Jeff Peeler [Fri, 18 Jun 2010 19:28:24 +0000 (19:28 +0000)]
Fix crash when parsing some heavily nested statements in AEL on reload.
Due to the recursion used when compiling AEL in gen_prios, all the stack space
was being consumed when parsing some AEL that contained nesting 13 levels deep.
Changing a few large buffers to be heap allocated fixed the crash, although I
did not test how many more levels can now be safely used.
Jeff Peeler [Fri, 18 Jun 2010 18:33:17 +0000 (18:33 +0000)]
Eliminate deadlock potential in dahdi_fixup().
(This is a backport of 269307, committed to trunk by rmudgett.)
Calling dahdi_indicate() when the channel private lock is already
held can cause a deadlock if the PRI lock is needed because
dahdi_indicate() will also get the channel private lock. The pri_grab()
function assumes that the channel private lock is held once to avoid
deadlock.
David Vossel [Wed, 16 Jun 2010 17:35:29 +0000 (17:35 +0000)]
fixes chan_iax2 race condition
There is code in chan_iax2.c that attempts to guarantee that only a single
active thread will handle a call number at a time. This code works once
the thread is added to an active_list of threads, but we are not currently
guaranteed that a newly activated thread will enter the active_list immediately
because it is left up to the thread to add itself after frames have been
queued to it. This means that if two frames come in for the same call number
at the same time, it is possible for them to grab two separate threads because
the first thread did not add itself to the active_list fast enough. This
causes some pretty complex problems.
This patch resolves this race condition by immediately adding an activated
thread to the active_list within the network thread and only depending on
the thread to remove itself once it is done processing the frames queued to
it. By doing this we are guaranteed that if another frame for the same call
number comes in at the same time, that this thread will immediately be found
in the active_list of threads.
chan_sip's "contactdeny" feature screens the "to be registered contact".
In case of nat=yes it should not use the address information from the
Contact header (which is not used at all for routing), but the source
IP address of the request.
Thus, if nat=yes and a client sends a request from a denied IP address
(e.g. by spoofing the src-IP address) it can bypass the screening.
This commit makes contactdeny apply to the src ip when nat=yes instead.
Mark Michelson [Thu, 10 Jun 2010 19:30:12 +0000 (19:30 +0000)]
Fix potential crash when writing raw SLIN audio on a PLC-enabled channel.
The issue here was that the frame created when adjusting for PLC had no offset
to its audio data. If this frame were translated to another format prior to
being sent out an RTP socket, all went well because the translation code would
put an appropriate offset into the frame. However, if the SLIN audio were not
translated before being sent out the RTP socket, bad things would happen.
Specifically, the ast_rtp_raw_write makes the assumption that the frame has
at least enough of an offset that it can accommodate an RTP header. This was
not the case. As such, data was being written prior to the allocation, likely
corrupting the data the memory allocator had written. Thus when the time came
to free the data, all hell broke loose. ....Well, Asterisk crashed at least.
The fix was just what one would expect. Offset the data in the frame by a reasonable
amount. The method I used is a bit odd since the data in the frame is 16 bit integers
and not bytes. I left a big ol' comment about it. This can be improved on if someone
is interested. I was more interested in getting the crash resolved.
Paul Belanger [Wed, 9 Jun 2010 17:24:53 +0000 (17:24 +0000)]
Fix Debian init script to not use -c.
When using the init script as-is currently, it could cause issues on Debian
such as high CPU usage. This fix has worked for several people so I'm
implementing the change. We now handle color displays properly.
Paul Belanger [Tue, 1 Jun 2010 14:54:05 +0000 (14:54 +0000)]
Missing fallback to audio fax feature when T.38 re-INVITE failed
When a T.38 re-INVITE failed with an 488 or 606 answer, we should
fallback to audio fax by send a re-re-INVITE without T.38. The
function is backported from 1.6 asterisk.
