Corey Farrell [Sat, 21 Feb 2015 02:55:26 +0000 (02:55 +0000)]
Allow shutdown to unload modules that register bucket scheme's or codec's.
* Change __ast_module_shutdown_ref to be NULL safe (11+).
* Allow modules that call ast_bucket_scheme_register or ast_codec_register
to be unloaded during graceful shutdown only (13+ only).
Matthew Jordan [Fri, 20 Feb 2015 15:45:35 +0000 (15:45 +0000)]
apps/app_voicemail: Fix IMAP header compatibility issue with Microsoft Exchange
When interfacing with Microsoft Exchange, custom headers will be returned as
all lower case. Currently, the IMAP header code will fail to parse the returned
custom headers, as it will be performing a case sensitive comparison. This can
cause playback of messages to fail, as needed information - such as origtime -
will not be present.
This patch updates app_voicemail's header parsing code to perform a case
insensitive lookup for the requested custom headers. Since the headers are
specific to Asterisk, e.g., 'x-asterisk-vm-orig-time', and headers should be
unique in an IMAP message, this should cause no issues with other systems.
ASTERISK-24787 #close
Reported by: Graham Barnett
patches:
app_voicemail.c.patch_MSExchange uploaded by Graham Barnett (License 6685)
Matthew Jordan [Thu, 19 Feb 2015 15:21:06 +0000 (15:21 +0000)]
tcptls: Handle new OpenSSL compile time option to disable SSLv3
Some distributions are going to disable SSLv3 at compile time. This option can
be checked using the directive OPENSSL_NO_SSL3_METHOD. This patch updates the
TCP/TLS handling in Asterisk to look for that directive before attempting to
use the SSLv3 specific methods.
ASTERISK-24799 #close
Reported by: Alexander Traud
patches:
no-ssl3-method.patch uploaded by Alexander Traud (License 6520)
Corey Farrell [Thu, 19 Feb 2015 01:59:05 +0000 (01:59 +0000)]
Create work around for scheduler leaks during shutdown.
* Added ast_sched_clean_by_callback for cleanup of scheduled events
that have not yet fired.
* Run all pending peercnt_remove_cb and replace_callno events in chan_iax2.
Cleanup of replace_callno events is only run 11, since it no longer
releases any references or allocations in 13+.
Matthew Jordan [Sun, 15 Feb 2015 00:31:55 +0000 (00:31 +0000)]
apps/app_mixmonitor: Move Test Event for MIXMONITOR_END to after it finishes
The Test Event for MIXMONITOR_END - which signals that a MixMonitor has
completed - technically fired before the filestream was closed. If a test
used this to trigger a condition to verify that the file was written, it
could result in a race condition where the file size would not be what the
test expected.
Luckily, no tests were using this (although they should have been). Since the
test event needed to be moved after the point where the MixMonitor autochan has
been destroyed, the test event no longer emits the channel name. Luckily,
nothing needs it.
Matthew Jordan [Wed, 11 Feb 2015 17:11:41 +0000 (17:11 +0000)]
channels/chan_sip: Fix RealTime error during SIP unregistration with MariaDB
When a SIP device that has its registration stored in RealTime unregisters,
the entry for that device is updated with blank values, i.e., "", indicating
that it is no longer registered. Unfortunately, one of those values that is
'blanked' is the device's port. If the column type for the port is not a
string datatype (the recommended type is integer), an ODBC or database error
will be thrown. MariaDB does not coerce empty strings to a valid integer value.
This patch updates the query run from chan_sip such that it replaces the port
value with a value of '0', as opposed to a blank value. This is the value that
other database backends coerce the empty string ("") to already, and the
handling of reading a RealTime registration value from a backend already
anticipates receiving a port of '0' from the backends.
ASTERISK-24772 #close
Reported by: Richard Miller
patches:
chan_sip.diff uploaded by Richard Miller (License 5685)
Kevin Harwell [Wed, 11 Feb 2015 16:46:12 +0000 (16:46 +0000)]
res_http_websocket: websocket write timeout fails to fully disconnect
When writing to a websocket if a timeout occurred the underlying socket did not
get closed/disconnected. This patch makes sure the websocket gets disconnected
on a write timeout.
ASTERISK-24701 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/4412/
Corey Farrell [Wed, 11 Feb 2015 15:38:39 +0000 (15:38 +0000)]
Enable REF_DEBUG for ast_module_ref / ast_module_unref.
Add ast_module_shutdown_ref for use by modules that can
only be unloaded during graceful shutdown.
When REF_DEBUG is enabled:
* Add an empty ao2 object to struct ast_module.
* Allocate ao2 object when the module is loaded.
* Perform an ao2_ref in each place where mod->usecount is manipulated.
* ao2_cleanup on module unload.
