Tolerate presence of RFC2965 Cookie2 header by ignoring it
This patch modifies parsing of cookies in Asterisk's http server by doing an
explicit comparison of the "Cookie" header instead of looking at the first
6 characters to determine if the header is a cookie header. This avoids
parsing "Cookie2" headers and overwriting the previously parsed "Cookie"
header.
Note that we probably should be appending the cookies in each "Cookie"
header to the parsed results; however, while clients can send multiple
cookie headers they never really do. While this patch doesn't improve
Asterisk's behavior in that regard, it shouldn't make it any worse either.
Note that the solution in this patch was pointed out on the issue by the
issue reporter, Stuart Henderson.
(closes issue ASTERISK-21789)
Reported by: Stuart Henderson
Tested by: mjordan, Stuart Henderson
........
r410380 | rmudgett | 2014-03-10 12:00:32 -0500 (Mon, 10 Mar 2014) | 11 lines
AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
(closes issue ASTERISK-23340)
Reported by: Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. Manuel Sadosky, Buenos Aires, Argentina
........
Merged revisions 394899,410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Kinsey Moore [Mon, 10 Mar 2014 13:46:58 +0000 (13:46 +0000)]
AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
Richard Mudgett [Wed, 19 Feb 2014 19:13:36 +0000 (19:13 +0000)]
config: Add file size and nanosecond resolution fields to the cached modified config file information.
Repeatedly modifying config files and reloading too fast sometimes fails
to reload the configuration because the cached modification timestamp has
one second resolution.
* Added file size and nanosecond resolution fields to the cached config
file modification timestamp information. Now if the file size changes or
the file system supports nanosecond resolution the modified file has a
better chance of being detected for reload.
* Added a missing unlock in an off-nominal code path.
Richard Mudgett [Fri, 7 Feb 2014 19:01:01 +0000 (19:01 +0000)]
chan_iax2: Block unnecessary control frames to/from the wire.
Establishing an IAX2 call between Asterisk v1.4 and v1.8 (or later)
results in an unexpected call disconnect. The problem happens because
newer values in the enum ast_control_frame_type are not consistent between
the branch versions of Asterisk.
For example:
1) v1.4 calls v1.8 (or later) using IAX2
2) v1.8 answers and sends a connected line update control frame. (on v1.8
AST_CONTROL_CONNECTED_LINE = 22)
3) v1.4 receives the control frame as an end-of-q (on v1.4
AST_CONTROL_END_OF_Q = 22)
4) v1.4 disconnects the call once the receive queue becomes empty.
Several things are done by this patch to fix the problem and attempt to
prevent it from happening again in the future:
* Added a warning at the definition of enum ast_control_frame_type about
how to add new control frame values.
* Made block sending and receiving control frames that have no reason to
go over the wire.
* Extended the connectedline iax.conf parameter to also include the
redirecting information updates.
* Updated the connectedline iax.conf parameter documentation to include a
notice that the parameter must be "no" when the peer is an Asterisk v1.4
instance.
Richard Mudgett [Fri, 24 Jan 2014 23:55:48 +0000 (23:55 +0000)]
CEL: Protect data structures during reload and shutdown.
The CEL data structures need to be protected during a configuration reload
and shutdown. Asterisk crashed during a shutdown because CEL events were
still in flight and the CEL data structures were already destroyed.
* Protected the appset and linkedids ao2 containers using the reload_lock.
* Added NULL checks before use of the appset and linkedids ao2 containers
in case the CEL module is already shutdown.
* Fixed overloading of the linkedids held objects reference count. During
shutdown any held objects would be leaked.
* Fixed memory leak of linkedids held objects if the LINKEDID_END is not
being tracked. The objects in the linkedids container were not removed if
the LINKEDID_END event is not used.
* Added access protection to the appset container during the CLI "cel show
status" command.
* Made CEL config reload not set defaults if the cel.conf file is invalid.
David M. Lee [Mon, 16 Dec 2013 16:49:32 +0000 (16:49 +0000)]
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
app_sms: BufferOverflow when receiving odd length 16 bit message
This patch prevents an infinite loop overwriting memory when
a message is received into the unpacksms16() function, where
the length of the message is an odd number of bytes.
(closes issue ASTERISK-22590)
Reported by: Jan Juergens
Tested by: Jan Juergens
........
Merged revisions 403853 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Kevin Harwell [Tue, 5 Nov 2013 15:16:21 +0000 (15:16 +0000)]
chan_sip: notify dialog info ignores presentation indicator in callerid
The presentation indicator in a callerid (e.g. set by dialplan function
Set(CALLERID(name-pres)= ...)) is not checked when SIP Dialog Info Notifies
are generated during extension monitoring. Added a check to make sure the
name and/or number presentations on the callee (remote identity) are set to
allow. If they are restricted then "anonymous" is used instead.
(closes issue AST-1175)
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/2976/
........
Merged revisions 402468 from http://svn.asterisk.org/svn/asterisk/branches/1.8
pbx.c: fix confused match caller id that deleted exten still in hash
This fixes a bug where a zero length callerid match adjacent to a no
match callerid extension entry would be deleted together, which then
resulted in hashtable references to free'd memory. A third state of
the matchcid value has been added to indicate match to any extension
which allows enforcing comparison of matchcid on/off without errors.
Matthew Jordan [Tue, 22 Oct 2013 22:59:14 +0000 (22:59 +0000)]
res_rtp_asterisk: Fix crash when RTCP is not available during SSRC change
In r400089, a patch was put in to correct erroneous RTCP statistic resets.
Unfortunately, ast_rtp_read can be called on an RTP instance that does not
have RTCP information. This patch prevents that crash by only resetting
the statistics if we do actually have an RTCP instance.
(issue AST-1174)
(closes issue ASTERISK-22667)
Reported by: John Bigelow
........
Merged revisions 401445 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Sat, 28 Sep 2013 22:36:29 +0000 (22:36 +0000)]
res_rtp_asterisk: Correct erroneous lost packet information in RTCP reports
RTCP's calculation of the number of lost packets in an RTP stream is based on
that stream's sequence number count, the number of received packets, and how
many packets we expect to receive. When the SSRC for an RTP stream changes,
there can - and almost always will be - a large jump in the next packet's
timestamp and sequence number. If we don't reset the number of received
packets, sequence number count, and other metrics used by RTCP, the next RR/SR
report will use the previous SSRC's values to calculate the lost packet count
for the new SSRC - resulting in a very large number of lost packets.
This patch modifies res_rtp_asterisk such that, if it detects a SSRC change, it
will reset the various values used by the RTCP calculations. From the
perspective of RTCP, this appears as a new media stream - which is what it is.
