George Joseph [Fri, 10 Nov 2017 16:37:16 +0000 (09:37 -0700)]
bundled_pjproject: sip_parser: Fix return code in pjsip_find_msg
The default return code for pjsip_find_msg was PJ_SUCCESS so if
a Content-Length header wasn't found at all, pjsip_find_msg was
returning PJ_SUCCESS instead of PJSIP_EMISSINGHDR.
Also added the volatile keyword to a few variables that are used
both inside and outside the PJ_TRY/PJ_CATCH block.
Joshua Colp [Fri, 10 Nov 2017 13:06:38 +0000 (13:06 +0000)]
pjsip: Add patch to allow all transports to be destroyed.
If a transport is created with the same transport type, source
IP address, and source port as one that already exists the old
transport is moved into a linked list called "tp_list".
If this old transport is later shutdown it will not be destroyed
as the process checks whether the transport is valid or not. This
check does not look at the "tp_list" when making the determination
causing the transport to not be destroyed.
This change updates the logic to query not just the main storage
method for transports but also the "tp_list".
Kevin Harwell [Thu, 19 Oct 2017 18:35:16 +0000 (13:35 -0500)]
AST-2017-011 - res_pjsip_session: session leak when a call is rejected
A previous commit made it so when an invite session transitioned into a
disconnected state destruction of the Asterisk pjsip session object was
postponed until either a transport error occurred or the event timer
expired. However, if a call was rejected (for instance a 488) before the
session was fully established the event timer may not have been initiated,
or it was canceled without triggering either of the session finalizing states
mentioned above.
Really the only time destruction of the session should be delayed is when a
BYE is being transacted. This is because it's possible in some cases for the
session to be disconnected, but the BYE is still transacting.
This patch makes it so the session object always gets released (no more
memory leak) when the pjsip session is in a disconnected state. Except when
the method is a BYE. Then it waits until a transport error occurs or an event
timeout.
cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long. The long string could be supplied by
external means using the CDR(userfield) function.
This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.
George Joseph [Thu, 19 Oct 2017 18:53:32 +0000 (12:53 -0600)]
AST-2017-009: pjproject: Add validation of numeric header values
Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
Richard Mudgett [Mon, 6 Nov 2017 22:37:49 +0000 (16:37 -0600)]
res_pjsip_registrar.c: Fix named AOR and pjproject group deadlock.
One of the patches for ASTERISK_27147 introduced a deadlock regression.
When the connection oriented transport shut down, the code attempted to
remove the associated contact. However, that same transport had just
requested a registration that we hadn't responded to yet. Depending
upon timing we could deadlock.
* Made send the REGISTER response after we completed processing the
request contacts and released the named AOR lock to avoid the deadlock.
Ben Ford [Wed, 1 Nov 2017 16:12:45 +0000 (11:12 -0500)]
res_pjsip: Add to list of valid characters for from_user.
Fixes a regression where some characters were unable to be used in
the from_user field of an endpoint. Additionally, the backtick was
removed from the list of valid characters, since it is not valid,
and it was replaced with a single quote, which is a valid character.
Kevin Harwell [Mon, 30 Oct 2017 20:24:53 +0000 (15:24 -0500)]
Initialize 13.18-cert branch
A new branch was created for what will be Asterisk certified 13.18. A couple
of things needed to be done to the branch in order to complete initialization:
Modified the version file to reflect the certified version.
Updated all extended modules to be disabled by default.
Joshua Colp [Sun, 22 Oct 2017 22:32:20 +0000 (19:32 -0300)]
res_xmpp: Ensure the connection filter is available.
Users of the API that res_xmpp provides expect that a
filter be available on the client at all times. When
OAuth authentication support was added this requirement
was not maintained.
This change merely moves the OAuth authentication to
after the filter is created, ensuring users of res_xmpp
can add things to the filter as needed.
Ben Ford [Mon, 23 Oct 2017 18:42:27 +0000 (13:42 -0500)]
http.c: Fix http header send content.
Currently ast_http_send barricades a portion of the content that
needs to be sent in order to establish a connection for things
like the ARI client. The conditional and contents have been changed
to ensure that everything that needs to be sent, will be sent.
Daniel Tryba [Fri, 6 Oct 2017 09:55:38 +0000 (11:55 +0200)]
res_pjsip_session: Prevent user=phone being added to anonimized URIs.
