Corey Farrell [Mon, 27 Mar 2017 14:03:49 +0000 (10:03 -0400)]
CDR: Protect from data overflow in ast_cdr_setuserfield.
ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
result in a buffer overrun when called from chan_sip or func_cdr. This patch
adds a maximum bytes written to the field by using ast_copy_string instead.
ASTERISK-26897 #close
patches:
0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
by Corey Farrell (license #5909)
Joshua Colp [Fri, 31 Mar 2017 21:31:24 +0000 (21:31 +0000)]
res_pjsip_session: Allow BYE to be sent on disconnected session.
It is perfectly acceptable for a BYE to be sent on a disconnected
session. This occurs when we respond to a challenge to the BYE
for authentication credentials.
Corey Farrell [Thu, 30 Mar 2017 23:28:18 +0000 (19:28 -0400)]
Forward declare 'struct ast_json' in asterisk.h
The ast_json structure is used in many Asterisk headers and is often the
only part of json.h used. This adds a forward declaration to asterisk.h
and removes the include of json.h from many headers. The declaration
has been left in endpoints.h and stasis.h to avoid problems with source
files that use ast_json functions without directly including json.h.
ari.h continues to include json.h as it uses enum
ast_json_encoding_format.
Walter Doekes [Tue, 28 Mar 2017 18:01:16 +0000 (20:01 +0200)]
build: Fix deb build issues with fakeroot
If DESTDIR is set, don't call ldconfig. Assume that DESTDIR is used to
create a binary archive. The ldconfig call should be delegated to the
archive postinst script. This fixes the case where fakeroot wraps 'make
install' causing $EUID to be 0 even though it doesn't have permission to
call ldconfig.
The previous logic in configure.ac to detect and correct libdir
has been removed as it was not completely accurate. CentOS 64-bit
users should again specifiy --libdir=/usr/lib64 when configuring
to prevent install to /usr/lib.
Updated Makefile:check-old-libdir to check for orphans in
lib64 when installing to lib as well as orphans in lib when installing
to lib64.
Updated Makefile and main/Makefile uninstall targets to remove the
orphans using the new logic.
Sean Bright [Wed, 29 Mar 2017 15:11:51 +0000 (11:11 -0400)]
astobj2: Prevent potential deadlocks with ao2_global_obj_release
The ao2_global_obj_release() function holds an exclusive lock on the
global object while it is being dereferenced. Any destructors that
run during this time that call ao2_global_obj_ref() will deadlock
because a read lock is required.
Instead, we make the global object inaccessible inside of the write
lock and only dereference it once we have released the lock. This
allows the affected destructors to fail gracefully.
While this doesn't completely solve the referenced issue (the error
message about not being able to create an IQ continues to be shown)
it does solve the backtrace spew that accompanied it.
Joshua Colp [Tue, 28 Mar 2017 23:04:13 +0000 (18:04 -0500)]
Merge changes from topic 'ASTERISK-24712' into 13
* changes:
res_xmpp: Use incremental backoff when a read error occurs
res_xmpp: Try to provide useful errors messages from OpenSSL
res_xmpp: Correctly check return value of SSL_connect
George Joseph [Tue, 28 Mar 2017 18:10:32 +0000 (12:10 -0600)]
res_pjsip_config_wizard: Add 2 new parameters to help with proxy config
Two new parameters have been added to the pjsip config wizard.
* Setting 'sends_line_with_registrations' to true will cause the wizard
to skip the creation of an identify object to match incoming request
to the endpoint and instead add the line and endpoint parameters to
the outbound registration object.
* Setting 'outbound_proxy' is a shortcut for adding individual
endpoint/outbound_proxy, aor/outbound_proxy and
registration/outbound_proxy parameters.
Josh Roberson [Mon, 27 Mar 2017 16:49:08 +0000 (11:49 -0500)]
cel_pgsql.c: Fix buffer overflow calling libpq
PQEscapeStringConn() expects the buffer passed in to be an
adequitely sized buffer to write out the escaped SQL value string
into. It is possible, for large values (such as large values to
Dial with a lot of devices) to have more than our 512+1 byte
allocation and thus cause libpq to create a buffer overrun.
glibc will nicely ABRT asterisk for you, citing a stack smash.
