Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.
Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.
bridge: avoid leaking channel during blond transfer pt2
A blond transfer to a failed destination, when followed
by a recall attempt, lead to a leak of the reference to
the destination channel. In addition to correcting the
regression on the previous attempt (r429826) this fixes
the leak and two additional reference leaks on failures
of bridge_import.
bridge: avoid leaking channel during blond transfer
After a blond transfer (start attended and hang up)
to a destination that also hangs up without answer,
the Local;1 channel was leaked and would show up on
core show channels. This was happening because the
attended state blond_nonfinal_enter() resetting the
props->transfer_target to null while releasing it's
own reference, which would later prevent props from
releasing another reference during destruction. The
change made here is simply to not assign the target
to NULL.
ASTERISK-24513 #close
Reported by: Mark Michelson
Review: https://reviewboard.asterisk.org/r/4262/
That works for low ascii characters, but for the high range that yields
e.g. FFFFFFC3 when C3 is expected.
This changeset:
- fixes those casts to use the 'hh' unsigned char modifier instead
- consistently uses %02x instead of %2.2x (or other non-standard usage)
- adds a few 'h' modifiers in various places
- fixes a 'replcaes' typo
- dev/urandon typo (in 13+ patch)
Review: https://reviewboard.asterisk.org/r/4263/
ASTERISK-24619 #close
Reported by: Stefan27 (on IRC)
........
Merged revisions 429673 from http://svn.asterisk.org/svn/asterisk/branches/11
Kinsey Moore [Fri, 12 Dec 2014 14:11:38 +0000 (14:11 +0000)]
PJSIP: Allow use of 'inactive' streams for hold
This allows use of the 'inactive' stream direction identifier to be
used for hold where 'sendonly' is normally used. Some Seimens phones
use 'inactive' and this change allows music on hold to operate
properly.
Review: https://reviewboard.asterisk.org/r/4252/
Reported by: Steve Pitts
Kinsey Moore [Fri, 12 Dec 2014 14:02:30 +0000 (14:02 +0000)]
Sorcery: Log when old config remains in use
This adds a log message notifying the user that a stale configuration
is in place upon reload when a config object fails to load. This
situation can end up causing confusion when the object failed to load
but exists from a previous config load especially when the old config
is significantly different from the new config.
Review: https://reviewboard.asterisk.org/r/4250/
Reported by: Thomas Thompson
Kevin Harwell [Wed, 10 Dec 2014 15:41:03 +0000 (15:41 +0000)]
ARI/AMI: Include language in standard channel snapshot output
Adding information about including "language" in the standard channel snapshot
output to the CHANGES file. Note the actual source changes have already been
previously committed.
Joshua Colp [Wed, 10 Dec 2014 13:32:48 +0000 (13:32 +0000)]
res_http_websocket: Fix crash due to double freeing memory when receiving a payload length of zero.
Frames with a payload length of 0 were incorrectly handled in res_http_websocket.
Provided a frame with a payload had been received prior it was possible for a double
free to occur. The realloc operation would succeed (thus freeing the payload) but be
treated as an error. When the session was then torn down the payload would be
freed again causing a crash. The read function now takes this into account.
This change also fixes assumptions made by users of res_http_websocket. There is no
guarantee that a frame received from it will be NULL terminated.
Kevin Harwell [Tue, 9 Dec 2014 20:19:03 +0000 (20:19 +0000)]
ARI/AMI: Include language in standard channel snapshot output
The channel "language" was already part of a channel snapshot, however is was
not sent out over AMI or ARI. This patch makes it so the channel "language" is
included in the appropriate AMI or ARI events.
ASTERISK-24553 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/4245/
Kevin Harwell [Tue, 9 Dec 2014 20:01:38 +0000 (20:01 +0000)]
Direct Media calls within private network sometimes get one way audio
When endpoints with direct_media enabled, behind a firewall (Asterisk on a
separate network) and were bridged sometimes Asterisk would send the ip
address of the firewall in the sdp to one of the phones in the reinvite
resulting in one way audio. When sending the reinvite Asterisk will retrieve
the media address from the associated rtp instance, but if frames were being
read this can be overwritten with another address (in this case the
firewall's). This patch ensures that Asterisk uses the original device
address when using direct media.
ASTERISK-24563
Reported by: Steve Pitts
Review: https://reviewboard.asterisk.org/r/4216/
Kinsey Moore [Mon, 8 Dec 2014 15:41:39 +0000 (15:41 +0000)]
Stasis: Fix StasisStart/End order and missing events
This corrects several bugs that currently exist in the stasis
application code.