Matthew Jordan [Mon, 9 Feb 2015 02:44:24 +0000 (02:44 +0000)]
channels/chan_sip: Ensure that a BYE is sent during INVITE w/Replaces transfer
Consider a scenario where Alice and Bob have an established dialog with each
other external to Asterisk. Bob decides to perform an attended transfer of
Alice to Asterisk. In this case, Alice will send an INVITE with Replaces
to Asterisk, where the Replaces specifies Bob's dialog with Asterisk. In this
particular scenario, Asterisk will complete the transfer, but - since Bob's
channel has had Alice masqueraded into it and is now a Zombie - a BYE
request will not be sent.
This patch fixes that issue by adding a new flag to chan_sip that tracks
whether or not we have an INVITE with Replaces. If we do, the flag is used
on the sip_pvt to ensure that a BYE request is sent, even if the channel has
been masqueraded away.
Review: https://reviewboard.asterisk.org/r/4362/
ASTERISK-22436 #close
Reported by: Eelco Brolman
Tested by: Jeremiah Gowdy, Kristian Høgh
patches:
asterisk-11-hangup-replaced-3.diff uploaded by Jeremiah Gowdy (License 6358)
Matthew Jordan [Mon, 9 Feb 2015 02:34:17 +0000 (02:34 +0000)]
res/res_odbc: Remove unneeded queries when determining if a table exists
This patch modifies the ast_odbc_find_table function such that it only performs
a lookup of the requested table if the table is not already known. Prior to
this patch, a queries would be executed against the database even if the table
was already known and cached.
Mark Michelson [Thu, 29 Jan 2015 20:40:04 +0000 (20:40 +0000)]
Use SIPS URIs in Contact headers when appropriate.
RFC 3261 sections 8.1.1.8 and 12.1.1 dictate specific
scenarios when we are required to use SIPS URIs in Contact
headers. Asterisk's non-compliance with this could actually
cause calls to get dropped when communicating with clients
that are strict about checking the Contact header.
Both of the SIP stacks in Asterisk suffered from this issue.
This changeset corrects the behavior in chan_sip.
ASTERISK-24646 #close
Reported by Stephan Eisvogel
Joshua Colp [Thu, 29 Jan 2015 12:08:39 +0000 (12:08 +0000)]
res_rtp_asterisk: Fix DTLS when used with OpenSSL 1.0.1k
A recent security fix for OpenSSL broke DTLS negotiation for many
applications. This was caused by read ahead not being enabled when it
should be. While a commit has gone into OpenSSL to force read ahead
on for DTLS it may take some time for a release to be made and the
change to be present in distributions (if at all). As enabling read
ahead is a simple one line change this commit does that and fixes
the issue.
Mark Michelson [Wed, 28 Jan 2015 17:05:26 +0000 (17:05 +0000)]
Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.
Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.
Kevin Harwell [Tue, 27 Jan 2015 22:53:57 +0000 (22:53 +0000)]
tcptls: Bad file descriptor error when reloading chan_sip
While running through some scenarios using chan_sip and tcp a problem would
occur that resulted in a flood of bad file descriptor messages on the cli:
tcptls.c:712 ast_tcptls_server_root: Accept failed: Bad file descriptor
The message is received because the underlying socket has been closed, so is
valid. This is probably happening because unloading of chan_sip is not atomic.
That however is outside the scope of this patch. This patch simply stops the
logging of multiple occurrences of that message.
ASTERISK-24728 #close
Reported by: Thomas Thompson
Review: https://reviewboard.asterisk.org/r/4380/
Kevin Harwell [Tue, 27 Jan 2015 19:19:25 +0000 (19:19 +0000)]
chan_sip: stale nonce causes failure
When refreshing (with a small expiration) a registration that was sent to
chan_sip the nonce would be considered stale and reject the registration.
What was happening was that the initial registration's "dialog" still existed
in the dialogs container and upon refresh the dialog match algorithm would
choose that as the "dialog" instead of the newly created one. This occurred
because the algorithm did not check to see if the from tag matched if
authentication info was available after the 401. So, it ended up assuming
the original "dialog" was a match and stopped the search. The old "dialog"
of course had an old nonce, thus the stale nonce message.
This fix attempts to leave the original functionality alone except in the case
of a REGISTER. If a REGISTER is received if searches for an existing "dialog"
matching only on the callid. If the expires value is low enough it will reuse
dialog that is there, otherwise it will create a new one.
ASTERISK-24715 #close
Reported by: John Bigelow
Review: https://reviewboard.asterisk.org/r/4367/
Richard Mudgett [Tue, 27 Jan 2015 17:11:59 +0000 (17:11 +0000)]
app_confbridge: Repeatedly starting and stopping recording ref leaks the recording channel.
Starting and stopping conference recording more than once causes the
recording channels to be leaked. For v13 the channels also show up in the
CLI "core show channels" output.
* Reworked and simplified the recording channel code to use
ast_bridge_impart() instead of managing the recording thread in the
ConfBridge code. The recording channel's ref handling easily falls into
place and other off nominal code paths get handled better as a result.