Let's only allocate it to be as large as needed:
If we have a value, then (strlen(value) * 2) + 1 (as recommended
by libpq), and if we have none, just one byte to hold our null
will do.
Sean Bright [Mon, 27 Mar 2017 13:58:17 +0000 (09:58 -0400)]
res_musiconhold: Don't chdir() when scanning MoH files
There doesn't appear to be any reason that we are chdir'ing in
moh_scan_files, and in the event of an Asterisk crash, the core files
may not get written because we have changed into a read-only directory.
Sean Bright [Thu, 23 Mar 2017 10:19:18 +0000 (06:19 -0400)]
res_xmpp: Fix ref counting issue
The only remaining reference to the endpoint is in the endpoints
container, and because it is unlinked in ast_endpoint_shutdown, we don't
have to explicitly cleanup the endpoint ourselves.
Sean Bright [Thu, 23 Mar 2017 14:45:35 +0000 (10:45 -0400)]
res_xmpp: Try to provide useful errors messages from OpenSSL
If any errors occur during the TLS connection setup, we currently dump a
fairly generic error message. So instead we try to pull in something
useful from OpenSSL to report instead.
Sean Bright [Fri, 24 Mar 2017 16:29:10 +0000 (12:29 -0400)]
res_pjsip_sdp_rtp: Set hangup cause for RTP timeouts
chan_sip sets the hangup cause code to AST_CAUSE_REQUESTED_CHAN_UNAVAIL
(44) when a channel is hung up due to an RTP timeout. So do the same
when it happens with PJSIP for parity.
Kevin Harwell [Thu, 23 Mar 2017 17:07:09 +0000 (12:07 -0500)]
pjproject_bundled: raise timeout value used when downloading
After configuring Asterisk with '--with-pjproject-bundled' the configure/build
process attempts to download pjproject from its download site. Currently, a
timeout of 10 seconds is used that will stop the download process if pjproject
has not been fully downloaded in that time. For some systems this was not enough
time and the process was timing out too early.
This patch raises the download timeout value to '60'. Also, this patch fixes
another bug where the DOWNLOAD_TIMEOUT variable was not being properly exported
due to a naming error. DOWNLOAD_MAX_TIMEOUT is now properly renamed to
DOWNLOAD_TIMEOUT.
Sean Bright [Thu, 23 Mar 2017 01:33:02 +0000 (21:33 -0400)]
res_xmpp: Correct implementation of JABBER_STATUS & JabberStatus
The documentation for JABBER_STATUS (and the deprecated JabberStatus
app) indicate that a return value of 7 indicates that the specified
buddy was not in the roster. It also indicates that you can specify a
"bare" JID (one without a resource). Unfortunately the actual behavior
does not match the documented behavior.
Assuming that our roster includes the buddy online and available
"valid@example.org/Valid" and does *not* include the buddy
"invalid@example.org", the JABBER_STATUS() function returns the
following before this patch:
+------------------------------+------------+--------------------------+
| Buddy | Status | Result |
+------------------------------+------------+--------------------------+
| valid@example.org | Online | 7 (Not in roster) |
| valid@example.org/Valid | Online | 1 (Online) |
| valid@example.org/Invalid | N/A | 7 (Not in roster) |
| invalid@example.org | N/A | Error logged, no return |
| invalid@example.org/Valid | N/A | Error logged, no return |
+------------------------------+------------+--------------------------+
Sean Bright [Wed, 22 Mar 2017 22:32:37 +0000 (18:32 -0400)]
res_xmpp: Don't crash when trying to send a message without a connection
If we never establish a connection to our Jabber server, iksemel never sets up
its internal transport pointer, so attempting to send a message dereferences a
NULL pointer and causes a crash.
cdr: Allow setting of user field from 'h' extension
The CDR code previously did not allow the user field to be set
from the 'h' extension in the dialplan. This change removes that
limitation and allows it to be set.
Support for RFC3578 overlap dialling (i.e. 484 Response to partially matched
destinations) as currently provided by chan_sip is missing from res_pjsip.
This patch adds a new endpoint attribute (allow_overlap) [defaults to yes]
which when set to yes enables 484 responses to partial destination
matches rather than the current 404.
Sean Bright [Tue, 21 Mar 2017 11:59:12 +0000 (07:59 -0400)]
res_hep: Capture actual transport type in use
Rather than hard-coding UDP, allow consumers of the HEP API to specify
which protocol is in use. Update the PJSIP provider to pass in the
current protocol type.