* After a masquerade, the resulting channels have channel topics that
do not match their uniqueids
** Masquerades now swap channel topics appropriately
* StasisStart and StasisEnd messages are leaked to observer
applications due to being published on channel topics
** StasisStart and StasisEnd publishing is now properly restricted
to controlling apps via app topics
* Race conditions exist where StasisStart and StasisEnd messages due to
a masquerade may be received out of order due to being published on
different topics
** These messages are now published directly on the app topic so this
is now a non-issue
* StasisEnds are sometimes missing when sent due to masquerades and
bridge swaps into and out of Stasis()
** This was due to StasisEnd processing adjusting message-sent flags
after Stasis() had already exited and Stasis() had been re-entered
** This was corrected by adjusting these flags prior to sending the
message while the initial Stasis() application was still shutting
down
Review: https://reviewboard.asterisk.org/r/4213/
ASTERISK-24537 #close
Reported by: Matt DiMeo
Matthew Jordan [Sat, 6 Dec 2014 18:15:50 +0000 (18:15 +0000)]
res/res_monitor: Reset in/out sample counts on Monitor start
When repeatedly starting/stopping a Monitor on a channel, the accumulated
in/out sample counts are never reset to 0. This can cause inadvertent jumps
in the recordings, as the code in the channel core will determine incorrectly
that a jump in the recorded file position should occur. Setting the sample
counts to 0 simply reflects the initial state a Monitor should be in when it
is started, as this is the initial count that would be on the channels at that
time.
Matthew Jordan [Sat, 6 Dec 2014 17:21:01 +0000 (17:21 +0000)]
apps/app_meetme: Apply default values on initial load with no config file
When the app_meetme module is loaded without its configuration file, the
module settings aren't initialized. In particular, this impacts the use
of logging realtime members. This patch guarantees that we always set the
default module settings on initial load.
Matthew Jordan [Thu, 4 Dec 2014 17:12:55 +0000 (17:12 +0000)]
main/test: Fix compilation issue on 32-bit systems
On a 32-bit system, a type of intmax_t will result in a compilation warning
when formatted as a 'long int'. Use the format specifier of %jd (which was
what was used originally in manager.c) to format the JSON extracted integer
on both 32-/64-bit systems.
Matthew Jordan [Thu, 4 Dec 2014 15:47:44 +0000 (15:47 +0000)]
main/test: Fix race condition between AMI topic and Test Suite topic
This patch fixes a race condition between the raising of test AMI events (which
drive many tests in the Asterisk Test Suite) and other AMI events. Prior to
this patch, the Stasis messages published to the test topic were not forwarded
to the AMI topic. Instead, the code in manager had a dedicated handler for test
messages that was independent of the topics forwarded to the AMI topic. This
results in no synchronization between the test messages and the rest of the
Stasis messages published out over AMI. In some test with very tight timing
constraints, this can result in out of order messages and spurious test
failures. Properly forwarding the Test Suite topic to the AMI topic ensures
that the messages are synchronized properly.
This patch does that, and moves the message handling to the Stasis definition
of the Test Suite message in test.c as well.
Matthew Jordan [Wed, 3 Dec 2014 20:58:26 +0000 (20:58 +0000)]
tests/test_cel: Add test_cel_attended_transfer_bridges_link to racey tests
Despite failing less often, the ordering of the ATTENDEDTRANSFER event and the
BRIDGE_EXIT event for the Alice and David channels is not defined. This makes
the test still fail.
Matthew Jordan [Wed, 3 Dec 2014 19:49:04 +0000 (19:49 +0000)]
tests/test_cel: Fix CEL unit test failures caused by attended transfer changes
When the publication of attended transfer messages were pushed to another
thread, some subtle race conditions were introduced with the CEL unit tests.
This patch fixes one of them, and pushes the other to ASTERISK-22367, which
already exists to fix another bouncy CEL unit test.
In particular, this patch fixes the test_cel_attended_transfer_bridges_link
test, and defers the test_cel_attended_transfer_bridges_swap test to the
aforementioned JIRA issue.
Matthew Jordan [Wed, 3 Dec 2014 16:44:46 +0000 (16:44 +0000)]
apps/app_voicemail: Fix crash with IMAP when streams are opened simultaneously
The UW IMAP library is instrinsically not thread-safe, and relies upon higher
level applications to guarantee thread safety. For the most part, this is
provided by the vms object, which provides locking for individual streams.
Unfortunately, this is not sufficient for calls to mail_open which create the
IMAP stream. mail_open can, on some systems, call into a UW IMAP specific
function for determining the address of a system based on a hostname,
ip_nametoaddr.
In the ip6_unix implementation of this function, static variables are used
to hold parsing buffers. This can cause a crash if multiple threads attempt
to convert a hostname to an address at the same time. Locking on a single
mail stream is not sufficient to prevent simultaneous access to these static
variables.
In the IMAP library, this function can be called from the mail_open and
imap_status functions. As the imap_status function is not used by
app_voicemail, locking on access to mail_open is sufficient to prevent
any mangling of the buffers.
Review: https://reviewboard.asterisk.org/r/4188/
ASTERISK-24516 #close
Reported by: David Duncan Ross Palmer
Tested by: David Duncan Ross Palmer
patches:
ASTERISK-24516.diff uploaded by David Duncan Ross Palmer (License 6660)
........