Matthew Jordan [Thu, 22 Jan 2015 14:22:02 +0000 (14:22 +0000)]
apps/app_voicemail: Trigger MWI notification with MixMonitor m() option
The MixMonitor m() option allows a recording to be pushed to a specific
voicemail mailbox. If the message is delivered to the mailbox's INBOX, however,
no MWI notification is currently raised.
This patch corrects the issue by properly calling notify_new_state from the
msg_create_from_file function. This will cause MWI to be triggered if the
message was placed in the mailbox's INBOX.
Matthew Jordan [Tue, 20 Jan 2015 02:38:28 +0000 (02:38 +0000)]
contrib/scripts/install_prereq: Don't install 32-bit packages on 64-bit hosts
On Debian based systems, the install_prereq tool uses a search command on
Debian that results in selecting both 64-bit and 32-bit packages. Besides the
waste of disk space, this can actually cause aptitude use 100% of memory on a
VM with 1GB of RAM as it tried to work out all of the 32-bit package
dependencies.
This patch filters out the 32-bit packages on a 64-bit machine, and leaves
32-bit machines alone.
ASTERISK-24048 #close
Reported by: Ben Klang
Tested by: Ben Klang, Matt Jordan
patches:
install_prereq_64-bit_compat.patch uploaded by Ben Klang (License 5876)
Matthew Jordan [Tue, 20 Jan 2015 02:25:25 +0000 (02:25 +0000)]
app_voicemail: Temp message left after review/hangup with ODBC/IMAP backend
When using ODBC or IMAP storage, temporary files created on the file system
must be disposed of using the DISPOSE macro. The DELETE macro will map to a
deletion function for the backend storage, but does not clean up any local
files created as a result of the operation.
When using voicemail with the operator and review options enabled, pressing
0 to enter the menu, followed by 1 to save the message, followed by any
other DTMF press to delete the message, will result in the temporary file
lingering on the file system.
This patch properly calls DISPOSE after the DELETE. This causes the local
file to be disposed of.
ASTERISK-24288 #close
Reported by: LEI FU
patches:
voicemail_odbc_review_fix.diff uploaded by LEI FU (License 6640)
Richard Mudgett [Tue, 13 Jan 2015 18:06:21 +0000 (18:06 +0000)]
app_macro: Don't restore the calling location on a channel redirect.
v11: If a channel redirect to a macro exten of a macro that is active
happens, the redirect location doesn't get executed. Instead the original
macro location is restored and gets reexecuted.
v13: An additional effect happens if a parked call times out to an
extension in the macro that parked the call then the macro is reexecuted
instead of the expected park return location.
* Made not restore the macro calling location on an
AST_SOFTHANGUP_ASYNCGOTO.
* Increased the locked channel range when setting up the macro execution
environment to cover things that should be done while the channel is
locked.
* Removed unnecessary NULL tests before calling ast_free() in
_macro_exec().
Matthew Jordan [Mon, 12 Jan 2015 18:00:24 +0000 (18:00 +0000)]
main/syslog: Allow dynamic logs, such as security events, to log to the syslog
The security event log uses a dynamic log level (SECURITY) that is registered
with the Asterisk logging core. Unfortunately, the syslog would ignore log
statements that had a dynamic log level associated with them. Because the
syslog cannot handle ad hoc dynamic log levels, this patch treats any dynamic
log entries sent to the syslog as logs with a level of NOTICE.
ASTERISK-20744 #close
Reported by: Michael Keuter
Tested by: Michael L. Young, Jacek Konieczny
patches:
asterisk-20744-syslog-dynamic-logging_trunk.diff uploaded by Michael L. Young (license 5026)
Matthew Jordan [Mon, 12 Jan 2015 15:11:08 +0000 (15:11 +0000)]
funcs/func_curl: Fix memory leak when CURLOPT channel datastore is destroyed
When the channel datastore associated with the usage of CURLOPT on a specific
channel is freed, the underlying structure holding the list of options is not
disposed of. This patch properly frees the structure in the datastore .destroy
callback.
ASTERISK-24672 #close
Reported by: Kristian Hogh
patches:
func_curl-memory-leak.diff uploaded by Kristian Hogh (License 6639)
Kinsey Moore [Fri, 9 Jan 2015 14:40:11 +0000 (14:40 +0000)]
res_fax: Add T.38 negotiation timeout option
This change makes the T.38 negotiation timeout configurable via
't38timeout' in res_fax.conf or FAXOPT(t38timeout). It was previously
hard coded to be 5000 milliseconds.
This change also handles T.38 switch failures by aborting the fax since
in the case where this can happen, both sides have agreed to switch to
T.38 and Asterisk is unable to do so.
Richard Mudgett [Mon, 22 Dec 2014 19:38:58 +0000 (19:38 +0000)]
queue_log: Post QUEUESTART entry when Asterisk fully boots.
The QUEUESTART log entry has historically acted like a fully booted event
for the queue_log file. When the QUEUESTART entry was posted to the log
was broken by the change made by ASTERISK-15863.
