Joshua Colp [Sat, 15 Nov 2014 18:27:56 +0000 (18:27 +0000)]
res_pjsip: Enforce requirements for session timer minimum expiration period and normal expiration period.
This change enforces the requirements in PJSIP for session timer configuration. The minimum
expiration period must be 90 seconds or higher and the normal expiration period can not
be lower than the minimum expiration period. If either of these were done the code would
assert at session setup time.
Matthew Jordan [Sat, 15 Nov 2014 16:56:20 +0000 (16:56 +0000)]
cel/cel_odbc: Provide microsecond precision in 'eventtime' column when possible
This patch adds microsecond precision when inserting a CEL record into a table
with an "eventtime" column of type timestamp, instead of second precision. The
documentation (configs/cel_odbc.conf.sample) was already saying that the
eventtime column included microseconds precision, but that was not the case.
Also, without this patch, if you had a table with an "eventtime" column of
type varchar, you had millisecond precision. With this patch, you also get
microsecond precision in this case.
stun: correct attribute string padding to match rfc
When sending the USERNAME attribute in an RTP STUN
response, the implementation in append_attr_string
passed the actual length, instead of padding it up
to a multiple of four bytes as required by the RFC
3489. This change adds separate variables for the
string and padded attributed lengths, and performs
padding correctly.
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/4139/
........
Merged revisions 427874 from http://svn.asterisk.org/svn/asterisk/branches/11
Mark Michelson [Fri, 14 Nov 2014 15:00:45 +0000 (15:00 +0000)]
Fix race condition that could result in ARI transfer messages not being sent.
From reviewboard:
"During blind transfer testing, it was noticed that tests were failing
occasionally because the ARI blind transfer event was not being sent.
After investigating, I detected a race condition in the blind transfer
code. When blind transferring a single channel, the actual transfer
operation (i.e. removing the transferee from the bridge and directing
them to the proper dialplan location) is queued onto the transferee
bridge channel. After queuing the transfer operation, the blind transfer
Stasis message is published. At the time of publication, snapshots of
the channels and bridge involved are created. The ARI subscriber to the
blind transfer Stasis message then attempts to determine if the bridge
or any of the involved channels are subscribed to by ARI applications.
If so, then the blind transfer message is sent to the applications. The
way that the ARI blind transfer message handler works is to first see
if the transferer channel is subscribed to. If not, then iterate over
all the channel IDs in the bridge snapshot and determine if any of
those are subscribed to. In the test we were running, the lone
transferee channel was subscribed to, so an ARI event should have been
sent to our application. Occasionally, though, the bridge snapshot did
not have any channels IDs on it at all. Why?
The problem is that since the blind transfer operation is handled by a
separate thread, it is possible that the transfer will have completed and
the channels removed from the bridge before we publish the blind transfer
Stasis message. Since the blind transfer has completed, the bridge on
which the transfer occurred no longer has any channels on it, so the
resulting bridge snapshot has no channels on it. Through investigation of
the code, I found that attended transfers can have this issue too for the
case where a transferee is transferred to an application."
The fix employed here is to decouple the creation of snapshots for the transfer
messages from the publication of the transfer messages. This way, snapshots
can be created to reflect what they are at the time of the transfer operation.
Joshua Colp [Fri, 14 Nov 2014 14:55:40 +0000 (14:55 +0000)]
app_confbridge: Play "leader has left" sound even when musiconhold is enabled.
Currently if the leader of a conference bridge leaves any participant
that has musiconhold enabled will not hear the "leader has left" sound.
This is because musiconhold is started and THEN the sound is played.
This change makes it so that the sound is played and THEN musiconhold
is started. This provides a better experience for users as they may not
have known previously why they went back to musiconhold.
Mark Michelson [Fri, 14 Nov 2014 14:21:55 +0000 (14:21 +0000)]
Fix a possible race condition where duplicate requests may be handled by separate threads.
If an endpoint retransmits a request, it's possible due to temporary load
that Asterisk may end up processing both requests at the same time in separate
threads. One thread will successfully handle the request, while the other thread
fails to handle the request since the first thread already registered the
transaction with the PJSIP core.
The fix here is to detect the duplicated transaction failure and to silently
absorb the request since another thread should be properly handling the request.
When using a non-default sorcery wizard (in this instance realtime) for
outbound registrations and after adding in an appropriate call to
ast_sorcery_apply_config() (since it is missing) Asterisk will crash after
a stack overflow occurs due to the code infinitely recursing. The fix entails
removing the outbound registration state dependency from the outbound
registration sorcery object and instead keeping an in memory container that
can be used to lookup the state when needed.
ASTERISK-24514
Reported by: Mark Michelson
Review: https://reviewboard.asterisk.org/r/4164/
Kinsey Moore [Thu, 13 Nov 2014 15:42:28 +0000 (15:42 +0000)]
Stasis: Fix StasisEnd message ordering
This change corrects message ordering in cases where a channel-related
message can be received after a Stasis/ARI application has received the
StasisEnd message. The StasisEnd message was being passed to
applications directly without waiting for the channel topic to empty.