Review: https://reviewboard.asterisk.org/r/2886/
(closes issue AST-1174)
Reported by: Thomas Arimont
........
Merged revisions 400089 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Sat, 28 Sep 2013 21:31:26 +0000 (21:31 +0000)]
Add check for openSUSE when detecting bfd library
In ASTERISK-17842, some additional library checks were added to the configure
script so that the bfd library could be found on CentOS and Fedora systems.
As it turns out, openSUSE requires an additional library. This patch adds
another check to the configure script for openSUSE that will add that library.
Richard Mudgett [Wed, 4 Sep 2013 16:08:02 +0000 (16:08 +0000)]
chan_misdn: Fix misdn debug output printed with arbitrary verbose levels.
Fix the misdn debug output to remote consoles. chan_misdn uses
ast_console_puts() which doesn't know about verbose levels. Better to use
ast_verbose() instead. Without this patch the misdn debug messages are
appended to the verbose level which ever was set by the message sent to
the console before, i.e. any undefined level.
Matthew Jordan [Tue, 27 Aug 2013 18:13:22 +0000 (18:13 +0000)]
AST-2013-005: Fix crash caused by invalid SDP
If the SIP channel driver processes an invalid SDP that defines media
descriptions before connection information, it may attempt to reference
the socket address information even though that information has not yet
been set. This will cause a crash.
This patch adds checks when handling the various media descriptions that
ensures the media descriptions are handled only if we have connection
information suitable for that media.
Thanks to Walter Doekes, OSSO B.V., for reporting, testing, and providing
the solution to this problem.
Matthew Jordan [Tue, 27 Aug 2013 17:37:23 +0000 (17:37 +0000)]
AST-2013-004: Fix crash when handling ACK on dialog that has no channel
A remote exploitable crash vulnerability exists in the SIP channel driver if an
ACK with SDP is received after the channel has been terminated. The handling
code incorrectly assumed that the channel would always be present.
This patch adds a check such that the SDP will only be parsed and applied if
Asterisk has a channel present that is associated with the dialog.
Note that the patch being applied was modified only slightly from the patch
provided by Walter Doekes of OSSO B.V.
(closes issue ASTERISK-21064)
Reported by: Colin Cuthbertson
Tested by: wdoekes, Colin Cutherbertson
patches:
issueA21064_fix.patch uploaded by wdoekes (License 5674)
........
Merged revisions 397710 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Mark Michelson [Wed, 21 Aug 2013 14:33:38 +0000 (14:33 +0000)]
Prevent a crash on outbound SIP MESSAGE requests.
If a From header on an outbound out-of-call SIP MESSAGE were
malformed, the result could crash Asterisk.
In addition, if a From header on an incoming out-of-call SIP
MESSAGE request were malformed, the message was happily accepted
rather than being rejected up front. The incoming message path
would not result in a crash, but the behavior was bad nonetheless.
(closes issue ASTERISK-22185)
reported by Zhang Lei
Matthew Jordan [Tue, 20 Aug 2013 01:21:25 +0000 (01:21 +0000)]
Fix invalid access to disposed memory in main/data unit test
It is not safe to iterate over a macro'd list of ao2 objects, deref them such
that the item's destructor is called, and leave them in the list. The list
macro to iterate over items requires the item to be a valid allocated object
in order to proceed to the next item; with MALLOC_DEBUG on the corruption of
the linked list is caught in the crash.
This patch fixes the invalid access to free'd memory by removing the ao2 item
from the list before de-refing it.
Note that this is a backport of r396915 from Asterisk trunk.
........
Merged revisions 396958 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Jason Parker [Wed, 15 May 2013 14:19:37 +0000 (14:19 +0000)]
Fix VM snapshot handling for combined INBOX.
The snapshot API contains an option that allow for combining of new
and old messages within a single snapshot. New messages, however,
include options beyond just 'INBOX' - it also includes the Urgent
folder. A previous patch that combined INBOX and Urgent accidentally
impacted snapshots that attempted to gain messages from just the Old
folder. This patch fixes the snapshot gathering such that the API
returns the appropriate messages for the folder selected, with and
without the combine option.
This should make it more clear about what's happening.
Richard Mudgett [Fri, 10 May 2013 22:21:17 +0000 (22:21 +0000)]
Allow mISDN to send PROGRESS messsage.
* Made isdn_msg_parser.c build a progress message with the mandatory
progress indicator IE. (The mISDNuser NT state machine rejected sending
the incomplete message.)
Note: The associated mISDN and mISDNuser patches respectively are viewable
here:
http://svnview.digium.com/svn/thirdparty?view=rev&rev=200
http://svnview.digium.com/svn/thirdparty?view=rev&rev=201
Matthew Jordan [Wed, 27 Mar 2013 18:31:04 +0000 (18:31 +0000)]
AST-2013-002: Prevent denial of service in HTTP server
AST-2012-014, fixed in January of this year, contained a fix for Asterisk's
HTTP server for a remotely-triggered crash. While the fix put in place fixed
the possibility for the crash to be triggered, a denial of service vector still
exists with that solution if an attacker sends one or more HTTP POST requests
with very large Content-Length values. This patch resolves this by capping
the Content-Length at 1024 bytes. Any attempt to send an HTTP POST with
Content-Length greater than this cap will not result in any memory allocation.
The POST will be responded to with an HTTP 413 "Request Entity Too Large"
response.
This issue was reported by Christoph Hebeisen of TELUS Security Labs
(closes issue ASTERISK-20967)
Reported by: Christoph Hebeisen
patches:
AST-2013-002-1.8.diff uploaded by mmichelson (License 5049)
AST-2013-002-10.diff uploaded by mmichelson (License 5049)
AST-2013-002-11.diff uploaded by mmichelson (License 5049)
Matthew Jordan [Wed, 27 Mar 2013 15:19:48 +0000 (15:19 +0000)]
AST-2013-003: Prevent username disclosure in SIP channel driver
When authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways. The
information is disclosed when:
* A "407 Proxy Authentication Required" response is sent instead of a
"401 Unauthorized" response
* The presence or absence of additional tags occurs at the end of "403
Forbidden" (such as "(Bad Auth)")
* A "401 Unauthorized" response is sent instead of "403 Forbidden" response
after a retransmission
* Retransmission are sent when a matching peer did not exist, but not when a
matching peer did exist.
This patch resolves these various vectors by ensuring that the responses sent
in all scenarios is the same, regardless of the presence of a matching peer.
This issue was reported by Walter Doekes, OSSO B.V. A substantial portion of
the testing and the solution to this problem was done by Walter as well - a
huge thanks to his tireless efforts in finding all the ways in which this
setting didn't work, providing automated tests, and working with Kinsey on
getting this fixed.