Move ast_sip_add_usereqphone to be called after anonymization of URIs,
to prevent the user_eq_phone adding "user=phone" to URIs containing a
username that is not a phonenumber (RFC3261 19.1.1). An extra call to
ast_sip_add_usereqphone on the saved version before anonymization is
added to add user=phone" to the PAI.
Daniel Tryba [Fri, 6 Oct 2017 10:14:40 +0000 (12:14 +0200)]
res_pjsip: Prevent "user=phone" being added multiple times to header
ast_sip_add_usereqphone adds "user=phone" to the header every time is is
called without checking whether the param already exists. Preventing
this by searching to string representation of header for "user=phone".
George Joseph [Wed, 11 Oct 2017 12:03:41 +0000 (06:03 -0600)]
chan_vpb: Fix a gcc 7 out-of-bounds complaint
chan_vpb was trying to use sizeof(*p->play_dtmf), where
p->play_dtmf is defined as char[16], to get the length of the array
but since p->play_dtmf is an actual array, sizeof(*p->play_dtmf)
returns the size of the first array element, which is 1. gcc7
validly complains because the context in which it's used could
cause an out-of-bounds condition.
Sean Bright [Tue, 10 Oct 2017 17:01:05 +0000 (13:01 -0400)]
app_originate: Set ORIGINATE_STATUS correctly on failure
We were ignoring the return value from ast_pbx_outgoing_exten() and
ast_pbx_outgoing_app() which could fail before setting the reason code.
This resulted in failures being reported as success.
Richard Mudgett [Wed, 20 Sep 2017 23:36:15 +0000 (18:36 -0500)]
res_pjsip_registrar.c: Update remove_existing AOR contact handling.
When "rewrite_contact" is enabled, the "max_contacts" count option can
block re-registrations because the source port from the endpoint can be
random. When the re-registration is blocked, the endpoint may give up
re-registering and require manual intervention.
* The "remove_existing" option now allows a registration to succeed by
displacing any existing contacts that now exceed the "max_contacts" count.
Any removed contacts are the next to expire. The behaviour change is
beneficial when "rewrite_contact" is enabled and "max_contacts" is greater
than one. The removed contact is likely the old contact created by
"rewrite_contact" that the device is refreshing.
Corey Farrell [Wed, 4 Oct 2017 15:46:44 +0000 (11:46 -0400)]
res_pjsip: Fix issues that prevented shutdown of modules.
res_pjsip and res_pjsip_session had circular references, preventing both
modules from shutting down.
* Move session supplement registration to res_pjsip.
* Use create internal functions for use by pjsip_message_filter.c.
Alexander Traud [Sun, 8 Oct 2017 14:11:10 +0000 (16:11 +0200)]
tcptls: Do not re-bind to wildcard on client creation.
Since ASTERISK-26922, this issue affected only those chan_sip which were
* enabled for dual-stack (bindaddr=::), and
* enabled for TCP (tcpenable=yes) and/or TLS (tlsenable=yes), and
* tried to register and/or invite a IPv4-only service,
* via TCP and/or TLS.
Now, ast_tcptls_client_create does not re-bind to [::] anymore.
res_calendar_icalendar: Filter out occurrences superceded by another VEVENT
When we are loading the calendars, we call libical's
icalcomponent_foreach_recurrence method for each VEVENT component that
we have in our calendar.
That method has no knowledge concerning the existence of the other
VEVENT components and will feed our callback with all ocurrences
matching the requested time span.
The occurrences generated by icalcomponent_foreach_recurrence while
expanding a recurring VEVENT's RRULE and RDATE properties can be
superceded by an other VEVENT sharing the same UID.
I use an external iterator (in libical terminology) to avoid messing
with the internal ones from the calling function, and search for
VEVENTS which could supersede the current occurrence.
The event which can invalidate this occurence needs to have:
- the same UID as our recurrent component (comp)
- a RECURRENCE-ID property, which represents the start time of this
occurrence
Daniel Tryba [Mon, 2 Oct 2017 12:48:41 +0000 (14:48 +0200)]
res_pjsip_caller_id chan_sip: Comply to RFC 3323 values for privacy
Currently privacy requests are only granted if the Privacy header
value is exactly "id" (defined in RFC 3325). It ignores any other
possible value (or a combination there of). This patch reverses the
logic from testing for "id" to grant privacy, to testing for "none" and
granting privacy for any other value. "none" must not be used in
combination with any other value (RFC 3323 section 4.2).