As a result of this fix, other bugs were also identified and fixed:
* StasisStart messages were also being sent directly to apps and are
now routed through the stasis message bus properly
* Masquerade monitor datastores were being removed at the incorrect
time in some cases and were causing StasisEnd messages to not be sent
* General refactoring where necessary for the above
* Unsubscription on StasisEnd timing changes to prevent additional
messages from following the StasisEnd when they shouldn't
A channel sanitization function pointer was added to reduce processing
and AO2 lookups.
Review: https://reviewboard.asterisk.org/r/4163/
ASTERISK-24501 #close
Reported by: Matt Jordan
Matthew Jordan [Wed, 12 Nov 2014 23:59:33 +0000 (23:59 +0000)]
main/rtp_engine: Fix crash when processing more than one RTCP report info block
Asterisk - in res_rtp_asterisk - only understands a single RTCP report info
block. When the RTCP information was refactored in the RTP Engine to be pushed
over the Stasis message bus, I put in the hooks into the engine to handle
multiple RTCP report info blocks, in the hope that a future RTP implementation
would be able to provide that data. Unfortunately, res_rtp_asterisk has a
tendency to "lie":
(1) It will send RTCP reports with a reception_report_count greater than 1
(which is pulled directly from the RTCP packet itself, so that part is
correct)
(2) It will only provide a single report block
When the rtp_engine goes to convert this to a JSON blob, hilarity ensues as it
looks for a report block that doesn't exist.
This patch updates the rtp_engine to be a bit more skeptical about what it is
presented with. While this could also be fixed in res_rtp_asterisk, this patch
prefers to fix it in the engine for two reasons:
(1) The engine is designed to work with multiple RTP implementation, and hence
having it be more robust is a good thing (tm)
(2) res_rtp_asterisk's handling of RTCP information is "fun". It should report
the correct reception_report_count; ideally it should also be giving us all
of the blocks - but it is *definitely* not designed to do that. Going down
that road is a non-trivial effort.
Joshua Colp [Wed, 12 Nov 2014 16:11:37 +0000 (16:11 +0000)]
pbx: Fix off-nominal case where a freed extension may still be used.
If during the operation of adding an extension a priority is added but
fails it is possible for the extension to be freed but still exist in
the PBX core. If this occurs subsequent lookups may try to access the
extension and end up in freed memory.
This change removes the extension from the PBX core when the priority
addition fails and then frees the extension.
Corey Farrell [Wed, 12 Nov 2014 13:45:34 +0000 (13:45 +0000)]
Fix compiler error when using ./configure --enable-dev-mode --enable-coverage
When DONT_OPTIMIZE is enabled with dev-mode, it causes a shadow compilation
to be done with output to /dev/null. This can cause errors with coverage
when GCC attempts to write to /dev/null.gcno. This change disables
coverage for the shadow compilation.
In chan_agent, a '*' is used by default to terminate a bridge with a caller.
This can lead to all sorts of problems if '*' is used by a feature in
features.conf, as the chan_agent disconnect '*' may be detected first.
This patch adds a documentation snippet to features.conf so that users who
attempt to use features with agents know of the potential conflict.
ASTERISK-20402 #close
Reported by: Matt Riddell
patches:
features.conf.diff uploaded by Matt Riddell (License 5023)
Matthew Jordan [Sun, 9 Nov 2014 00:37:25 +0000 (00:37 +0000)]
channels/chan_mgcp: Fix regression which causes gateways to be skipped
In r227276, a while loop was turned into a for loop. Unfortunately, a portion
of the while loop was left in the code such that, when a static gateway is
encountered in the list of MGCP gateways, the next gateway would be skipped.
At best, we would simply flip past a gateway; at worst, this could lead to a
crash.
Matthew Jordan [Sun, 9 Nov 2014 00:25:18 +0000 (00:25 +0000)]
addons/chan_mobile: Increase buffer size of UCS2 encoded SMS messages
When UCS2 character encoding is used, one symbol in national language can be
expanded to 4 bytes. The current buffer used for receiving message in
do_monitor_phone is 256 bytes, which is not large enough for incoming messages.
For example:
* AT+CMGR phone response prefix
'+CMGR: "REC UNREAD","+7**********",,"14/10/29,13:31:39+12"\r\n' - 60 bytes
* SMS body with UCS2 encoding (max) - 280 bytes
* AT+CMGR phone response suffix '\r\n\r\nOK\r\n' - 8 bytes
* Terminating null character - 1 byte
This results in a needed buffer size of 349 bytes. Hence, this patch opts for a
350 byte buffer.
Matthew Jordan [Sun, 9 Nov 2014 00:00:09 +0000 (00:00 +0000)]
bridge_native_rtp: Fix T.38 issues with remote bridges
After r425242 the fax/sip/directmedia_reinvite_t38 test started failing due to
the surviving channel not being re-INVITEd back from T.38 to audio. This patch
fixes that bug - a deeper explanation of what happened follows.
When two RTP channels are in a native bridge, the bridging layer will
investigate each via the get_rtp_info glue callback. This callback returns the
native bridge preference of the channel *at that moment in time* (that part is
key). At different points during the bridging, the native bridging layer will
inform the RTP capable channels of the status of the bridge via the update_peer
glue callback.