Matthew Jordan [Thu, 28 Feb 2013 16:49:46 +0000 (16:49 +0000)]
Let channels joining a MeetMe conference opt out of the denoiser
For some channel drivers, specifically those that have a varying rate in the
number of audio samples, the audio quality for a MeetMe conference can be
exceedingly poor. This is due to a unilateral application of the DENOISE
function in func_speex to channels joining the conference.
The denoiser function in the speex library is initialized with the number of
audio samples in each sample that will be provided to it. If the number of
audio samples changes, the denoiser has to be thrown away and re-initialized.
While this could be worked around by removing func_speex, that doesn't help
if you actually use the denoiser with other channels on the system.
This patches does the following:
* Checks for the presence of func_speex as opposed to codec_speex when
determining if the DENOISE function is present (which is where the function
is actually implemented)
* Adds an option to MeetMe 'n' that causes the denoiser to not be applied
to a channel when it joins. This keeps the current behavior the default, but
let's users disable the denoiser if it causes problems on their system.
Review: https://reviewboard.asterisk.org/r/2358
(closes issue AST-1062)
Reported by: Thomas Arimont
........
Merged revisions 382227 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Wed, 20 Feb 2013 19:10:42 +0000 (19:10 +0000)]
Let vm_mailbox_snapshot_create's combine option apply to "Urgent" as well
The vm_mailbox_snapshot_create function has an option that combines the
contents of INBOX and Old into a single snapshot. The intent of this is that
both 'new' messages and 'deleted' messages are given in a single snapshot, as
some applications prefer this view of the voicemail world. Unfortunately, the
initial implementation ignored the "Urgent" folder. The "Urgent" folder is a
pseudo-INBOX, in that new messages left with the 'U' flag will be placed in
that folder as opposed to INBOX. Thus, the option failed the intent with which
it was added.
This patch makes it so that the "Urgent" folder is included in the snapshot
when that option is used.
David M. Lee [Mon, 14 Jan 2013 15:17:44 +0000 (15:17 +0000)]
Fix XML encoding of 'identity display' in NOTIFY messages, continued.
When r378933 was merged into 1.8, it should have also escaped
remote_display, since it will have the same XML encoding problem when
the caller/callee roles are reversed.
David M. Lee [Sat, 12 Jan 2013 07:02:48 +0000 (07:02 +0000)]
Fix XML encoding of 'identity display' in NOTIFY messages.
XML encoding in chan_sip is accomplished by naively building the XML
directly from strings. While this usually works, it fails to take into
account escaping the reserved characters in XML.
This patch adds an 'ast_xml_escape' function, which works similarly to
'ast_uri_encode'. This is used to properly escape the local_display
attribute in XML formatted NOTIFY messages.
Several things to note:
* The Right Thing(TM) to do would probably be to replace the
ast_build_string stuff with building an ast_xml_doc. That's a much
bigger change, and out of scope for the original ticket, so I
refrained myself.
* It is with great sadness that I wrote my own ast_xml_escape
function. There's one in libxml2, but it's knee-deep in
libxml2-ness, and not easily used to one-off escape a
string.
* I only escaped the string we know is causing problems
(local_display). At least some of the other strings are
URI-encoded, which should be XML safe. Rather than figuring out
what's safe and escaping what's not, it would be much cleaner to
simply build an ast_xml_doc for the messages and let the XML
library do the XML escaping. Like I said, that's out of scope.
Matthew Jordan [Wed, 2 Jan 2013 18:22:39 +0000 (18:22 +0000)]
Prevent exhaustion of system resources through exploitation of event cache
Asterisk maintains an internal cache for devices in the event subsystem. The
device state cache holds the state of each device known to Asterisk, such that
consumers of device state information can query for the last known state for
a particular device, even if it is not part of an active call. The concept of
a device in Asterisk can include entities that do not have a physical
representation. One way that this occurred was when anonymous calls are allowed
in Asterisk. A device was automatically created and stored in the cache for
each anonymous call that occurred; this was possible in the SIP and IAX2
channel drivers and through channel drivers that utilized the
res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). These devices
are never removed from the system, allowing anonymous calls to potentially
exhaust a system's resources.
This patch changes the event cache subsystem and device state management to
no longer cache devices that are not associated with a physical entity.
Matthew Jordan [Wed, 2 Jan 2013 16:00:06 +0000 (16:00 +0000)]
Resolve crashes due to large stack allocations when using TCP
Asterisk had several places where messages received over various network
transports may be copied in a single stack allocation. In the case of TCP,
since multiple packets in a stream may be concatenated together, this can
lead to large allocations that overflow the stack.
This patch modifies those portions of Asterisk using TCP to either
favor heap allocations or use an upper bound to ensure that the stack will not
overflow:
* For HTTP, the allocation is now a heap allocation instead of a stack
allocation
* For XMPP (in res_jabber), the allocation has been eliminated since it was
unnecesary.
Note that the HTTP portion of this issue was independently found by Brandon
Edwards of Exodus Intelligence.
Matthew Jordan [Mon, 19 Nov 2012 22:43:03 +0000 (22:43 +0000)]
Fix SendDTMF crash and channel reference leak using channel name parameter.
The SendDTMF channel name parameter has two issues.
1) Crashes if the channel name does not exist.
2) Leaks a channel reference if the channel is the current channel.
Problem introduced by ASTERISK-15956.
* Updated SendDTMF documentation.
* Renamed app to senddtmf_name and tweaked the type.
........
Merged revisions 373945 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Joshua Colp [Fri, 16 Nov 2012 21:24:35 +0000 (21:24 +0000)]
Fix Incrementing Sequence Number For Retransmitted DTMF End Packets
In Asterisk 1.4+, a fix was put in place to increment the sequence number for
retransmitted DTMF end packets. With the introduction of the RTP engine API in
1.8, the sequence number was no longer being incremented. This patch fixes this
regression as well as cleans up a few lines that were not doing anything.
(closes issue ASTERISK-20295)
Reported by: Nitesh Bansal
Tested by: Michael L. Young
Patches:
01_rtp_event_seq_num.patch uploaded by Nitesh Bansal (license 6418)
asterisk-20295-dtmf-fix-cleanup.diff uploaded by Michael L. Young (license 5026)
app_queue: Fix a lock that was being held forever caused by a merging mistake
r375591 merged with conflicts and an oversight resulted in an unlock being
missed which resulted in a deadlock when updating realtime members in queues.
This patch adds that unlock back in.
(closes issue AST-1035)
Reported by: Steve Pitts
Patches:
certified_1.8.11_oops_missed_an_unlock.diff uploaded by Jonathan Rose (license 6182)
........
chan_misdn: Timer primitives must be handled first.
The frm->addr is a different "address space" than the stack/instance
address of other Lx primitives. The test for B channel instance address
could fail.