Sean Bright [Tue, 21 Mar 2017 13:26:28 +0000 (09:26 -0400)]
res_pjsip_messaging: Check URI type before dereferencing
We aren't validating that the URI we just parsed is a SIP/SIPS one before
trying to access the user, host, and port members of a possibly uninitialized
structure.
Also update the MessageSend documentation to indicate what 'from' formats are
accepted.
Sean Bright [Mon, 20 Mar 2017 21:27:24 +0000 (17:27 -0400)]
bridge_softmix: Ignore non-voice frames from translator
Some codecs - codec_speex specifically - take voice frames and return
other types of frames, like CNG. If we subsequently treat those as
voice frames, we'll run into trouble when destroying the frame because
of the requirement that each voice frame have an associated format.
Aaron An [Wed, 15 Mar 2017 04:49:12 +0000 (12:49 +0800)]
audiohook.c: Lost RTP packets lead to out-of-sync MixMonitor.
Fixed a bug in function "ast_audiohook_write_frame" that checked the
variable other_factory_samples and only flushed the factories, so they
would be in sync, when other_factory_samples > 0. When there is not any
rtp incoming the variable other_factory_samples will be 0, and although
the result of "our_factory_ms - other_factory_ms" may be very large,
this led to the record file not syncing.
ASTERISK-26875 #close Reported-by: Aaron An Tested-by: Aaron An
Change-Id: Ia4d890fb8fc1636a7188502bab35f555685aea22
Sean Bright [Sat, 18 Mar 2017 17:30:32 +0000 (13:30 -0400)]
thread safety: Don't use getprotobyname()
POSIX does not require getprotobyname() to be thread safe and some
implementations use static memory which causes issues when multiple
threads are used.
Further, our usage of it today is just to ultimately get IPPROTO_TCP
for calls to setsockopt(). So instead we just use IPPROTO_TCP directly.
Richard Mudgett [Thu, 23 Feb 2017 05:26:13 +0000 (23:26 -0600)]
CHANNEL(callid): Give dialplan access to the callid.
* Added CHANNEL(callid) to retrieve the call identifier log tag associated
with the channel. Dialplan now has access to the call log search key
associated with the channel so it can be saved in case there is a problem
with the call.
Sean Bright [Thu, 16 Mar 2017 13:42:54 +0000 (09:42 -0400)]
app_queue: Fix locking behavior in stasis message handlers
The queue_stasis_data structure contains various mutable fields that require
appropriate locking. Specifically, the 'dying,' 'member_uniqueid,' and
'caller_uniqueid' fields need to be locked when read from or written to.
Matt Jordan [Thu, 16 Mar 2017 15:39:00 +0000 (10:39 -0500)]
res/res_pjsip_session: Only check localnet if it is defined
If local_net is not defined on a transport, transport_state->localnet
will be NULL. ast_apply_ha will, be default, return AST_SENSE_ALLOW in
this case, causing the external_media_address, if set, to be skipped.
This patch causes us to only check if we are sending within a network if
local_net is defined.
Richard Begg [Tue, 14 Mar 2017 21:22:42 +0000 (08:22 +1100)]
res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport
Currently a wildcard address is used for the local RTP socket, which
will not always result in the same address as used by the SIP socket
(e.g. if explicit transport addresses are configured).
Use the transport's host address when binding new local RTP sockets if
available.
George Joseph [Tue, 7 Mar 2017 14:33:26 +0000 (07:33 -0700)]
res_pjsip: Symmetric transports
A new transport parameter 'symmetric_transport' has been added.
When a request from a dynamic contact comes in on a transport with
this option set to 'yes', the transport name will be saved and used
for subsequent outgoing requests like OPTIONS, NOTIFY and INVITE.
It's saved as a contact uri parameter named 'x-ast-txp' and will
display with the contact uri in CLI, AMI, and ARI output. On the
outgoing request, if a transport wasn't explicitly set on the
endpoint AND the request URI is not a hostname, the saved transport
will be used and the 'x-ast-txp' parameter stripped from the
outgoing packet.
* config_transport was modified to accept and store the new parameter.
* config_transport/transport_apply was updated to store the transport
name in the pjsip_transport->info field using the pjsip_transport->pool
on UDP transports.