In a T.38 scenario with audio direct media, the sequence of events will often
look like the following:
* SIP/A and SIP/B both have audio and enter a native bridge.
* Asterisk re-INVITEs audio between SIP/A and SIP/B directly (via an
update_peer callback).
* SIP/A sends a re-INVITE to T.38, which causes Asterisk to send a re-INVITE
to T.38 to SIP/B. Assuming everyone 200 OKs the process, the UDPTL stack
receives UDPTL packets in Asterisk from both endpoints. From the perspective
of the channels, we are now in a local bridge for T.38, even though we are
technically still in a remote bridge in bridge_native_rtp. (YAY!)
* When one side hangs up, bridge_native_rtp is told to stop bridging. It then
re-evaluates the channels and asks them how they are bridged - and since
T.38 is enabled, they reply with a Local bridge (which is correct), but is
wrong because the audio portion is still technically in a remote bridge.
* Asterisk releases the surviving channel, whose audio is *not* re-INVITED
back to Asterisk as bridge_native_rtp incorrectly assumes that it was in a
local bridge.
Ironically, prior to r425242, this used to work mostly due to a fluke in the
bridging layer.
The purpose of the get_rtp_info callback shouldn't be modified: it should tell
the bridging layer what kind of bridge the channel prefers at that moment in
time. If you have T.38 enabled, that *must* be a local bridge, as the UDPTPL
stack must be in the media path. As such, this patch does not modify that
part of the code.
However, we have to tell the channels to re-evaluate themselves when they come
out of a native bridge, since we can no longer trust the get_rtp_info callbacks
when the native bridge is being stopped. Something else may have changed in the
channels, and they may now be lying to us. As such, this patch makes it so that
we unilaterally tell the channels that they are no longer bridged via the
update_peer callback. This is actually what the channels expect anyway: code in
both chan_sip and chan_pjsip's callbacks look at the T.38 state and - if they
were in T.38 - send a re-INVITE to get the audio back to Asterisk.
Richard Mudgett [Thu, 6 Nov 2014 19:21:26 +0000 (19:21 +0000)]
app_agent_pool: Made agent alert interruptable by DTMF.
Made agent able to interrupt the alerting beep playback with DTMF. Any
digit can interrupt if the call does not need to be acknowledged. Only
the first digit of the acknowledgement can interrupt if the call needs to
be acknowledged. The agent interrupting the alerting playback builds on
the ASTERISK-24447 patch because it knows what digit interrupted the
playback and needs to be able to pass that digit to the DTMF hook digit
collection code.
Joshua Colp [Thu, 6 Nov 2014 18:20:12 +0000 (18:20 +0000)]
res_pjsip: Ensure in-dialog responses have an endpoint associated.
When handling incoming messages we determine if it is associated with
a dialog. If so we use that to determine what serializer and endpoint
to use for the message. Previously this would pass the endpoint to the
endpoint lookup module to actually place the endpoint completely on the
message. For in-dialog responses, however, this did not occur as
dialog processing took over and the endpoint lookup did not occur.
This change just places the endpoint in the expected spot immediately
instead of relying on the endpoint lookup module. In-dialog responses
thus have the expected endpoint.
Corey Farrell [Thu, 6 Nov 2014 12:12:47 +0000 (12:12 +0000)]
main/file.c: fix possible extra ast_module_unref to format modules.
fn_wrapper only adds a reference to the format's module if the file
was able to be opened. If not this causes an unmatched
ast_module_unref in filestream_destructor. Move ast_module_ref to
get_stream.
George Joseph [Wed, 5 Nov 2014 15:05:00 +0000 (15:05 +0000)]
Recorded merge of revisions 427328 from http://svn.asterisk.org/svn/asterisk/branches/11
........
config: Make text_file_save and 'dialplan save' escape semicolons in values.
When a config file is read, an unescaped semicolon signals comments which are
stripped from the value before it's stored. Escaped semicolons are then
unescaped and become part of the value. Both of these behaviors are normal
and expected. When the config is serialized either by 'dialplan save' or
AMI/UpdateConfig however, the now unescaped semicolons are written as-is.
If you actually reload the file just saved, the unescaped semicolons are
now treated as start of comments.
Since true comments are stripped on read, any semicolons in
ast_variable.value must have been escaped originally. This patch
re-escapes semicolons in ast_variable.values before they're written to
file either by 'dialplan save' or config/ast_config_text_file_save which
is called by AMI/UpdateConfig. I also fixed a few pre-existing formatting
issues nearby in pbx_config.c
George Joseph [Wed, 5 Nov 2014 00:11:45 +0000 (00:11 +0000)]
config: Make text_file_save and 'dialplan save' escape semicolons in values.
When a config file is read, an unescaped semicolon signals comments which are
stripped from the value before it's stored. Escaped semicolons are then
unescaped and become part of the value. Both of these behaviors are normal
and expected. When the config is serialized either by 'dialplan save' or
AMI/UpdateConfig however, the now unescaped semicolons are written as-is.