Patches:
patch01_timers.diff (license #6372) patch uploaded by Guenther Kelleter
* An NT-PTMP cannot de/establish L2 since it doesn't know the TEIs.
* On NT-PTP L2 is started when L1 is finally active in handle_l1.
* L2 deactivation logging cleanup.
* L2 aggregate link status is unknown for NT-PTMP, show as "UNKN".
* Removed unused functions and code for L2 handling.
Patches:
patch03_L2estab.diff (license #6372) patch uploaded by Guenther Kelleter
Modified
Sending PH prim via lower_id layer (3 or 1) simply does not work. For TE
(3) it returns an error (len=-6) which is not evaluated by handle_l1(), so
the L1 layer status ends up wrong. Instead PH must be sent via L4, only
then does it reach L1 without an error message.
And NT PH prims only reach L1 when they are sent to layer 2 id.
--> use upper_id to send PH primitives.
* Check for errors in PH_(DE)ACTIVATE | CONFIRM.
* Debug messages are improved.
* The lower_id is now not used for anything, except: Why is lower_id layer
deleted when it wasn't created? I removed this code since it looks very
wrong.
Patches:
patch04_l1activation.diff (license #6372) patch uploaded by Guenther Kelleter
If you make 2 calls out an NT PTMP port which is not connected to any
phone, the B channel associated with that call becomes unusable until
Asterisk is restarted.
The problem is the EVENT_SETUP is queued when L1 is not up in
misdn_lib_send_event(). If L1 cannot be activated the event won't be
dequeued. It gets even worse when the call is hung up. The queued
EVENT_SETUP will be overwritten by an EVENT_DISCONNECT. The reserved B
channel then will never be freed. If later someone connects a phone to
the port, L1 will eventually activate and the queued EVENT_DISCONNECT is
sent down the stack. However, it is ignored because it is the wrong call
state.
The real fix would be that activation and queueing for a new SETUP is done
by the NT stack. But since it doesn't, the workaround must be removed
because it doesn't always work.
Fix: The event is no longer queued but immediately sent to the stack. If
L1 cannot be activated, the L3 state machine that was started by the
EVENT_SETUP will do its work, i.e. a timeout will release the B channel
properly. The SETUP possibly cannot be sent the first time but is resent
by T303 in case L1 could be activated.
Patches:
patch05_bchan-loss.diff (license #6372) patch uploaded by Guenther Kelleter
Modified
Matthew Jordan [Fri, 2 Nov 2012 17:38:50 +0000 (17:38 +0000)]
core: Fix a memory leak in app.c from an early return
ast_app_group_match_get_count allocates memory with the regcomp
function and we previously forgot to free it when bailing out
due to a regex compilation failure against category.
Matthew Jordan [Fri, 2 Nov 2012 15:32:28 +0000 (15:32 +0000)]
chan_dahdi: Fix segfault dereferencing a NULL tech_pvt.
The tech support customer was using the AMI Redirect action shortly after
a call was placed. While the channel tried to do an ast_read(), the
masquerade resulting from the channel redirect took place. The masquerade
in the middle of the ast_read() resulted in the segfault.
app_queue: Make ordering of rrmemory/rrordered persist over add/remove members
Prior to this patch, adding, removing or reloading members to rrmemory would
cause the order to become completely jumbled. Now it behaves more or less like
rrordered other than the fact that it stores the members on a hash table rather
than a linked list. This patch also prevents removal of members and member
reloads from jumbling rrordered queues.
Only re-create an SRTP session when needed; respond with correct crypto policy
In r356604, SRTP handling was fixed to accomodate multiple crypto keys in an
SDP offer and the ability to re-create an SRTP session when the crypto keys
changed. In certain circumstances - most notably when a phone is put on
hold after having been bridged for a significant amount of time - the act
of re-creating the SRTP session causes problems for certain models of phones.
The patch committed in r356604 always re-created the SRTP session regardless
of whether or not the cryptographic keys changed. Since this is technically
not necessary, this patch modifies the behavior to only re-create the SRTP
session if Asterisk detects that the remote key has changed. This allows
models of phones that do not handle the SRTP session changing to continue
to work, while also providing the behavior needed for those phones that do
re-negotiate cryptographic keys.
In addition, in Asterisk 1.8 only, it was found that phones that offer
AES_CM_128_HMAC_SHA1_32 will end up with no audio if the phone is the
initiator of the call. The phone will send an INVITE request specifying
that AES_CM_128_HMAC_SHA1_32 be used for the cryptographic policy; Asterisk
will set its policy to that value. Unfortunately, when the call is Answered
and a 200 OK is sent back to the UA, the policy sent in the response's SDP
will be the hard coded value AES_CM_128_HMAC_SHA1_80. This potentially
results in Asterisk using the INVITE request's policy of
AES_CM_128_HMAC_SHA1_32, while the phone uses Asterisk's response of
AES_CM_128_HMAC_SHA1_80. Hilarity ensues as both endpoints think the other
is crazy.
This patch fixes that by caching the policy from the request and responding
with it. Note that this is not a problem in Asterisk 10 and later, as the
ability to configure the policy was added in that version.
Fix a regression where direct media was not permitted for calls using SIP INFO DTMF.
A change was committed to fix direct media ACL support. This change wrongly assumed that
only a single channel technology structure exists for chan_sip. This is in fact false as
a second exists for calls using SIP INFO DTMF. The code which performs direct media ACL
checking now checks for both the non-INFO DTMF and INFO DTMF channel technology structures.
Properly handle UAC/UAS roles for SIP session timers
The SIP session timer mechanism contains a mandatory 'refresher' parameter
(included in the Session-Expires header) which is used in the session timer
offer/answer signaling within a SIP Invite dialog. It looks like asterisk is
interpreting the uac resp. uas role only as the initial role of client and
server (caller is uac, callee is uas). The standard rfc 4028 however assigns
the client role to the ((RE)-Invite) requester, the server role to the
((RE)-Invite) responder.
This patch has Asterisk track the actual refresher as "us" or "them" as opposed
to relying on just the configured "uas" or "uac" properties.
(closes issue AST-922)
Reported by: Thomas Airmont
Fix a regression from direct media ACLs where the directrtpsetup option no longer works.
A check was added for direct media ACLs that immediately forbid remote bridging if there
was no bridged channel. This caused directrtpsetup to no longer function as it needs this
information before bridging actually occurs.
Logic has now been adjusted so if there is no bridged channel a remote bridge will still
be attempted.
When formatting documentation fields, the XML documentation parser calls
xmldoc_get_formatted. This function allocates a string buffer at the
beginning of its routine. Unfortunately, on certain code paths, it also
calls xmldoc_string_cleanup, which assumes that it will create the string
buffer. The previously allocated string buffer is then leaked by the
xmldoc_string_cleanup routine.
