uninitialized by ast_stun_request(). The uninitialized string gets
copied to another location and could overflow the destination memory
buffer.
These valgrind findings were found for ASTERISK_27150 but are not
necessarily a fix for the issue.
Richard Mudgett [Wed, 2 Aug 2017 23:44:12 +0000 (18:44 -0500)]
res_pjsip_outbound_registration.c: Re-REGISTER on transport shutdown.
The fix for the issue is broken up into three parts.
This is part three which handles the client side of REGISTER requests.
The registered contact may no longer be valid on the server when the
transport used is reliable and the connection is broken.
* Re-REGISTER our contact if the reliable transport is broken after
registration completes. We attempt to re-REGISTER immediately to minimize
the time we are unreachable. Time may have already passed between the
connection being broken and the loss being detected.
* Reorder sip_outbound_registration_state_alloc() so the STATSD_GUAGE's
are still correct if an allocation failure happens.
Richard Mudgett [Mon, 31 Jul 2017 19:21:06 +0000 (14:21 -0500)]
res_pjsip: Remove ephemeral registered contacts on transport shutdown.
The fix for the issue is broken up into three parts.
This is part two which handles the server side of REGISTER requests when
rewrite_contact is enabled. Any registered reliable transport contact
becomes invalid when the transport connection becomes disconnected.
* Monitor the rewrite_contact's reliable transport REGISTER contact for
shutdown. If it is shutdown then the contact must be removed because it
is no longer valid. Otherwise, when the client attempts to re-REGISTER it
may be blocked because the invalid contact is there. Also if we try to
send a call to the endpoint using the invalid contact then the endpoint is
not likely to see the request. The endpoint either won't be listening on
that port for new connections or a NAT/firewall will block it.
* Prune any rewrite_contact's registered reliable transport contacts on
boot. The reliable transport no longer exists so the contact is invalid.
* Websockets always rewrite the REGISTER contact address and the transport
needs to be monitored for shutdown.
* Made the websocket transport set a unique name since that is what we use
as the ao2 container key. Otherwise, we would not know which transport we
find when one of them shuts down. The names are also used for PJPROJECT
debug logging.
* Made the websocket transport post the PJSIP_TP_STATE_CONNECTED state
event. Now the global keep_alive_interval option, initially idle shutdown
timer, and the server REGISTER contact monitor can work on wetsocket
transports.
* Made the websocket transport set the PJSIP_TP_DIR_INCOMING direction.
Now initially idle websockets will automatically shutdown.
Richard Mudgett [Fri, 28 Jul 2017 23:26:17 +0000 (18:26 -0500)]
res_pjsip: PJSIP Transport state monitor refactor.
The fix for the issue is broken up into three parts.
This is part one which refactors the transport state monitor code to allow
more modules to be able to monitor transports.
* Pull the management of PJPROJECT's transport state callback code from
res_pjsip_transport_management.c into res_pjsip. Now other modules can
dynamically add and remove themselves from transport monitoring without
worrying about breaking PJPROJECT's callback chain.
* Add the ability for other modules to get a callback whenever a specific
transport is shutdown.
projects / thirdparty / asterisk.git / log