If you actually reload the file just saved, the unescaped semicolons are
now treated as start of comments.
Since true comments are stripped on read, any semicolons in
ast_variable.value must have been escaped originally. This patch
re-escapes semicolons in ast_variable.values before they're written to
file either by 'dialplan save' or config/ast_config_text_file_save which
is called by AMI/UpdateConfig. I also fixed a few pre-existing formatting
issues nearby in pbx_config.c
Corey Farrell [Tue, 4 Nov 2014 19:30:43 +0000 (19:30 +0000)]
res_http_websockets: Fix extra unref of module
In websocket_add_protocol_internal is used to add the "echo"
protocol, but ast_websocket_remove_protocol is used to remove
it. This causes an extra call to ast_module_unref.
Richard Mudgett [Mon, 3 Nov 2014 17:54:20 +0000 (17:54 +0000)]
res_pjsip: Add disable_tcp_switch option.
When a packet exceeds the MTU, pjproject will switch from UDP to TCP. In
some circumstances (on some networks), this can cause some issues with
messages not getting sent to the correct destination - and can also cause
connections to get dropped due to quirks in pjproject deciding to
terminate TCP connections with no messages.
While fixing the routing/messaging issues is important, having a
configuration option in Asterisk that tells pjproject to not switch over
to TCP would be useful. That way, if some glitch is discovered on some
other network/site, we can at least disable the behavior until a fix is
put into place.
Corey Farrell [Sun, 2 Nov 2014 08:05:00 +0000 (08:05 +0000)]
Fix ast_writestream leaks
Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.
11+: Fix leak of ast_writestream recording_fs in
app_voicemail:leave_voicemail.
Matthew Jordan [Sun, 2 Nov 2014 01:01:15 +0000 (01:01 +0000)]
res/res_stasis: Fix crash on module unload while performing operation
When the res_stasis module is unloaded, it will dispose of the apps_registry
container. This is a problem if an ARI operation is in flight that attempts
to use the registry, as the shutdown occurs in a separate thread. This patch
adds some sanity checks to the various routines that access the registry which
cause the operations to fail if the apps_registry does not exist.
A question arose as to whether a .pem file
could be provided in place of the .crt and
.key files in a PJSIP TLS configuration. I
tested this and discovered that although a
cert will be read from the pem file, a key
will not, and thus the priv_key_file entry
is still required. This update to the fine
documentation clarifies the option usage.
AST-1448 #close
Review: https://reviewboard.asterisk.org/r/4129/
Reported by: John Bigelow
This updates the status of the outbound registration
to reflect when it has been unregistered. Since the
registration is unregistered but is not stopped, the
registration schedule remains active as before. The
patch also updates the documentation of both the AMI
and CLI commands.
ASTERISK-24411 #close
Review: https://reviewboard.asterisk.org/r/4119/
Reported by: John Bigelow
patches:
unregister-patch1.txt uploaded by John Bigelow (License 5091)
Matthew Jordan [Fri, 31 Oct 2014 03:25:39 +0000 (03:25 +0000)]
channels/sip/reqresp_parser: Fix unit tests for r426594
When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.
........
Merged revisions 426858 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 426860 from http://svn.asterisk.org/svn/asterisk/branches/11
Corey Farrell [Thu, 30 Oct 2014 23:54:36 +0000 (23:54 +0000)]
app_queue: fix a couple leaks to struct call_queue in set_member_value
set_member_value has a couple leaks to references in the variable q
found through testsuite tests/queues/set_penalty. Also remove the
REF_DEBUG_ONLY_QUEUES compiler declaration, this is no longer possible
with the updated REF_DEBUG code.
Currently, it is possible for some subscriptions to get into a NULL state. When
this occurs and the PJSIPShowSubscriptionsInbound ami action is issued and a
device is subscribed for extension state then the associated subscription state
object can't be located. The code then attempts to dereference a NULL object.
Added a NULL check to avoid the problem.
Kevin Harwell [Thu, 30 Oct 2014 17:16:28 +0000 (17:16 +0000)]
res_pjsip: incorrect qualify statistics after disabling for contact
When removing the qualify_frequency from an AoR or a contact the statistics
shown when issuing "pjsip show aors" from the CLI are incorrect. This patch
deletes the contact's status object from sorcery, disassociating it from the
contact, if the qualify_freqency is removed from configuration.
ASTERISK-24462 #close
Reported by: Mark Michelson
Review: https://reviewboard.asterisk.org/r/4116/
Walter Doekes [Thu, 30 Oct 2014 09:18:52 +0000 (09:18 +0000)]
app_voicemail: Fix unchecked bounds of myArray in IMAP_STORAGE.
In update_messages_by_imapuser(), messages were appended to a finite
array which resulted in a crash when an IMAP mailbox contained more
than 256 entries. This memory is now dynamically increased as needed.
Observe that this patch adds a bunch of XXX's to questionable code. See
the review (url below) for more information.