Tilghman Lesher [Wed, 26 May 2010 21:11:44 +0000 (21:11 +0000)]
Use sigaction for signals which should persist past the initial trigger, not signal.
If you call signal() in a Solaris signal handler, instead of just resetting
the signal handler, it causes the signal to refire, because the signal is not
marked as handled prior to the signal handler being called. This effectively
causes Solaris to immediately exceed the threadstack in recursive signal
handlers and crash.
It is possible to connect to the manager interface before all Asterisk modules
are loaded. To ensure that an application does not send AMI actions that might
require a module that has not yet loaded, the application can listen for the
FullyBooted manager event. It will be sent upon connection if all modules have
been loaded, or as soon as loading is complete. The event:
Mark Michelson [Fri, 21 May 2010 16:28:34 +0000 (16:28 +0000)]
Allow ast_safe_sleep to defer specific frames until after the sleep has concluded.
From reviewboard
Background:
A Digium customer discovered a somewhat odd bug. The setup is that parties A
and B are bridged, and party A places party B on hold. While party B is
listening to hold music, he mashes a bunch of DTMF. Party A takes party
B off hold while this is happening, but party B continues to hear hold
music. I could reproduce this about 1 in 5 times.
The issue:
When DTMF features are enabled and a user presses keys, the channel that
the DTMF is streamed to is placed in an ast_safe_sleep for 100 ms, the
duration of the emulated tone. If an AST_CONTROL_UNHOLD frame is read
from the channel during the sleep, the frame is dropped. Thus the
unhold indication is never made to the channel that was originally placed
on hold.
The fix:
Originally, I discussed with Kevin possible ways of fixing the specific
problem reported. However, we determined that the same type of problem
could happen in other situations where ast_safe_sleep() is used. Using
autoservice as a model, I modified ast_safe_sleep_conditional() to
defer specific frame types so they can be re-queued once the sleep has
finished. I made a common function for determining if a frame should
be deferred so that there are not two identical switch blocks to
maintain.
Richard Mudgett [Thu, 20 May 2010 23:23:21 +0000 (23:23 +0000)]
ast_callerid_parse() had a path that left name uninitialized.
Several callers of ast_callerid_parse() do not initialize the name
parameter before calling thus there is the potential to use an
uninitialized pointer.
Tilghman Lesher [Wed, 19 May 2010 17:41:29 +0000 (17:41 +0000)]
Internal timing is now on by default, if you're using DAHDI 2.3 or above.
The reason for ensuring DAHDI 2.3 or above is that this version ensures that
a timer is always available, whereas in previous versions, it was possible
for DAHDI to be loaded, but have no drivers to actually generate timing. If
internal_timing was turned on in this circumstance, a complete lack of audio
would result. This is the reason why internal_timing was not on by default.
However, now that DAHDI ensures the availability of a timer, there is no
reason for this setting to be off (and in fact, it solves a great many initial
user problems).
Jeff Peeler [Tue, 18 May 2010 18:54:58 +0000 (18:54 +0000)]
Modify directory name reading to be interrupted with operator or pound escape.
In the case of accidentally entering the wrong first three letters for the
reading, users could be very frustrated if the name listing is very long. This
allows interrupting the reading by pressing 0 or #. 0 will attempt to execute
a configured operator (o) extension and # will exit and proceed in the
dialplan.
Mark Michelson [Mon, 17 May 2010 22:00:28 +0000 (22:00 +0000)]
Fix logic error when checking for a devstate provider.
When using strsep, if one of the list of specified separators is not found,
it is the first parameter to strsep which is now NULL, not the pointer returned
by strsep.
This issue isn't especially severe in that the worst it is likely to do is waste
some cycles when a device with no '/' and no ':' is passed to ast_device_state.
Leif Madsen [Mon, 17 May 2010 14:35:18 +0000 (14:35 +0000)]
Manager cookies are not compatible with RFC2109.
The Version field in the cookies we're setting contain quotes around the version
number which is not compatible with RFC2109 and breaks some implementations.