The v1.8 -r369258 change to fix the F and F(x) action logic introduced a
regression in passing the hangup cause from the called channel to the
caller channel.
Matthew Jordan [Fri, 2 Nov 2012 15:24:06 +0000 (15:24 +0000)]
chan_sip: Trigger reinvite if the SDP answer is included in the SIP ACK
Under certain conditions, a SIP transaction involving directmedia wouldn't
trigger a re-invite because the SDP answer was included in an ACK instead
of in a message that we would have triggered the invite with. This patch
just queues a source change control frame if the dialog is using
directmedia when we find sdp for an ACK.
(closes issue AST-913)
Reported by: Thomas Arimont
........
Merged revisions 371337 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Resolve severe memory leak in CEL logging modules.
A customer reported a significant memory leak using Asterisk 1.8. They
have tracked it down to ast_cel_fabricate_channel_from_event() in
main/cel.c, which is called by both in-tree CEL logging modules
(cel_custom.c and cel_sqlite3_custom.c) for each and every CEL event
that they log.
The cause was an incorrect assumption about how data attached to an
ast_channel would be handled when the channel is destroyed; the data
is now stored in a datastore attached to the channel, which is
destroyed along with the channel at the proper time.
Fix compilation error when MALLOC_DEBUG is enabled
To fix a memory leak in CEL, a channel datastore was introduced whose
destruction function pointer was pointed to the ast_free macro. Without
MALLOC_DEBUG enabled this compiles as fine, as ast_free is defined as free.
With MALLOC_DEBUG enabled, however, ast_free takes on a definition from a
different place then utils.h, and became undefined. This patch resolves this
by using a reference to ast_free_ptr. When MALLOC_DEBUG is enabled, this
calls ast_free; when MALLOC_DEBUG is not enabled, this is defined to be
ast_free, which is defined to be free.
Revision 370205 added the use of a datastore attached to a dummy channel to
resolve a memory leak, but ast_dummy_channel_destructor() in this branch did
not free datastores, resulting in a continued (but slightly smaller) memory
leak. This patch backports the change to free said datastores from the Asterisk
trunk.
(related to issue AST-916)
........
Merged revisions 370205,370273,370360 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Fri, 2 Nov 2012 14:50:39 +0000 (14:50 +0000)]
Help mitigate potential reinvite glare scenarios.
When Asterisk servers are set up back-to-back, and
direct media is to be used betweeen endpoints, it is
fairly common for the two Asterisk servers to send
direct media reinvites to each other simultaneously.
This results in 491s and ACKs being exchanged between
the servers. While the media eventually gets set up
properly, the problem is that there can be a noticeable
delay for the streams to stabilize.
This patch adds a new directmedia option called "outgoing".
With this set, an immediate direct media reinvite will only
be sent if the call direction is outgoing. For incoming
dialogs, an immediate direct media reinvite will not be sent,
but further "reactionary" direct media reinvites may be sent.
For those who are having some deja vu, that's because this
patch was originally committed to trunk since there is a
new configuration option added. After seeing a bug report
about audio being slow to set up on SIP calls, it became
apparent that this patch would be the best solution for
resolving the issue. The patch is unintrusive and will
have no effect unless the option is explicitly enabled.
(closes issue AST-896)
reported by Thomas Arimont
(closes issue ASTERISK-19857)
reported by Matt Jordan
........
Merged revisions 370618 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Fri, 2 Nov 2012 14:33:35 +0000 (14:33 +0000)]
Resolve memory leaks in TLS initialization and TLS client connections
This patch resolves two sources of memory leaks when using TLS in Asterisk:
1) It removes improper initialization (and multiple re-initializations) of
portions of the SSL library. Asterisk calls SSL_library_init and
SSL_load_error_strings during SSL initialization; collectively this
obviates the need for calling any of the following during initialization
or client connection handling:
* ERR_load_crypto_strings (handled by SSL_load_error_strings)
* OpenSSL_add_all_algorithms (synonym for SSL_library_init)
* SSLeay_add_ssl_algorithms (synonym for SSL_library_init)
2) Failure to completely clean up all memory allocated by Asterisk and by
the SSL library for TLS clients. This included not freeing the SSL_CTX
object in the SIP channel driver, as well as not clearing the error
stack when the TLS client exited.
Note that these memory leaks were found by Thomas Arimont, and this patch
was essentially written by him with some minor tweaks.
(closes issue AST-889)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
patches:
(bugAST-889.patch) by Thomas Arimont (license 5525)
Matthew Jordan [Thu, 11 Oct 2012 15:46:58 +0000 (15:46 +0000)]
Fix incorrect billing duration reported when batch mode is enabled
Similar to r369351, the billing duration can be skewed when batch mode is
enabled. This happened much more rarely than the duration, as it only
occured when the call was answered (thereby indicating an actual answer
time) and immediately hung up on (indicating a billsec of 0). Since
a billing time of '0' can either mean that the call immediately ended
or that the CDR was improperly answered, we have to use additional information
to know whether or not we can trust the CDR billsec value. Prior to this
patch, we looked to see if we had a valid answer time. If we did, and
billsec was zero, we used the current time to calculate what billsec value
we could from the CDR being written. If batch mode is enabled, this will
incorrectly report a billsec value being much greater than the actual
duration of the call.
Instead of relying on the presence of an answer time to know whether or not
we can re-calculate the billsec for the CDR, we now also use the presence
of the CDR's end time to know if we need to re-calculate or whether we can
trust the billsec value that we have. This prevents erroneous jumps in the
billsec value, while still making sure that in the worst case, some billing
time will be calculated.
(closes issue AST-1016)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
........
Merged revisions 374843 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Richard Mudgett [Wed, 10 Oct 2012 21:16:14 +0000 (21:16 +0000)]
app_queue: Made pass connected line updates from the caller to ringing queue members.
Party A calls Party B
Party B puts Party A on hold.
Party B calls a queue.
Ringing queue member D sees Party B identification.
Party B transfers Party A to the queue.
Queue member D does not get a connected line update for Party A.
Queue member D answers the call and still sees Party B information.
However, if Party A later transfers the call to Party C then queue member
D gets a connected line update for Party C.
* Made pass connected line updates from the caller to queue members while
the queue members are ringing.
(closes issue AST-1017)
Reported by: Thomas Arimont
(closes issue ABE-2886)
Reported by: Thomas Arimont
Tested by: rmudgett
........
Merged revisions 374801 from https://origsvn.digium.com/svn/asterisk/be/branches/C.3-bier
........