Richard Mudgett [Thu, 28 Sep 2017 22:37:15 +0000 (17:37 -0500)]
app_queue.c: Fix announcements when announce-to-first-user not enabled.
The previous patch for ASTERISK-27216 made it so you wouldn't get any
position or periodic announcements unless you had announce-to-first-user
enabled. The announce-to-first-user feature was added by ASTERISK_21782
as a result of the patch which introduced the redundant announcements that
ASTERISK-27216 removes.
* By noting that the makeannouncement variable is used to suppresses the
first user announcement, we set its initial value to the
announce-to-first-user enable setting.
George Joseph [Wed, 27 Sep 2017 18:45:21 +0000 (12:45 -0600)]
logger: Bring back ability to turn debug on by source file
Somewhere along the way we lost the ability to debug individual
source files. For modules, this wasn't a big deal but all the
source files in ./main are in the one "core" module so debugging
individual core capabilities was almost impossible.
* Added a test to DEBUG_ATLEAST that also checks __FILE__ instead
of just module name. Any source file will work even if it's in
a module subdirectory.
George Joseph [Tue, 26 Sep 2017 16:01:48 +0000 (10:01 -0600)]
pjsip_message_filter: Fix regression causing bad contact address
The "res_pjsip: Filter out non SIP(S) requests" commit moved the
filtering of messages to pjproject's PJSIP_MOD_PRIORITY_TRANSPORT_LAYER
in order to filter out incoming bad uri schemes as early as possible.
Since the change affected outgoing messages as well and the TRANSPORT
layer is the last to be run on outgoing messages, we were overwriting
the setting of external_signaling_address (which is set earlier by
res_pjsip_nat) with an internal address.
* pjsip_message_filter now registers itself as a pjproject module
twice. Once in the TSX layer for the outgoing messages (as it was
originally), then a second time in the TRANSPORT layer for the
incoming messages to catch the invalid uri schemes.
The bridge_p2p_rtp_write() has potential reentrancy problems.
* Accessing the bridged RTP members must be done with the instance1 lock
held. The DTMF and asymmetric codec checks must be split to be done with
the correct RTP instance struct locked. i.e., They must be done when
working on the appropriate side of the point to point bridge.
* Forcing the RTP mark bit was referencing the wrong side of the point to
point bridge. The set mark bit is used everywhere else to set the mark
bit when sending not receiving.
The patches for ASTERISK_26745 and ASTERISK_27158 did not take into
account that not everything carried by RTP uses a codec. The telephony
DTMF events are not exchanged with a codec. As a result when
RFC2833/RFC4733 sent digits you would crash if "core set debug 1" is
enabled, the DTMF digits would always get passed to the core even though
the local native RTP bridge is active, and the DTMF digits would go out
using the wrong SSRC id.
* Add protection for non-format payload types like DTMF when updating the
lastrxformat and lasttxformat. Also protect against non-format payload
types when checking for asymmetric codecs.
res_config_pgsql: Fix removed support to previous for versions PostgreSQL 9.1
In PostgreSQL 9.1 the backslash are string literals and not the escape
of characters.
In previous issue ASTERISK_26057 was fixed the use of escape LIKE but the
support for old version of Postgresql than 9.1 was dropped. The sentence
before make was "ESCAPE '\'" but in version before than 9.1 need it to be
as follow "ESCAPE '\\'".
app_queue: Only do announcement logic between ringing cycles
This patch reverts the change by patch 2263 from old reviewboard.
Note that reverting that 2263-patch still preserves the behaviour that
the commit log of the 2263-patch claimed to add. The reason for this is:
The function wait_for_answer is only called from try_calling which
in turn is only called from the main for loop in queue_exec, and
earlier in that loop we already check the things that's removed by
this patch. There's no need to check those things twice each loop
iteration, and I think the proper place to check it is before each
ringing cycle. By checking it in wait_for_answer, you allow the issue
explained in the jira - that the head caller hears announcements while
the agents' sip phones are actively ringing.
Reported-by: Stefan Engström Tested-by: Stefan Engström
ASTERISK-27216 #close
Jean Aunis [Thu, 7 Sep 2017 09:41:09 +0000 (11:41 +0200)]
bridge : Fix one-way direct-media when early bridging with native_rtp
When two channels were early bridged in a native_rtp bridge, the RTP description
on one side was not updated when the other side answered.
This patch forbids non-answered channels to enter a native_rtp bridge, and
triggers a bridge reconfiguration when an ANSWER frame is received.
projects / thirdparty / asterisk.git / log