(closes issue #17231)
Reported by: ecarruda
Patches:
manager_rfc2109-trunk-v1.patch uploaded by ecarruda (license 559)
manager_rfc2109-1.6.2-v1.patch uploaded by ecarruda (license 559)
Tested by: ecarruda, russell
Leif Madsen [Mon, 17 May 2010 14:04:57 +0000 (14:04 +0000)]
Update link to new version of core sounds.
The latest version of the core sounds files 1.4.19 now includes the missing
queue-minute sound file which is called by app_queue but which has been
missing.
David Vossel [Wed, 12 May 2010 17:00:04 +0000 (17:00 +0000)]
fixes app_meetme dsp error
We attempted to detect silence after translating a frame
from signed linear. This caused a flooding of errors. To
resolve this the code to detect silence was moved before the
translation.
Jeff Peeler [Thu, 6 May 2010 18:39:06 +0000 (18:39 +0000)]
Remove some hidden broken code in the voicemail mailbox options menu.
After finishing a recording from within the mailbox options menu, pressing 0
exhibited strange behavior with operator=yes turned on. Pressing 0 was not
even advertised as an option and the options from the vm-saveoper prompt:
"Press 1 to accept this recording. Otherwise, please continue to hold" did
not function correctly. While this of course could be fixed, it didn't really
seem to make sense even if it was working properly.
Jeff Peeler [Tue, 4 May 2010 18:46:46 +0000 (18:46 +0000)]
Voicemail transfer to operator should occur immediately, not after main menu.
There were two scenarios in the advanced options that while using the
operator=yes and review=yes options, the transfer occurred only after exiting
the main menu (after sending a reply or leaving a message for an extension).
Now after the audio is processed for the reply or message the transfer occurs
immediately as expected.
Jeff Peeler [Fri, 30 Apr 2010 22:22:46 +0000 (22:22 +0000)]
Ensure channel state is not incorrectly set in the case of a very early answer.
The needringing bit was being read in dahdi_read after answering thereby
setting the state to ringing from up. This clears needringing upon answering
so that is no longer possible.
Mark Michelson [Fri, 30 Apr 2010 20:08:15 +0000 (20:08 +0000)]
Fix potential crash from race condition due to accessing channel data without the channel locked.
In res_musiconhold.c, there are several places where a channel's
stream's existence is checked prior to calling ast_closestream on it. The issue
here is that in several cases, the channel was not locked while checking the
stream. The result was that if two threads checked the state of the channel's
stream at approximately the same time, then there could be a situation where
both threads attempt to call ast_closestream on the channel's stream. The result
here is that the refcount for the stream would go below 0, resulting in a crash.
I have added proper channel locking to res_musiconhold.c to ensure that
we do not try to check chan->stream without the channel locked. A Digium customer
has been using this patch for several weeks and has not had any crashes since
applying the patch.
Richard Mudgett [Thu, 29 Apr 2010 22:11:47 +0000 (22:11 +0000)]
DTMF CallerID detection problems.
The code handling DTMF CallerID drops digits on long CallerID numbers and
may timeout waiting for the first ring with shorter numbers.
The DTMF emulation mode was not turned off when processing DTMF CallerID.
When the emulation code gets behind in processing the DTMF digits it can
skip a digit.
For shorter numbers, the timeout may have been too short. I increased it
from 2 seconds to 4 seconds. Four seconds is a typical time between rings
for many countries.
(closes issue #16460)
Reported by: sum
Patches:
issue16460.patch uploaded by rmudgett (license 664)
issue16460_v1.6.2.patch uploaded by rmudgett (license 664)
Tested by: sum, rmudgett
David Vossel [Thu, 29 Apr 2010 15:31:02 +0000 (15:31 +0000)]
Fixes crash in audiohook_write_list
The middle_frame in the audiohook_write_list function was
being freed if a audiohook manipulator returned a failure.