Merged revisions 374802 from http://svn.asterisk.org/svn/asterisk/branches/1.8
David M. Lee [Fri, 5 Oct 2012 20:12:49 +0000 (20:12 +0000)]
Improve AMI long line error handling
In AMI's parser, when it receives a long line (> 1024 characters), it discards
that line, but continues to process the message normally.
Typically, this is not a problem because a) who has lines that long and b)
usually a discarded line results in an invalid message. But if that line is
specifying an optional field, then the message will be processed, you get a
'Response: Success', but things don't work the way you expected them to.
This patch changes the behavior when a line-too-long parse error occurs.
* Changes the log message to avoid way-too-long (and truncated anyways) log
messages
* Adds a 'parsing' status flag to Response: Success
* Sets parsing = MESSAGE_LINE_TOO_LONG if, well, a line is too long
* Responds with an appropriate error if parsing != MESSAGE_OKAY
(closes issue AST-961)
Reported by: John Bigelow
Review: https://reviewboard.asterisk.org/r/2142/
In handle_frm_te() after calling misdn_lib_send_event(bc,
EVENT_RELEASE_COMPLETE) bc is emptied, cleaned and set not in use,
although misdn_lib_send_event() already did the same. This is bad. When
it's not in use we are not allowed to touch it.
* Moved log message in front of the resulting actions and fixed it to
match the case.
Patches:
patch5_bccleanup.diff (license #6372) patch uploaded by Guenther Kelleter
chan_misdn: We must initialize cause on sending a DISCONNECT.
We must initialize cause on sending a DISCONNECT, so it is later correctly
indicated to ast_channel in case the answer (RELEASE/RELEASE_COMPLETE)
does not include one.
Patches:
patch7_hangupcause.diff (license #6372) patch uploaded by Guenther Kelleter
chan_misdn: setup_bc() is called too early for an incoming SETUP on TE.
This prevents the B channel from being setup for HDLC mode when requested
by the bearer capability and config option hdlc=yes. It violates
ETS300102 Ch.5.2.3.2: "The user, in any case, must not connect to the
channel until a CONNECT ACKNOWLEDGE message has been received."
* Call setup_bc() on receipt of CONNECT_ACKNOWLEGDE for PTMP, and on first
response to SETUP for PTP.
Patches:
abe-2881-2.diff (license #6372) patch uploaded by Guenther Kelleter
Modified.
David M. Lee [Thu, 4 Oct 2012 15:11:06 +0000 (15:11 +0000)]
Fix DBDelTree error codes for AMI, CLI and AGI
The AMI DBDelTree command will return Success/Key tree deleted successfully even
if the given key does not exist. The CLI command 'database deltree' had a
similar problem, but was saved because it actually responded with '0 database
entries removed'. AGI had a slightly different error, where it would return
success if the database was unavailable.
This came from confusion about the ast_db_deltree retval, which is -1 in the
event of a database error, or number of entries deleted (including 0 for
deleting nothing).
* Adds a Doxygen comment to process_db_keys explaining its retval
* Changed some poorly named res variables to num_deleted
* Specified specific errors when calling ast_db_deltree (database unavailable
vs. entry not found vs. success)
* Fixed similar bug in AGI database deltree, where 'Database unavailable'
results in successful result
(closes issue AST-967)
Reported by: John Bigelow
Review: https://reviewboard.asterisk.org/r/2138/
Fix incorrect MeetME conference bridge reference count decrementing and sometimes premature destruction.
When using the 'e' or 'E' option to MeetMe the configured conference bridges are loaded and examined to see
if any are empty. If no conference bridges are empty the caller is prompted to enter the number of one.
This operation left around a pointer to the last created conference bridge still containing participants.
When the caller that was not able to find any empty conference bridge hung up this pointer was disposed of
and the reference count of the conference bridge decremented. If there was only a single participant in the
conference bridge it was ultimately destroyed prematurely.
Mark Michelson [Tue, 11 Sep 2012 21:02:33 +0000 (21:02 +0000)]
Fix inability to shutdown gracefully due to an unending channel reference.
message.c makes use of a special message queue channel that exists
in thread storage. This channel never goes away due to the fact that
the taskprocessor used by message.c does not get shut down, meaning
that it never ends the thread that stores the channel.
This patch fixes the problem by shutting down the taskprocessor when
Asterisk is shut down. In addition, the thread storage has a destructor
that will release the channel reference when the taskprocessor is destroyed.
(closes issue AST-937)
Reported by Jason Parker
Patches:
AST-937.patch uploaded by Mark Michelson (License #5049)
Tested by Jason Parker
Matthew Jordan [Thu, 30 Aug 2012 18:48:52 +0000 (18:48 +0000)]
AST-2012-012: Resolve AMI User Unauthorized Shell Access through ExternalIVR
The AMI Originate action can allow a remote user to specify information that can
be used to execute shell commands on the system hosting Asterisk. This can
result in an unwanted escalation of permissions, as the Originate action, which
requires the "originate" class authorization, can be used to perform actions
that would typically require the "system" class authorization. Previous attempts
to prevent this permission escalation (AST-2011-006, AST-2012-004) have sought
to do so by inspecting the names of applications and functions passed in with
the Originate action and, if those applications/functions matched a predefined
set of values, rejecting the command if the user lacked the "system" class
authorization. As reported by IBM X-Force Research, the "ExternalIVR"
application is not listed in the predefined set of values. The solution for
this particular vulnerability is to include the "ExternalIVR" application in the
set of defined applications/functions that require "system" class authorization.
Unfortunately, the approach of inspecting fields in the Originate action against
known applications/functions has a significant flaw. The predefined set of
values can be bypassed by creative use of the Originate action or by certain
dialplan configurations, which is beyond the ability of Asterisk to analyze at
run-time. Attempting to work around these scenarios would result in severely
restricting the applications or functions and prevent their usage for legitimate
means. As such, any additional security vulnerabilities, where an
application/function that would normally require the "system" class
authorization can be executed by users with the "originate" class authorization,
will not be addressed. Instead, the README-SERIOUSLY.bestpractices.txt file has
been updated to reflect that the AMI Originate action can result in commands
requiring the "system" class authorization to be executed. Proper system
configuration can limit the impact of such scenarios.
(closes issue ASTERISK-20132)
Reported by: Zubair Ashraf of IBM X-Force Research
AST-2012-013: Resolve ACL rules being ignored during calls by some IAX2 peers
When an IAX2 call is made using the credentials of a peer defined in a dynamic
Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are
not applied to the call attempt. This allows for a remote attacker who is aware
of a peer's credentials to bypass the ACL rules set for that peer.
This patch ensures that the ACLs are applied for all peers, regardless of their
storage mechanism.