ASTERISK-24190 #close
Reported by: Nick Adams
Tested by: Nick Adams
Matthew Jordan [Thu, 30 Oct 2014 01:58:33 +0000 (01:58 +0000)]
channels/chan_sip: Add improved support for 4xx error codes
This patch adds support for 414, 493, 479, and a stray 400 response in REGISTER
response handling. This helps interoperability in a number of scenarios.
Review: https://reviewboard.asterisk.org/r/3437
patches:
rb3437.patch uploaded by oej (License 5267)
........
Merged revisions 426599 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 426600 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Thu, 30 Oct 2014 01:46:55 +0000 (01:46 +0000)]
channels/chan_sip: Support mutltiple Supported and Required headers
A SIP request may contain multiple Supported: and Required: headers. Currently,
chan_sip only parses the first Supported/Required header it finds. This patch
adds support for multiple Supported/Required headers for INVITE requests.
Review: https://reviewboard.asterisk.org/r/2478
ASTERISK-21721 #close
Reported by: Olle Johansson
patches:
rb2478.patch uploaded by oej (License 5267)
........
Merged revisions 426594 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 426595 from http://svn.asterisk.org/svn/asterisk/branches/11
Richard Mudgett [Tue, 28 Oct 2014 21:16:21 +0000 (21:16 +0000)]
bridge_builtin_features: Add missing channel locks around ast_get_chan_features_general_config().
The feature_automonitor() and feature_automixmonitor() functions were not
locking the channel around ast_get_chan_features_general_config().
Accessing the channel datastore list without the channel locked is a good
way to corrupt the list or follow the pointer chain into oblivion.
Corey Farrell [Tue, 28 Oct 2014 20:55:04 +0000 (20:55 +0000)]
res_fax: Resolve T38 gateway frame leak.
When frames are translated by a fax gateway they need to be freed. The
existing call to ast_frfree was unreachable. This change reorganizes
fax_gateway_framehook to ensure that ast_frfree is called when needed.
Matthew Jordan [Tue, 28 Oct 2014 16:40:33 +0000 (16:40 +0000)]
main/bridge: Destroy features struct on off nominal path during bridge impart
When a channel is imparted to a bridge, the invocation of the function may
provide an ast_bridge_features struct. Upon passing this to ast_bridge_impart,
the caller must assume that ownership has passed to the function, as in all
paths the function destroys the struct prior to returning (as its purpose is
to configure the behavior of the channel while in the bridge). On one off
nominal path - where the channel already has a PBX thread - the struct was not
being destroyed.
This patch fixes that glitch.
ASTERISK-24437 #close
Reported by: Scott Griepentrog
Matthew Jordan [Mon, 27 Oct 2014 02:45:57 +0000 (02:45 +0000)]
res/res_http_websocket: Fix minor nits found by wdoekes on r409681
When Moises committed the fixes for WSS (which was a great patch), wdoekes had
a few style nits that were on the review that got missed. This patch resolves
what I *think* were all of the ones that were still on the review.
Thanks to both moy for the patch, and wdoekes for the reviews.
Matthew Jordan [Mon, 27 Oct 2014 02:27:03 +0000 (02:27 +0000)]
res/res_phoneprov: Fix crash on shutdown caused by container cleanup
In res_phoneprov, unloading the module first destroys the http_routes
container, followed by the users. However, users may have a route in
the http_routes container; the validity of this container is not checked
in the users destructor. Hence, we hit an assert as the container has already
been set to NULL.
This patch does two things:
(1) It adds a sanity check in the user destructor (because why not)
(2) It switches the order of destruction, so that users are disposed of prior
to the HTTP routes they may hold a reference to.
Note that this crash was caught by the Test Suite (go go testing!)
Matthew Jordan [Mon, 27 Oct 2014 01:46:47 +0000 (01:46 +0000)]
res/res_srtp: Fix include issue for libsrtp 1.5.0
In libsrtp 1.5.0, crypto_get_random is no longer resolved simply by including
srtp.h. Now, one must include crypto_kernel.h as well. As it turns out, this
header file has been provided by the library since 2006, so this is a
relatively benign change.
ASTERISK-24436 #close
Reported by: Patrick Laimbock
........
Merged revisions 426140 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 426141 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Mon, 20 Oct 2014 14:10:49 +0000 (14:10 +0000)]
AST-2014-011: Fix POODLE security issues
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
George Joseph [Sun, 19 Oct 2014 17:03:49 +0000 (17:03 +0000)]
build: Force -fsigned-char on platforms where the default for char is unsigned
gcc on the ARM platform defaults 'char' to 'unsigned char' whereas Intel and
SPARC default to 'signed char'. This is only an issue in the rare cases where
negative values are assigned to a 'char' but this this patch insures
compatibility by detecting platforms that default to 'unsigned' and adding an
'-fsigned-char' flag to _ASTCFLAGS.
If compiling for ARM (native or cross-compile) be sure to run ./bootstrap.sh
and ./configure to regenerate the build files. You shouldn't have to do this
for Intel or SPARC.