* Made post the QUEUESTART queue_log entry when Asterisk fully boots.
This restores the intent of that log entry and happens after realtime has
had a chance to load.
Matthew Jordan [Mon, 22 Dec 2014 15:39:04 +0000 (15:39 +0000)]
chan_sip: Send CANCEL via original INVITE destination even after UPDATE request
Given the following scenario:
* Three SIP phones (A, B, C), all communicating via a proxy with Asterisk
* A call is established between A and B. B performs a SIP attended transfer of
A to C. B sets the call on hold (A is hearing MOH) and dials the extension of
C. While phone C is ringing, B transfers the call (that is, what we typically
call a 'blond transfer').
* When the transfer completes, A hears the ringing of phone C, while B is idle.
In the SIP messaging for the above scenario, a REFER request is sent to
transfer the call. When "sendrpid=yes" is set in sip.conf, Asterisk may send an
UPDATE request to phone C to update party information. This update is sent
directly to phone C, not through the intervening proxy. This has the unfortunate
side effect of providing route information, which is then set on the sip_pvt
structure for C. If someone (e.g. B) is trying to get the call back (through a
directed pickup), Asterisk will send a CANCEL request to C. However, since we
have now updated the route set, the CANCEL request will be sent directly to C
and not through the proxy. The phone ignores this CANCEL according to RFC3261
(Section 9.1).
This patch updates reqprep such that the route is not updated if an UPDATE
request is being sent while the INVITE state is INV_PROCEEDING or
INV_EARLY_MEDIA. This ensures that a subsequent CANCEL request is still sent
to the correct location.
Joshua Colp [Sat, 20 Dec 2014 20:56:35 +0000 (20:56 +0000)]
acl: Fix reloading of configuration if configuration file does not exist at startup.
The named ACL code incorrectly destroyed the config options information if loading
of the configuration file failed at startup. This would result in reloading
also failing even if a valid configuration file was put in place.
Richard Mudgett [Fri, 19 Dec 2014 17:21:15 +0000 (17:21 +0000)]
chan_dahdi: Don't ignore setvar when using configuration section scheme.
When the configuration section scheme of chan_dahdi.conf is used (keyword
dahdichan instead of channel) all setvar= options are completely ignored.
No variable defined this way appears in the created DAHDI channels.
* Move the clearing of setvar values to after the deferred processing of
dahdichan.
That works for low ascii characters, but for the high range that yields
e.g. FFFFFFC3 when C3 is expected.
This changeset:
- fixes those casts to use the 'hh' unsigned char modifier instead
- consistently uses %02x instead of %2.2x (or other non-standard usage)
- adds a few 'h' modifiers in various places
- fixes a 'replcaes' typo
- dev/urandon typo (in 13+ patch)
Review: https://reviewboard.asterisk.org/r/4263/
ASTERISK-24619 #close
Reported by: Stefan27 (on IRC)
Joshua Colp [Tue, 16 Dec 2014 16:35:28 +0000 (16:35 +0000)]
chan_sip: Allow T.38 switch-over when SRTP is in use.
Previously when SRTP was enabled on a channel it was not possible
to switch to T.38 as no crypto attributes would be present.
This change makes it so it is now possible. If a T.38 re-invite
comes in SRTP is terminated since in practice you can't encrypt
a UDPTL stream. Now... if we were doing T.38 over RTP (which
does exist) then we'd have a chance but almost nobody does that so
here we are.
ASTERISK-24449 #close
Reported by: Andreas Steinmetz
patches:
udptl-ignore-srtp-v2.patch submitted by Andreas Steinmetz (license 6523)
Richard Mudgett [Fri, 12 Dec 2014 23:31:38 +0000 (23:31 +0000)]
DEBUG_THREADS: Fix regression and lock tracking initialization problems.
This patch started with David Lee's patch at
https://reviewboard.asterisk.org/r/2826/ and includes a regression fix
introduced by the ASTERISK-22455 patch.
The initialization of a mutex's lock tracking structure was not protected
in a critical section. This is fine for any mutex that is explicitly
initialized, but a static mutex may have its lock tracking double
initialized if multiple threads attempt the first lock simultaneously.
* Added a global mutex to properly serialize initialization of the lock
tracking structure. The painful global lock can be mitigated by adding a
double checked lock flag as discussed on the original review request.
* Defer lock tracking initialization until first use.
* Don't be "helpful" and initialize an uninitialized lock when
DEBUG_THREADS is enabled. Debug code is not supposed to fix or change
normal code behavior. We don't need a lock initialization race that would
force a re-setup of lock tracking. Lock tracking already handles
initialization on first use.
* Properly handle allocation failures of the lock tracking structure.
* No need to initialize tracking data in __ast_pthread_mutex_destroy()
just to turn around and destroy it.