(closes issue ASTERISK-20186)
Reported by: Alan Frisch
Tested by: mjordan, Alan Frisch
Mark Michelson [Mon, 27 Aug 2012 21:48:38 +0000 (21:48 +0000)]
Fix misleading documentation in agents.conf.sample regarding ackcall usage.
The documentation made it sound as if the DTMF acknowledgment was needed
at the time the agent logs in, rather than when the agent is called. This
is likely a relic from the days when there were multiple ways of logging
in agents.
(closes issue AST-962)
reported by Steve Pitts
........
Merged revisions 371787 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Mark Michelson [Mon, 27 Aug 2012 21:35:13 +0000 (21:35 +0000)]
Fix incorrect documentation of the MailboxStatus manager command.
The "Waiting" field was misdocumented as reporting the number of
messages waiting. In reality, it simply indicated the presence or
absence of waiting messages.
........
Merged revisions 371782 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Kinsey Moore [Fri, 17 Aug 2012 16:02:50 +0000 (16:02 +0000)]
Add instrumentation to subsystem reloads
When Asterisk is built with TEST_FRAMEWORK defined, Asterisk will now
generate TestEvent AMI events on subsystem reloads such as cdr, dnsmgr,
extconfig, etc.
(issue PQ-1126)
........
Merged revisions 371436 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Kinsey Moore [Mon, 13 Aug 2012 20:42:55 +0000 (20:42 +0000)]
Add test instrumentation
This adds test instrumentation for loading and unloading of modules
and for certain actions in MeetMe to be used in the testsuite or any
other consumer of AMI events. These will only be generated when
Asterisk is built with TEST_FRAMEWORK enabled.
(issue PQ-1131)
(issue PQ-1133)
........
Merged revisions 371201 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Mark Michelson [Fri, 10 Aug 2012 21:42:36 +0000 (21:42 +0000)]
Fix a couple of documentation problems in app_queue.c
* The RemoveQueueMember app made mention of options that could
be passed in, but no options are supported. I have removed the
listing of options from the documentation.
* The RQMSTATUS variable did not list "NOTDYNAMIC" as a possible
value that could be set.
(closes issue AST-949)
reported by Steve Pitts
(closes issue AST-954)
reported by Steve Pitts
........
Merged revisions 371141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Mark Michelson [Tue, 7 Aug 2012 15:49:48 +0000 (15:49 +0000)]
Fix error in the "IPorHost" section of a SIP dialstring.
This is based on the review request posted by Walter Doekes
(referenced lower in the commit message)
The main fix here is to treat the IPorHost portion of the dial
string as a temporary outbound proxy. This ensures requests
get sent to the proper location.
Due to the age of the request, some parts were no longer relevant.
For instance, the request moved outbound proxy parsing code into
a single method. This is done in a previous commit, so it was not
necessary to do again.
Also, the review request fixed some errors with regards to request
routing for CANCEL and ACK requests. This has also been fixed in
more recent commits.
(closes issue ASTERISK-19677)
reported by Walter Doekes
Jonathan Rose [Mon, 9 Jul 2012 14:38:18 +0000 (14:38 +0000)]
chan_sip: Fix small behavioral change accidentally introduced in r369750
When removing the warning for AST_CONTROL_FLASH from sip_indicate, I also
inadvertently changed the return value, which would likely make the indication
not be sent in audio. This fixes that while still removing the warning message.
Jonathan Rose [Fri, 6 Jul 2012 20:54:04 +0000 (20:54 +0000)]
chan_sip: Add case for FLASH control frames so that we don't display a warning.
chan_sip channels can receive flash control frames when connected to analog
phones and possibly for other reasons. There really isn't a reason to warn when
these frames are received, we can safely ignore them.
Patches:
dahdi_sip_flash.diff uploaded by Jonathan Rose (license 6182)
Mark Michelson [Fri, 6 Jul 2012 18:40:06 +0000 (18:40 +0000)]
Remove a superfluous and dangerous freeing of an SSL_CTX.
The problem here is that multiple server sessions share
a SSL_CTX. When one session ended, the SSL_CTX would be
freed and set NULL, leaving the other sessions unable to
function.
The code being removed is superfluous because the SSL_CTX
structures for servers will be properly freed when ast_ssl_teardown
is called.
(closes issue ASTERISK-20074)
Reported by Trevor Helmsley
Patches:
ASTERISK-20074.diff uploaded by Mark Michelson (license #5049)
Testers:
Trevor Helmsley
Mark Michelson [Fri, 6 Jul 2012 15:20:11 +0000 (15:20 +0000)]
Fix bridging thread leak.
The bridge thread was exiting but was never being
reaped using pthread_join(). This has been fixed now
by calling pthread_join() in ast_bridge_destroy().
(closes issue ASTERISK-19834)
Reported by Marcus Hunger
Kinsey Moore [Thu, 5 Jul 2012 19:01:52 +0000 (19:01 +0000)]
AST-2012-011: Resolve heap corruption issue with voicemail
The heard and deleted arrays in the voicemail state structure were not
handled properly following the memory leak fix in r354890 and a fix for
an invalid free in r356797. This could result in accessing and writing
into freed memory. The allocation for these arrays has been reworked
to avoid the possibility of invalid frees, access of freed memory, and
crashes that were occurring as a result of this.
Locking around accesses and modifications of the voicemail state
structure members dh_arraysize, heard, and deleted has been added to
prevent simultaneous modification and access when IMAP storage is in
use. If IMAP storage is not in use, this locking is not compiled in.
Review: https://reviewboard.asterisk.org/r/1994/
(closes issue ASTERISK-19923)
Reported by: Dan Delaney
Tested by: Dan Delaney, Julian Yap
Patches:
vm_alloc_fix.diff uploaded by kmoore (license 6273)
Matthew Jordan [Thu, 5 Jul 2012 17:01:52 +0000 (17:01 +0000)]
Do not send a BYE when a provisional response arrives during a re-INVITE
Commits r369557 and r369579 were done to improve handling of re-INVITEs
when the UA that was supposed to receive the re-INVITE fails to respond.
A limitation of those patches occurred when a UA sent a provisional
response to the re-INVITE. This triggered a sending of a BYE in
check_pending. This patch tweaks the handling of the re-INVITE such that
a BYE is not sent in response to those messages.
(issue ASTERISK-19992)
Reported by: Steve Davies
Tested by: Steve Davies
patches:
(reinvite_tweak.diff license #5012 by Steve Davies)
Terry Wilson [Tue, 3 Jul 2012 16:58:16 +0000 (16:58 +0000)]
More improvements to re-INVITEs timing out after a provisional response
There is no need to call check_pendings() on a final response to an INVITE
when destroying the scheduler entry as it will be done later during normal
processing.