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/4091/
Matthew Jordan [Sun, 19 Oct 2014 03:58:16 +0000 (03:58 +0000)]
res/res_pjsip_sdp_rtp: Undo 425921
This patch for r425921 introduced a different bug, wherein sending an INVITE
request with no SDP would cause Asterisk to not send an SDP Offer in the 200
OK. The current structure of res_pjsip_sdp_rtp is a bit hard to deal with
to fix this, particularly in 12:
(1) The format capabilities structures and how they are used are a bit harder
to manipulate than they are in 13
(2) create_outgoing_sdp has no knowledge of whether or not it is creating an
SDP as a new Offer or an Answer. This is something of an oversight in the
callback definition, as the caller of it does have this information.
Matthew Jordan [Sun, 19 Oct 2014 00:49:10 +0000 (00:49 +0000)]
res/res_pjsip_sdp_rtp: Check joint caps when looking to decline outgoing media
When constructing an outgoing media stream for an SDP offer/answer, the current
code checks the override preferences (set by the PJSIP_MEDIA_OFFER function) as
well as what is configured on the endpoint to determine if a codec is available
for the media stream. Unfortunately, this isn't good enough: we must also look
at the negotiated (joint) format capabilities. Otherwise, we'll construct a
media stream offer/answer with no codecs.
Note that this isn't an issue in 13, which already looks at the joint
capabilities thanks to the media re-work done there.
Matthew Jordan [Fri, 17 Oct 2014 13:32:05 +0000 (13:32 +0000)]
res_pjsip_session/res_pjsip_sdp_rtp: Be more tolerant of offers
When an inbound SDP offer is received, Asterisk currently makes a few
incorrection assumptions:
(1) If the offer contains more than a single audio/video stream, Asterisk will
reject the entire stream with a 488. This is an overly strict response;
generally, Asterisk should accept the media streams that it can accept and
decline the others.
(2) If the offer contains a declined media stream, Asterisk will attempt to
process it anyway. This can result in attempting to match format
capabilities on a declined media stream, leading to a 488. Asterisk should
simply ignore declined media streams.
(3) Asterisk will currently attempt to handle offers with AVPF with
use_avpf=No/AVP with use_avpf=Yes. This mismatch results in invalid SDP
answers being sent in response. If there is a mismatch between the media
type being offered and the configuration, Asterisk must reject the offer
with a 488.
This patch does the following:
* Asterisk will accept SDP offers with at least one media stream that it can
use. Some WARNING messages have been dropped to NOTICEs as a result.
* Asterisk will not accept an offer with a media type that doesn't match its
configuration.
* Asterisk will ignore declined media streams properly.
#SIPit31
Review: https://reviewboard.asterisk.org/r/4063/
ASTERISK-24122 #close
Reported by: James Van Vleet
Matthew Jordan [Fri, 17 Oct 2014 13:10:08 +0000 (13:10 +0000)]
channels/chan_sip: Respect outboundproxy setting when sending qualify requests
The outboundproxy setting is currently ignored when sending OPTIONS requests
as a result of the qualify setting. This means that if an Asterisk server is
unable to send the packet directly to a peer, it is unable to qualify any
non-inbound registered peer (e.g. a peer SIP Trunk).
This patch grabs the outboundproxy information for a peer when a qualify
attempt is being constructed and, if it finds the information, uses it
when sending the OPTIONS request.
Richard Mudgett [Fri, 17 Oct 2014 02:32:37 +0000 (02:32 +0000)]
AMI: Add missing VarSet events when a channel inherits variables.
There should be AMI VarSet events when channel variables are inherited by
an outgoing channel. Also local;2 should generate VarSet events when it
gets all of its channel variables from channel local;1.
ASTERISK-24415 #close
Reported by: Richard Mudgett
Patches:
jira_asterisk_24415_v12.patch (license #5621) patch uploaded by Richard Mudgett
Matthew Jordan [Fri, 17 Oct 2014 01:55:31 +0000 (01:55 +0000)]
bridge_native_rtp: Fix audio issues when moving from remote bridge to softmix
When a native RTP bridge that is remotely bridging its participants switches
to a softmix bridge, it may not properly re-INVITE the media for one or both
participants back to Asterisk. This is due to the current bridge_native_rtp
code only re-INVITEs if it believes the channel will survive the bridge
operation. Currently, that code is failing, as it expects the channels to
have a soft hangup flag set on it indicating that a redirect has occurred
or that the channel is going to leave the bridge. (The code did not take into
account a smart bridge operation).
This patch also renames a few things to be more reflective of the underlying
types.
Matthew Jordan [Fri, 17 Oct 2014 01:45:06 +0000 (01:45 +0000)]
test_cel: Update pickup test to expect CANCEL instead of ANSWSER
The CEL pickup test previously looked for a disposition of ANSWER between the
original caller/peer when the call is picked up. This is actually incorrect:
the disposition should, at the very least, not be ANSWER as the call was
never ANSWERed. The disposition is now CANCEL; this patch updates the test
accordingly.
Matthew Jordan [Thu, 16 Oct 2014 21:13:08 +0000 (21:13 +0000)]
main/cdr: Use 'time' when rescheduling batched CDRs as opposed to 'size'
When refactoring CDRs to use the configuration framework, a 'whoops' was
introduced where the CDR batch size was used when rescheduling a batch,
as opposed to the time duration. This patch corrects that obvious mistake.