The regression introduced by ASTERISK-22455 is the result of manipulating
a pthread_mutex_t struct outside of the pthread library code. The
pthread_mutex_t struct seems to have a global linked list pointer member
that can get changed by other threads. Therefore, saving and restoring
the contents of a pthread_mutex_t struct is a bad thing.
Thanks to Thomas Airmont for finding this obscure regression.
* Don't overwrite the struct ast_lock_track.reentr_mutex member to restore
tracking data in __ast_cond_wait() and __ast_cond_timedwait(). The
pthread_mutex_t struct must be treated as a read-only opaque variable.
Miscellaneous other items fixed by this patch:
* Match ast_suspend_lock_info() with ast_restore_lock_info() in
__ast_cond_timedwait().
* Made some uninitialized lock sanity checks return EINVAL and try a
DO_THREAD_CRASH.
Matthew Jordan [Fri, 12 Dec 2014 22:42:35 +0000 (22:42 +0000)]
res/res_agi: Make Verbose message for 'stream file' match other playbacks
The Verbose message displayed when a file is played back via 'stream file'
was formatted differently than other playbacks:
* It didn't include the channel name
* It didn't include the channel language
It does, however, include the playback offset as well as any escape digits.
That information was kept; however, this patch updates the formatting to more
closely match the Verbose messages displayed when a file is played back by
'control stream file', Playback, ControlPlayback, or any other file playback
operation.
Joshua Colp [Wed, 10 Dec 2014 13:30:22 +0000 (13:30 +0000)]
res_http_websocket: Fix crash due to double freeing memory when receiving a payload length of zero.
Frames with a payload length of 0 were incorrectly handled in res_http_websocket.
Provided a frame with a payload had been received prior it was possible for a double
free to occur. The realloc operation would succeed (thus freeing the payload) but be
treated as an error. When the session was then torn down the payload would be
freed again causing a crash. The read function now takes this into account.
This change also fixes assumptions made by users of res_http_websocket. There is no
guarantee that a frame received from it will be NULL terminated.
Matthew Jordan [Sat, 6 Dec 2014 18:15:20 +0000 (18:15 +0000)]
res/res_monitor: Reset in/out sample counts on Monitor start
When repeatedly starting/stopping a Monitor on a channel, the accumulated
in/out sample counts are never reset to 0. This can cause inadvertent jumps
in the recordings, as the code in the channel core will determine incorrectly
that a jump in the recorded file position should occur. Setting the sample
counts to 0 simply reflects the initial state a Monitor should be in when it
is started, as this is the initial count that would be on the channels at that
time.
Matthew Jordan [Sat, 6 Dec 2014 17:19:39 +0000 (17:19 +0000)]
apps/app_meetme: Apply default values on initial load with no config file
When the app_meetme module is loaded without its configuration file, the
module settings aren't initialized. In particular, this impacts the use
of logging realtime members. This patch guarantees that we always set the
default module settings on initial load.
Matthew Jordan [Wed, 3 Dec 2014 16:43:47 +0000 (16:43 +0000)]
apps/app_voicemail: Fix crash with IMAP when streams are opened simultaneously
The UW IMAP library is instrinsically not thread-safe, and relies upon higher
level applications to guarantee thread safety. For the most part, this is
provided by the vms object, which provides locking for individual streams.
Unfortunately, this is not sufficient for calls to mail_open which create the
IMAP stream. mail_open can, on some systems, call into a UW IMAP specific
function for determining the address of a system based on a hostname,
ip_nametoaddr.
In the ip6_unix implementation of this function, static variables are used
to hold parsing buffers. This can cause a crash if multiple threads attempt
to convert a hostname to an address at the same time. Locking on a single
mail stream is not sufficient to prevent simultaneous access to these static
variables.
In the IMAP library, this function can be called from the mail_open and
imap_status functions. As the imap_status function is not used by
app_voicemail, locking on access to mail_open is sufficient to prevent
any mangling of the buffers.
Review: https://reviewboard.asterisk.org/r/4188/
ASTERISK-24516 #close
Reported by: David Duncan Ross Palmer
Tested by: David Duncan Ross Palmer
patches:
ASTERISK-24516.diff uploaded by David Duncan Ross Palmer (License 6660)
Matthew Jordan [Tue, 2 Dec 2014 16:54:45 +0000 (16:54 +0000)]
pbx/pbx_loopback: Speed up switches by avoiding unneeded lookups
This patch makes a small rearrangement to only do dialplan lookups during
loopback switches if the pattern matches. Prior to this patch, the dialplan
lookups were always performed, even when the result would be discarded.
Dialplan lookups can be very costly if remote switches - like DUNDi - are
present. In those cases extension matching is sped up considerably, making
the issue of lost digits more manageable.
As collateral damage, 6 trailing spaces were killed.
Joshua Colp [Mon, 1 Dec 2014 13:39:15 +0000 (13:39 +0000)]
app_record: Fix bug where using the 'k' option and hanging up would trim 1/4 of a second of the recording.