Terry Wilson [Tue, 3 Jul 2012 14:27:02 +0000 (14:27 +0000)]
Better handle re-INVITEs with provisional but no final repsonses
A previous attempt at fixing this issue had negative side effects related
to attended transfers which this patch should resolve. Many thanks to
Steve Davies for all of the good suggestions and testing.
(closes issue ASTERISK-19992)
Reported by: Steve Davies
Tested by: Steve Davies, Terry Wilson
Review: https://reviewboard.asterisk.org/r/2009/
Terry Wilson [Wed, 27 Jun 2012 20:58:51 +0000 (20:58 +0000)]
AST-2012-010: Clean up after a reinvite that never gets a final response
The basic problem is that if a re-INVITE is sent by Asterisk and it receives a
provisional response, but no final response, then the dialog is never torn
down. In addition to leaking memory, this also leaks file descriptors and will
eventually lead to Asterisk no longer being able to process calls.
This patch just keeps track of whether there is an outstanding re-INVITE, and if
there is goes ahead and cleans up everything as though there was no outstanding
reinvite.
Review: https://reviewboard.asterisk.org/r/2009/
(closes issue ASTERISK-19992)
Reported by: Steve Davies
Tested by: Steve Davies, Terry Wilson
Matthew Jordan [Tue, 26 Jun 2012 13:21:13 +0000 (13:21 +0000)]
Fix crash in unloading of res_adsi module
When res_adsi is unloaded, it removes the ADSI functions that it previously installed
by passing a NULL adsi_funcs pointer to ast_adsi_install_funcs. This function was not
checking whether or not the adsi_funcs pointer passed in was NULL before dereferencing
it to check whether or not the version of the functions matches what the core was
expecting it.
This patch makes it so that the version is only checked if a potentially valid adsi_funcs
pointer was passed in. Passing in NULL removes the installed functions, bypassing the
version check.
Matthew Jordan [Mon, 25 Jun 2012 19:24:55 +0000 (19:24 +0000)]
Tweak CDR change in r369351
As Tilghman pointed out on review 1996, the check to see if a CDR end time has
been set is sufficient to know whether or not the duration value can be used.
The check-in done for r369351 forgot to include this change.
Mark Michelson [Mon, 25 Jun 2012 19:13:31 +0000 (19:13 +0000)]
Re-fix how local tag is generated when sending a 481 to an INVITE.
Match our local tag to whatever to-tag was sent in the initial INVITE.
Because the size of the to-tag may not fit in the buffer in the sip_pvt,
it has been changed to a string field.
(closes issue ASTERISK-19892)
reported by Walter Doekes
Matthew Jordan [Mon, 25 Jun 2012 19:12:35 +0000 (19:12 +0000)]
Fix incorrect duration reporting in CDRs created in batch mode
Certain places in core/cdr.c would, if the duration value were 0, calculate the
duration as being the delta between the current time and the time at which the
CDR record was started. While this does not typically cause a problem in
non-batch mode, this can cause an issue in batch mode where CDR records are
gathered and written long after those calls have ended. In particular, this
affects calls that were never answered, as those are expected to have a duration
of 0. Often, this would result in CDR logs with a significant number of calls
with lengthy durations, but dispositions of "BUSY".
Note that this does not affect cdr_csv, as that backend does not use
ast_cdr_getvar and instead directly reports the duration value. The affected
core backends include cdr_apative_odbc and cdr_custom; other extended or
deprecated CDR backends may potentially still directly manipulate the duration
values.
(issue ASTERISK-19860)
Reported by: Thomas Arimont
(issue AST-883)
Reported by: Thomas Arimont
Tested by: Matt Jordan
Richard Mudgett [Mon, 25 Jun 2012 15:57:28 +0000 (15:57 +0000)]
Fix Bridge application occasionally returning to the wrong location.
* Fix do_bridge_masquerade() getting the resume location from the zombie
channel. The code must not touch a clone channel after it has masqueraded
it. The clone channel has become a zombie and is starting to hangup.
Mark Michelson [Mon, 25 Jun 2012 14:18:09 +0000 (14:18 +0000)]
Be more consistent with the return code for requests received from invalid domain.
When Asterisk receives an INVITE from an external domain when allowexternaldomains=no
send a 403 instead of a 404. This is consistent with Asterisk's behavior when receiving
a REGISTER in this situation.
(Closes issue ASTERISK-19601)
Reported by Matthew Jordan
Patches:
ASTERISK-19601-no401.patch uploaded by Mark Michelson (License #5049)
Terry Wilson [Fri, 22 Jun 2012 19:28:04 +0000 (19:28 +0000)]
Don't crash on a guest directmedia call
A sip_pvt may not have relatedpeer set if a call doesn't match up
with a peer. If there is no relatedpeer, there is no direct media
ACL to apply, so just return that it is allowed.
(closes issue ASTERISK-20040)
Reported by: Terry Wilson
Kinsey Moore [Fri, 22 Jun 2012 17:14:10 +0000 (17:14 +0000)]
Don't parse media stream state for SIP video streams
The sendonly/recvonly/sendrecv/inactive media stream attributes were
parsed for video, but nothing was ever done with them. With this code
removed, an UNSUPPORTED message is produced when these attributes are
used in conjunction with a video stream which is the better behavior
since they were never really supported in the first place.
Michael L. Young [Wed, 20 Jun 2012 02:03:22 +0000 (02:03 +0000)]
Fix NULL pointer segfault in ast_sockaddr_parse()
While working with ast_parse_arg() to perform a validity check, a segfault
occurred. The segfault occurred due to passing a NULL pointer to
ast_sockaddr_parse() from ast_parse_arg(). According to the documentation in
config.h, "result pointer to the result. NULL is valid here, and can be used to
perform only the validity checks."
This patch fixes the segfault by checking for a NULL pointer. This patch also
adds documentation to netsock2.h about why it is necessary to check for a NULL
pointer.
(Closes issue ASTERISK-20006)
Reported by: Michael L. Young
Tested by: Michael L. Young
Patches:
asterisk-20006-netsock-null-ptr.diff uploaded by Michael L. Young (license 5026)
Mark Michelson [Tue, 19 Jun 2012 15:30:58 +0000 (15:30 +0000)]
Fix request routing issue when outboundproxy is used.
Asterisk was incorrectly setting the destination of CANCELs
and ACKs for error responses to the URI of the initial INVITE.
This resulted in further requests, such as INVITEs with authentication
credentials, to be routed incorrectly. Instead, when these CANCEL
or ACKs are to be sent, we should simply keep the destination the
same as what it previously was. There is no need to alter it any.
(closes issue ASTERISK-20008)
Reported by Marcus Hunger
Patches:
ASTERISK-20008.patch uploaded by Mark Michelson (license #5049)
projects / thirdparty / asterisk.git / log