Kinsey Moore [Thu, 16 Oct 2014 14:24:55 +0000 (14:24 +0000)]
PJSIP: Enforce module load dependencies
This enforces that res_pjsip, res_pjsip_session, and res_pjsip_pubsub
have loaded properly before attempting to load any modules that depend
on them since the module loader system is not currently capable of
resolving module dependencies on its own.
ASTERISK-24312 #close
Reported by: Dafi Ni
Review: https://reviewboard.asterisk.org/r/4062/
Fix loss of voice after second call drops (on a second line) in case using multiple lines on unistim phones. There is regression was introduced in r391379.
George Joseph [Tue, 14 Oct 2014 20:45:53 +0000 (20:45 +0000)]
config: Fix SEGV in unit test with MALLOC_DEBUG
With MALLOC_DEBUG the /main/config config_basic_ops test was causing a
SEGV while doing an ast_category_delete in an ast_category_browse loop.
Apparently this never worked but was also never tested. I removed the
test, added 2 notes to config.h indicating that it's not supported and
added a few lines of code to ast_category_delete to prevent the SEGV
should someone attempt it in the future.
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/4078/
Jonathan Rose [Tue, 14 Oct 2014 18:49:25 +0000 (18:49 +0000)]
Scheduler: Fix a nasty scheduler caching bug which makes new tasks not execute
Tasks that were marked for pending deletion in the scheduler would be moved to
the cache for later reuse, but after being recycled the deleted mark wouldn't
be removed resulting in fresh tasks being deleted without reason... and
immediately moved back into the cache where they could be reused again. This
could cause horrendous things to happen in just about anything that used a
scheduler.
ASTERISK-24321 #close
Reported by: Steve Pitts
Review: https://reviewboard.asterisk.org/r/4071/
Corey Farrell [Tue, 14 Oct 2014 16:45:14 +0000 (16:45 +0000)]
res_fax: Fix reference leak caused by gateway sessions
Fax gateway session objects can be re-used, causing the
same gateway session to be added to faxregistry.container
more than once. This change causes fax_session_new to
remove the reserved session from the container before
it's id is changed, ensuring it's possible for the
session to be freed.
Richard Mudgett [Tue, 14 Oct 2014 16:24:32 +0000 (16:24 +0000)]
stasis_channels.c: Resolve unfinished Dials when doing masquerades (Part 2)
Masquerades into and out of channels that are involved in a dial operation
don't create the expected dial end event. The missing dial end event goes
against the model for things like CDRs and generating Dial end manager
actions and such.
There are four cases:
1) A channel masquerades into the caller channel. The case happens when
performing a blonde transfer using the channel driver's protocol.
2) A channel masquerades into a callee channel. The case happens when
performing a directed call pickup.
3) The caller channel masquerades out of dial. The case happens when
using the Bridge application on the caller channel.
4) A callee channel masquerades out of dial. The case happens when using
the Bridge application on a peer channel.
As it turned out, all four cases need to be handled instead of just the
first one.
ASTERISK-24237
Reported by: Richard Mudgett
ASTERISK-24394 #close
Reported by: Richard Mudgett
Corey Farrell [Tue, 14 Oct 2014 16:18:46 +0000 (16:18 +0000)]
res_fax: Resolve module reference leak caused by reserved sessions
Remove reference to module providing reserved session after
adding a reference to the final module. This re-reference
is done to ensure that module references are correct even
if the final session selects a different module than the
reserved session.
George Joseph [Mon, 13 Oct 2014 16:07:56 +0000 (16:07 +0000)]
manager/config: Support templates and non-unique category names via AMI
This patch provides the capability to manipulate templates and categories
with non-unique names via AMI.
Summary of changes:
GetConfig and GetConfigJSON: Added "Filter" parameter: A comma separated list
of name_regex=value_regex expressions which will cause only categories whose
variables match all expressions to be considered. The special variable name
TEMPLATES can be used to control whether templates are included. Passing
'include' as the value will include templates along with normal categories.
Passing 'restrict' as the value will restrict the operation to ONLY templates.
Not specifying a TEMPLATES expression results in the current default behavior
which is to not include templates.
UpdateConfig: NewCat now includes options for allowing duplicate category
names, indicating if the category should be created as a template, and
specifying templates the category should inherit from. The rest of the
actions now accept a filter string as defined above. If there are non-unique
category names, you can now update specific ones based on variable values.
To facilitate the new capabilities in manager, corresponding changes had to be
made to config, most notably the addition of filter criteria to many of the
APIs. In some cases it was easy to change the references to use the new
prototype but others would have required touching too many files for this
patch so a wrapper with the original prototype was created. Macros couldn't
be used in this case because it would break binary compatibility with modules
such as res_digium_phone that are linked to real symbols.
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/4033/
Walter Doekes [Sun, 12 Oct 2014 08:14:04 +0000 (08:14 +0000)]
chan_sip: Fix so asterisk won't send reINVITE after a BYE.
After a reINVITE glare situation, Asterisk would re-send the reINVITE
even though the call had been hung up in the mean time. This patch
unschedules the reinvite when handling the BYE.