The Record dialplan function trims 1/4 of a second from the end of recordings in case
they are terminated because of DTMF. When hanging up, however, you don't want this to happen.
This change makes it so on hangup this does not occur.
ASTERISK-24530 #close
Reported by: Ben Smithurst
patches:
app_record_v2.diff submitted by Ben Smithurst (license 6529)
Richard Mudgett [Fri, 21 Nov 2014 18:47:12 +0000 (18:47 +0000)]
manager: Fix could not extend string messages.
When shutting down Asterisk that has an active AMI connection, you get
several "failed to extend from %d to %d" messages because use of the
EVENT_FLAG_SHUTDOWN attempts to add all AMI permission strings to the
event.
* Created MAX_AUTH_PERM_STRING to use when creating stack based struct
ast_str variables used with the authority_to_str() and
user_authority_to_str() functions instead of a variety of magic numbers
that could be too small.
* Added a special check for EVENT_FLAG_SHUTDOWN to authority_to_str() so
it will not attempt to add all permission level strings.
Mark Michelson [Thu, 20 Nov 2014 16:35:18 +0000 (16:35 +0000)]
Fix error with mixed address family ACLs.
Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.
ASTERISK-24469 #close
Reported by Matt Jordan
Patches:
ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)
AST-2014-012
........
Merged revisions 428402 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Kevin Harwell [Thu, 20 Nov 2014 15:42:01 +0000 (15:42 +0000)]
AST-2014-017 - app_confbridge: permission escalation/ class authorization.
Confbridge dialplan function permission escalation via AMI and inappropriate
class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan
function when executed from an external protocol (for instance AMI), could
result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord”
could also be used to execute arbitrary system commands without first checking
for system access.
Asterisk now inhibits the CONFBRIDGE function from being executed from an
external interface if the live_dangerously option is set to no. Also, the
“ConfbridgeStartRecord” AMI action is now only allowed to execute under a
user with system level access.
Joshua Colp [Thu, 20 Nov 2014 14:20:08 +0000 (14:20 +0000)]
AST-2014-014: Fix race condition where channels may get stuck in ConfBridge under load.
Under load it was possible for the bridging API, and thus ConfBridge, to get
channels that may have hung up stuck in it. This is because handling of state
transitions for a bridged channel within a bridge was not protected and simply
set the new state without regard to the existing state. If the existing state
had been hung up this would get overwritten.
This change adds locking to protect changing of the state and also
takes into consideration the existing state.
Richard Mudgett [Wed, 19 Nov 2014 16:38:10 +0000 (16:38 +0000)]
ast_str: Fix improper member access to struct ast_str members.
Accessing members of struct ast_str outside of the string manipulation API
routines is invalid since struct ast_str is supposed to be treated as
opaque.
Corey Farrell [Mon, 17 Nov 2014 15:56:11 +0000 (15:56 +0000)]
chan_sip: Fix theoretical leak of p->refer.
If transmit_refer is called when p->refer is already allocated,
it leaks the previous allocation. Updated code to always free
previous allocation during a new allocation. Also instead of
checking if we have a previous allocation, always create a
clean record.
ASTERISK-15242 #close
Reported by: David Woolley
Review: https://reviewboard.asterisk.org/r/4160/
Matthew Jordan [Mon, 17 Nov 2014 15:26:50 +0000 (15:26 +0000)]
apps/app_confbridge: Ensure 'normal' users hear message when last marked leaves
When r428077 was made for ASTERISK-24522, it failed to take into account users
who are neither wait_marked nor end_marked. These users are *also* supposed to
hear the 'leader has left the conference' message. Granted, this behaviour is
a bit odd; however, that is how it used to work... and behaviour changes are
not good.
This patch ensures that if there are any 'normal' users present when the last
marked user leaves the conference, the message will still be played to them.
Note that this regression was caught by the Asterisk Test Suite's
confbridge_nominal test, which has a quirky combination of users.
Matthew Jordan [Mon, 17 Nov 2014 03:05:44 +0000 (03:05 +0000)]
app_confbridge: Don't play leader leaving prompt if no one will hear it
Consider the following:
- A marked user in a conference
- One or more end_marked only users in the conference
When the marked users leaves, we will be in the conf_state_multi_marked state.
This currently will traverse the users, kicking out any who have the end_marked
flags. When they are kicked, a full ast_bridge_remove is immediately called on
the channels. At this time, we also unilaterally set the need_prompt flag.
When the need_prompt flag is set, we then playback a sound to the bridge
informing everyone that the leader has left; however, no one is left in the
bridge. This causes some odd behaviour for the end_marked users - they are
stuck waiting for the bridge to be unlocked. This results in them waiting for
5 or 6 seconds of dead air before hearing that they've been kicked.
Unfortunately, we do have to keep the bridge locked while we're playing back
the 'leader-has-left' prompt. If there are any wait_marked users in the
conference, this behaviour can't be easily changed - but we do make the case
of the end_marked users better with this patch.