* A 'multihomed_on_rx_message' function was added to
pjsip_message_ip_updater that, for incoming requests, retrieves the
transport name from pjsip_transport->info and retrieves the transport.
If transport->symmetric_transport is set, an 'x-ast-txp' uri parameter
containing the transport name is added to the incoming Contact header.
* An 'ast_sip_get_transport_name' function was added to res_pjsip.
It takes an ast_sip_endpoint and a pjsip_sip_uri and returns a
transport name if endpoint->transport is set or if there's an
'x-ast-txp' parameter on the uri and the uri host is an ipv4 or
ipv6 address. Otherwise it returns NULL.
* An 'ast_sip_dlg_set_transport' function was added to res_pjsip
which takes an ast_sip_endpoint, a pjsip_dialog, and an optional
pjsip_tpselector. It calls ast_sip_get_transport_name() and if
a non-NULL is returned, sets the selector and sets the transport
on the dialog. If a selector was passed in, it's updated.
* res_pjsip/ast_sip_create_dialog_uac and ast_sip_create_dialog_uas
were modified to call ast_sip_dlg_set_transport() instead of their
original logic.
* res_pjsip/create_out_of_dialog_request was modified to call
ast_sip_get_transport_name() and pjsip_tx_data_set_transport()
instead of its original logic.
* Existing transport logic was removed from endpt_send_request
since that can only be called after a create_out_of_dialog_request.
* res_pjsip/ast_sip_create_rdata was converted to a wrapper around
a new 'ast_sip_create_rdata_with_contact' function which allows
a contact_uri to be specified in addition to the existing
parameters. (See below)
* res_pjsip_pubsub/internal_pjsip_evsub_send_request was eliminated
since all it did was transport selection and that is now done in
ast_sip_create_dialog_uac and ast_sip_create_dialog_uas.
* 'contact_uri' was added to subscription_persistence. This was
necessary because although the parsed rdata contact header has the
x-ast-txp parameter added (if appropriate),
subscription_persistence_update stores the raw packet which
doesn't have it. subscription_persistence_recreate was then
updated to call ast_sip_create_rdata_with_contact with the
persisted contact_uri so the recreated subscription has the
correct transport info to send the NOTIFYs.
* res_pjsip_session/internal_pjsip_inv_send_msg was eliminated since
all it did was transport selection and that is now done in
ast_sip_create_dialog_uac.
* pjsip_message_ip_updater/multihomed_on_tx_message was updated
to remove all traces of the x-ast-txp parameter from the
outgoing headers.
NOTE: This change does NOT modify the behavior of permanent
contacts specified on an aor. To do so would require that the
permanent contact's contact uri be updated with the x-ast-txp
parameter and the aor sorcery object updated. If we need to
persue this, we need to think about cloning permanent contacts into
the same store as the dynamic ones on an aor load so they can be
updated without disturbing the originally configured value.
You CAN add the x-ast-txp parameter to a permanent contact's uri
but it would be much simpler to just set endpoint->transport.
Richard Mudgett [Wed, 15 Mar 2017 18:24:33 +0000 (13:24 -0500)]
autochan/mixmonitor/chanspy: Fix unsafe channel locking and references.
Dereferencing struct ast_autochan.chan without first calling
ast_autochan_channel_lock() is unsafe because the pointer could change at
any time due to a masquerade. Unfortunately, ast_autochan_channel_lock()
itself uses struct ast_autochan.chan unsafely and can result in a deadlock
if the original channel happens to get destroyed after a masquerade in
addition to the pointer getting changed.
The problem is more likely to happen with v11 and earlier because
masquerades are used to optimize out local channels on those versions.
However, it could still happen on newer versions if the channel is
executing a dialplan application when the channel is transferred or
redirected. In this situation a masquerade still must be used.
* Added a lock to struct ast_autochan to safely be able to use
ast_autochan.chan while trying to get the channel lock in
ast_autochan_channel_lock(). The locking order is the channel lock then
the autochan lock. Locking in the other direction requires deadlock
avoidance.
* Fix unsafe ast_autochan.chan usages in app_mixmonitor.c.
* Fix unsafe ast_autochan.chan usages in app_chanspy.c.
* app_chanspy.c: Removed unused autochan parameter from next_channel().
projects / thirdparty / asterisk.git / log