ASTERISK-22791 #close
Reported by: Paolo Compagnini
Tested by: Paolo Compagnini
Review: https://reviewboard.asterisk.org/r/4056/
(testcase is in review r4055)
........
Merged revisions 425296 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 425297 from http://svn.asterisk.org/svn/asterisk/branches/11
Walter Doekes [Sun, 12 Oct 2014 07:52:58 +0000 (07:52 +0000)]
build: Relax badshell tilde test to allow for ~ in middle of DESTDIR.
The main Makefile has a target test called 'badshell' that tests if
DESTDIR does not happen to have an an-expanded tilde (~). This might
be the case if you run: make install DESTDIR=~/somewhere/
That test also disallowed valid tildes in directory names. The test is
now changed to only trigger on a tilde at the start of the path.
George Joseph [Sat, 11 Oct 2014 21:07:36 +0000 (21:07 +0000)]
res_phoneprov: Cleanup module load error handling
Tested module load/reload interaction between res_phoneprov and
res_pjsip_phoneprov_provider in cases where res_phoneprov didn't
load correctly (usually misconfiguration or missing phoneprov.conf)
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/4069/
Joshua Colp [Fri, 10 Oct 2014 20:47:21 +0000 (20:47 +0000)]
bridge: During a smart bridge operation provide a more complete bridge to the old technology.
When a smart bridge operation occurs and a bridge transitions from one
technology to another the old technology is provided the channels formerly
in it and told that they are leaving. Unfortunately the bridge provided
along with them is incomplete. The bridge, despite there being channels in it,
contains none. This forces technology implementations to have additional
logic when channels are leaving or to store their own duplicated
state.
This change makes the bridge more complete so it contains the expected
channels. Now that the bridge is complete special logic within
bridge_native_rtp is no longer needed and has been removed.
Matthew Jordan [Fri, 10 Oct 2014 14:30:43 +0000 (14:30 +0000)]
res/res_phoneprov: Bail on registration if res_phoneprov didn't load
If res_phoneprov failed to fully load (due to not being configured), the
providers container will be NULL. If a module attempts to register a phone
provisioning provider, it should check for the presence of the container.
If there is no providers container, it should return an error.
This patch makes the ast_phoneprov_provider_register function do that...
otherwise this would be a silly commit message.
Kinsey Moore [Fri, 10 Oct 2014 12:58:52 +0000 (12:58 +0000)]
CallerID: Fix parsing regression
This fixes a regression in callerid parsing introduced when another bug
was fixed. This bug occurred when the name was composed entirely of
DTMF keys and quoted without a number section (<>).
ASTERISK-24406 #close
Reported by: Etienne Lessard
Tested by: Etienne Lessard
Patches:
callerid_fix.diff uploaded by Kinsey Moore
Review: https://reviewboard.asterisk.org/r/4067/
........
Merged revisions 425152 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 425153 from http://svn.asterisk.org/svn/asterisk/branches/11
Joshua Colp [Fri, 10 Oct 2014 12:09:39 +0000 (12:09 +0000)]
res_pjsip_nat: Place source port into rport of responses if 'force_rport' is on.
When the 'force_rport' option is enabled the behavior should be the same
as if the remote side placed rport into the message themselves. Therefore
any responses we send should include the source port of the request in the
rport of the Via header.
Walter Doekes [Fri, 10 Oct 2014 07:27:46 +0000 (07:27 +0000)]
chan_sip: Fix dialog leak resulting from missing ACK to re-INVITE.
If a device re-INVITEs at the same time as the dialog is hung up, and
if then the ACK to the re-INVITE never reaches Asterisk, chan_sip would
fail to destroy the dialog after a while. This resulted in (most
prominently) file handle leaks.
Kevin Harwell [Thu, 9 Oct 2014 21:28:15 +0000 (21:28 +0000)]
res_rtp_asterisk: Crash if no candidates received for component
When starting ice if there is not at least one remote ice candidate with an RTP
component asterisk will crash. This is due to an assertion in pjnath as it
expects at least one candidate with an RTP component. Added a check to make
sure at least one candidate contains an RTP component and at least one candidate
has an RTCP component.
George Joseph [Thu, 9 Oct 2014 17:41:12 +0000 (17:41 +0000)]
res_phoneprov: Refactor phoneprov to allow pluggable config providers
This patch makes res_phoneprov more modular so other modules (like pjsip)
can provide configuration information instead of res_phoneprov relying solely
on users.conf and sip.conf. To accomplish this a new ast_phoneprov public API
is now exposed which allows config providers to register themselves, set
defaults (server profile, etc) and add user extensions.
* ast_phoneprov_provider_register registers the provider and provides callbacks
for loading default settings and loading users.
* ast_phoneprov_provider_unregister clears the defaults and users.
* ast_phoneprov_add_extension should be called once for each user/extension
by the provider's load_users callback to add them.
* ast_phoneprov_delete_extension deletes one extension.
* ast_phoneprov_delete_extensions deletes all extensions for the provider.
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/3970/
projects / thirdparty / asterisk.git / log