Matthew Jordan [Sat, 15 Nov 2014 16:51:51 +0000 (16:51 +0000)]
cel/cel_odbc: Provide microsecond precision in 'eventtime' column when possible
This patch adds microsecond precision when inserting a CEL record into a table
with an "eventtime" column of type timestamp, instead of second precision. The
documentation (configs/cel_odbc.conf.sample) was already saying that the
eventtime column included microseconds precision, but that was not the case.
Also, without this patch, if you had a table with an "eventtime" column of
type varchar, you had millisecond precision. With this patch, you also get
microsecond precision in this case.
stun: correct attribute string padding to match rfc
When sending the USERNAME attribute in an RTP STUN
response, the implementation in append_attr_string
passed the actual length, instead of padding it up
to a multiple of four bytes as required by the RFC
3489. This change adds separate variables for the
string and padded attributed lengths, and performs
padding correctly.
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/4139/
Joshua Colp [Fri, 14 Nov 2014 14:54:50 +0000 (14:54 +0000)]
app_confbridge: Play "leader has left" sound even when musiconhold is enabled.
Currently if the leader of a conference bridge leaves any participant
that has musiconhold enabled will not hear the "leader has left" sound.
This is because musiconhold is started and THEN the sound is played.
This change makes it so that the sound is played and THEN musiconhold
is started. This provides a better experience for users as they may not
have known previously why they went back to musiconhold.
Joshua Colp [Wed, 12 Nov 2014 16:10:46 +0000 (16:10 +0000)]
pbx: Fix off-nominal case where a freed extension may still be used.
If during the operation of adding an extension a priority is added but
fails it is possible for the extension to be freed but still exist in
the PBX core. If this occurs subsequent lookups may try to access the
extension and end up in freed memory.
This change removes the extension from the PBX core when the priority
addition fails and then frees the extension.
Corey Farrell [Wed, 12 Nov 2014 13:44:32 +0000 (13:44 +0000)]
Fix compiler error when using ./configure --enable-dev-mode --enable-coverage
When DONT_OPTIMIZE is enabled with dev-mode, it causes a shadow compilation
to be done with output to /dev/null. This can cause errors with coverage
when GCC attempts to write to /dev/null.gcno. This change disables
coverage for the shadow compilation.
In chan_agent, a '*' is used by default to terminate a bridge with a caller.
This can lead to all sorts of problems if '*' is used by a feature in
features.conf, as the chan_agent disconnect '*' may be detected first.
This patch adds a documentation snippet to features.conf so that users who
attempt to use features with agents know of the potential conflict.
ASTERISK-20402 #close
Reported by: Matt Riddell
patches:
features.conf.diff uploaded by Matt Riddell (License 5023)
Matthew Jordan [Sun, 9 Nov 2014 00:36:31 +0000 (00:36 +0000)]
channels/chan_mgcp: Fix regression which causes gateways to be skipped
In r227276, a while loop was turned into a for loop. Unfortunately, a portion
of the while loop was left in the code such that, when a static gateway is
encountered in the list of MGCP gateways, the next gateway would be skipped.
At best, we would simply flip past a gateway; at worst, this could lead to a
crash.
Matthew Jordan [Sun, 9 Nov 2014 00:24:53 +0000 (00:24 +0000)]
addons/chan_mobile: Increase buffer size of UCS2 encoded SMS messages
When UCS2 character encoding is used, one symbol in national language can be
expanded to 4 bytes. The current buffer used for receiving message in
do_monitor_phone is 256 bytes, which is not large enough for incoming messages.
For example:
* AT+CMGR phone response prefix
'+CMGR: "REC UNREAD","+7**********",,"14/10/29,13:31:39+12"\r\n' - 60 bytes
* SMS body with UCS2 encoding (max) - 280 bytes
* AT+CMGR phone response suffix '\r\n\r\nOK\r\n' - 8 bytes
* Terminating null character - 1 byte
This results in a needed buffer size of 349 bytes. Hence, this patch opts for a
350 byte buffer.
Corey Farrell [Thu, 6 Nov 2014 12:10:36 +0000 (12:10 +0000)]
main/file.c: fix possible extra ast_module_unref to format modules.
fn_wrapper only adds a reference to the format's module if the file
was able to be opened. If not this causes an unmatched
ast_module_unref in filestream_destructor. Move ast_module_ref to
get_stream.
George Joseph [Wed, 5 Nov 2014 15:02:42 +0000 (15:02 +0000)]
config: Make text_file_save and 'dialplan save' escape semicolons in values.
When a config file is read, an unescaped semicolon signals comments which are
stripped from the value before it's stored. Escaped semicolons are then
unescaped and become part of the value. Both of these behaviors are normal
and expected. When the config is serialized either by 'dialplan save' or
AMI/UpdateConfig however, the now unescaped semicolons are written as-is.
If you actually reload the file just saved, the unescaped semicolons are
now treated as start of comments.