This is incorrect logic. This patch resolves this and
adds detailed descriptions of how this function should work
and why manipulator failures must be ignored.
David Vossel [Wed, 28 Apr 2010 21:16:03 +0000 (21:16 +0000)]
resolves deadlocks in chan_local
Issue_1.
In the local_hangup() 3 locks must be held at the same time... pvt, pvt->chan,
and pvt->owner. Proper deadlock avoidance is done when the channel to hangup
is the outbound chan_local channel, but when it is not the outbound channel we
have an issue... We attempt to do deadlock avoidance only on the tech pvt, when
both the tech pvt and the pvt->owner are locked coming into that loop. By
never giving up the pvt->owner channel deadlock avoidance is not entirely possible.
This patch resolves that by doing deadlock avoidance on both the pvt->owner and the pvt
when trying to get the pvt->chan lock.
Issue_2.
ast_prod() is used in ast_activate_generator() to queue a frame on the channel
and make the channel's read function get called. This function is used in
ast_activate_generator() while the channel is locked, which mean's the channel
will have a lock both from the generator code and the frame_queue code by the
time it gets to chan_local.c's local_queue_frame code... local_queue_frame
contains some of the same crazy deadlock avoidance that local_hangup requires,
and this recursive lock prevents that deadlock avoidance from happening correctly.
This patch removes ast_prod() from the channel lock so only one lock is held during
the local_queue_frame function.
Updating config.guess because after installing Ubuntu Server 9.10 and
running all the update scripts, running ./configure would not continue
because it was unable to determine what kind of system I had. After
updating config.guess things started working again.
Jason Parker [Wed, 28 Apr 2010 19:17:38 +0000 (19:17 +0000)]
Remove usage of `id` since it isn't useful and was causing breakge.
Solaris `id` doesn't support the -u argument. Instead of figuring out how to
fix this to work on Solaris, I decided to check why it was necessary and where
else it was used. It was only used in one place, and it hasn't been needed
for a very long time (I question whether it was ever needed).
Changed the warning to "Failed to decode CallerID on channel 'name'". The
message before it is likely more specific about why the CallerID decode
failed.
* Add additional sounds prompts for say_enumeration
* Update the English conference sounds prompts so they are better
quality and all sound more consistent
* Clean up the core-sounds-XX.txt and extra-sounds-XX.txt files to
include all present sound files
Both core (en, fr, es) and extra (en, fr) sounds files have been updated.
Richard Mudgett [Tue, 27 Apr 2010 18:14:54 +0000 (18:14 +0000)]
hidecalleridname parameter in chan_dahdi.conf
Issue #7321 implements a new chan_dahdi configuration option. However, a
change mentioned in the issue was never implemented. This is the change
that will allow the feature to work.
I added a note to chan_dahdi.conf.sample about the feature.
(closes issue #17143)
Reported by: djensen99
Patches:
diff.txt uploaded by djensen99 (license NA) (One line change)
Tested by: djensen99
Mark Michelson [Mon, 26 Apr 2010 21:03:08 +0000 (21:03 +0000)]
Prevent Newchannel manager events for dummy channels.
No Newchannel manager event will be fired for channels that are
allocated to not match a registered technology type. Thus bogus
channels allocated solely for variable substitution or CDR
operations do not result in a Newchannel event.
When StopMonitor is called, ensure that it will not be restarted by a channel event.
(closes issue #16590)
Reported by: kkm
Patches:
resmonitor-16590-trunk.239289.diff uploaded by kkm (license 888)
This change allows a CDR record previously marked with disposition ANSWERED to be set as BUSY or NO ANSWER.
Additionally this change partially reverts r235635 and does not set the AST_CDR_FLAG_ORIGINATED flag on CDRs generated from ast_call(). To preserve proper CDR behavior, the AST_CDR_FLAG_DIALED flag is now cleared from all brige CDRs in ast_bridge_call().
projects / thirdparty / asterisk.git / log