Since true comments are stripped on read, any semicolons in
ast_variable.value must have been escaped originally. This patch
re-escapes semicolons in ast_variable.values before they're written to
file either by 'dialplan save' or config/ast_config_text_file_save which
is called by AMI/UpdateConfig. I also fixed a few pre-existing formatting
issues nearby in pbx_config.c
Corey Farrell [Sun, 2 Nov 2014 08:03:18 +0000 (08:03 +0000)]
Fix ast_writestream leaks
Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.
11+: Fix leak of ast_writestream recording_fs in
app_voicemail:leave_voicemail.
Matthew Jordan [Fri, 31 Oct 2014 03:25:01 +0000 (03:25 +0000)]
channels/sip/reqresp_parser: Fix unit tests for r426594
When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.
........
Merged revisions 426858 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Corey Farrell [Thu, 30 Oct 2014 23:53:26 +0000 (23:53 +0000)]
app_queue: fix a couple leaks to struct call_queue in set_member_value
set_member_value has a couple leaks to references in the variable q
found through testsuite tests/queues/set_penalty. Also remove the
REF_DEBUG_ONLY_QUEUES compiler declaration, this is no longer possible
with the updated REF_DEBUG code.
Walter Doekes [Thu, 30 Oct 2014 09:16:47 +0000 (09:16 +0000)]
app_voicemail: Fix unchecked bounds of myArray in IMAP_STORAGE.
In update_messages_by_imapuser(), messages were appended to a finite
array which resulted in a crash when an IMAP mailbox contained more
than 256 entries. This memory is now dynamically increased as needed.
Observe that this patch adds a bunch of XXX's to questionable code. See
the review (url below) for more information.
ASTERISK-24190 #close
Reported by: Nick Adams
Tested by: Nick Adams
Matthew Jordan [Thu, 30 Oct 2014 01:58:02 +0000 (01:58 +0000)]
channels/chan_sip: Add improved support for 4xx error codes
This patch adds support for 414, 493, 479, and a stray 400 response in REGISTER
response handling. This helps interoperability in a number of scenarios.
Review: https://reviewboard.asterisk.org/r/3437
patches:
rb3437.patch uploaded by oej (License 5267)
........
Merged revisions 426599 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Thu, 30 Oct 2014 01:41:52 +0000 (01:41 +0000)]
channels/chan_sip: Support mutltiple Supported and Required headers
A SIP request may contain multiple Supported: and Required: headers. Currently,
chan_sip only parses the first Supported/Required header it finds. This patch
adds support for multiple Supported/Required headers for INVITE requests.
Review: https://reviewboard.asterisk.org/r/2478
ASTERISK-21721 #close
Reported by: Olle Johansson
patches:
rb2478.patch uploaded by oej (License 5267)
........
Merged revisions 426594 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Corey Farrell [Tue, 28 Oct 2014 20:50:55 +0000 (20:50 +0000)]
res_fax: Resolve T38 gateway frame leak.
When frames are translated by a fax gateway they need to be freed. The
existing call to ast_frfree was unreachable. This change reorganizes
fax_gateway_framehook to ensure that ast_frfree is called when needed.
Matthew Jordan [Mon, 27 Oct 2014 02:45:09 +0000 (02:45 +0000)]
res/res_http_websocket: Fix minor nits found by wdoekes on r409681
When Moises committed the fixes for WSS (which was a great patch), wdoekes had
a few style nits that were on the review that got missed. This patch resolves
what I *think* were all of the ones that were still on the review.
Thanks to both moy for the patch, and wdoekes for the reviews.
Matthew Jordan [Mon, 27 Oct 2014 01:46:02 +0000 (01:46 +0000)]
res/res_srtp: Fix include issue for libsrtp 1.5.0
In libsrtp 1.5.0, crypto_get_random is no longer resolved simply by including
srtp.h. Now, one must include crypto_kernel.h as well. As it turns out, this
header file has been provided by the library since 2006, so this is a
relatively benign change.
ASTERISK-24436 #close
Reported by: Patrick Laimbock
........
Merged revisions 426140 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Mon, 20 Oct 2014 14:10:28 +0000 (14:10 +0000)]
AST-2014-011: Fix POODLE security issues
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
Matthew Jordan [Fri, 17 Oct 2014 13:09:20 +0000 (13:09 +0000)]
channels/chan_sip: Respect outboundproxy setting when sending qualify requests
The outboundproxy setting is currently ignored when sending OPTIONS requests
as a result of the qualify setting. This means that if an Asterisk server is
unable to send the packet directly to a peer, it is unable to qualify any
non-inbound registered peer (e.g. a peer SIP Trunk).
This patch grabs the outboundproxy information for a peer when a qualify
attempt is being constructed and, if it finds the information, uses it
when sending the OPTIONS request.
Fix loss of voice after second call drops (on a second line) in case using multiple lines on unistim phones. There is regression was introduced in r391379.
projects / thirdparty / asterisk.git / log