Merged revisions 428863 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Tue, 2 Dec 2014 17:02:12 +0000 (17:02 +0000)]
pbx/pbx_loopback: Speed up switches by avoiding unneeded lookups
This patch makes a small rearrangement to only do dialplan lookups during
loopback switches if the pattern matches. Prior to this patch, the dialplan
lookups were always performed, even when the result would be discarded.
Dialplan lookups can be very costly if remote switches - like DUNDi - are
present. In those cases extension matching is sped up considerably, making
the issue of lost digits more manageable.
As collateral damage, 6 trailing spaces were killed.
Joshua Colp [Tue, 2 Dec 2014 12:20:08 +0000 (12:20 +0000)]
res_pjsip_refer: Fix issue where native bridge may not occur upon completion of a transfer.
There are two methods within res_pjsip_refer for keeping track of the state of a transfer.
The first is a framehook which looks at frames passing by to determine the state. The second
subscribes to know when the channel joins a bridge. In the case when the channel joins the
bridge the framehook is *NOT* removed and this prevents the native RTP bridging technology
from getting used.
This change gets the channel and if it still exists remove the framehook.
ast_variable_find() requires a config category to search whereas
ast_variable_find_in_list() just needs the root list element which is
useful if you don't have a category.
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/4217/
While troubleshooting other things I realized there were no pjsip cli
commands for identify. This patch adds them. It also also fixes a
reference leak when a 'show endpoint' displayed identifies and properly
sets the return code if load_module can't allocate a cli formatter structure.
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/4212/
Matthew Jordan [Mon, 1 Dec 2014 15:53:02 +0000 (15:53 +0000)]
main/stasis: Allow subscriptions to use a threadpool for message delivery
Prior to this patch, all Stasis subscriptions would receive a dedicated
thread for servicing published messages. In contrast, prior to r400178
(see review https://reviewboard.asterisk.org/r/2881/), the subscriptions
shared a thread pool. It was discovered during some initial work on Stasis
that, for a low subscription count with high message throughput, the
threadpool was not as performant as simply having a dedicated thread per
subscriber.
For situations where a subscriber receives a substantial number of messages
and is always present, the model of having a dedicated thread per subscriber
makes sense. While we still have plenty of subscriptions that would follow
this model, e.g., AMI, CDRs, CEL, etc., there are plenty that also fall into
the following two categories:
* Large number of subscriptions, specifically those tied to endpoints/peers.
* Low number of messages. Some subscriptions exist specifically to coordinate
a single message - the subscription is created, a message is published, the
delivery is synchronized, and the subscription is destroyed.
In both of the latter two cases, creating a dedicated thread is wasteful (and
in the case of a large number of peers/endpoints, harmful). In those cases,
having shared delivery threads is far more performant.
This patch adds the ability of a subscriber to Stasis to choose whether or not
their messages are dispatched on a dedicated thread or on a threadpool. The
threadpool is configurable through stasis.conf.
Joshua Colp [Mon, 1 Dec 2014 13:40:30 +0000 (13:40 +0000)]
app_record: Fix bug where using the 'k' option and hanging up would trim 1/4 of a second of the recording.
The Record dialplan function trims 1/4 of a second from the end of recordings in case
they are terminated because of DTMF. When hanging up, however, you don't want this to happen.
This change makes it so on hangup this does not occur.
ASTERISK-24530 #close
Reported by: Ben Smithurst
patches:
app_record_v2.diff submitted by Ben Smithurst (license 6529)
Richard Mudgett [Mon, 24 Nov 2014 20:26:37 +0000 (20:26 +0000)]
DTMF hooks: Leaving channels need to push any collected digits into the bridge.
Any partially collected DTMF digits for a DTMF hook need to be pushed into
the bridge when a channel leaves the bridging system as if there were a
timeout.
Richard Mudgett [Fri, 21 Nov 2014 18:59:41 +0000 (18:59 +0000)]
manager: Fix could not extend string messages.
When shutting down Asterisk that has an active AMI connection, you get
several "failed to extend from %d to %d" messages because use of the
EVENT_FLAG_SHUTDOWN attempts to add all AMI permission strings to the
event.
* Created MAX_AUTH_PERM_STRING to use when creating stack based struct
ast_str variables used with the authority_to_str() and
user_authority_to_str() functions instead of a variety of magic numbers
that could be too small.
* Added a special check for EVENT_FLAG_SHUTDOWN to authority_to_str() so
it will not attempt to add all permission level strings.
George Joseph [Fri, 21 Nov 2014 17:41:15 +0000 (17:41 +0000)]
sorcery: Make is_object_field_registered handle field names that are regexes.
As a result of https://reviewboard.asterisk.org/r/3305, res_sorcery_realtime
was tossing database fields that didn't have an exact match to a sorcery
registered field. This broke the ability to use regexes as field names which
manifested itself as a failure of res_pjsip_phoneprov_provider which uses
this capability. It also broke handling of fields that start with '@' in
realtime but I don't think anyone noticed.
This patch does the following...
* Modifies ast_sorcery_fields_register to pre-compile the name regex.
* Modifies ast_sorcery_is_object_field_registered to test the regex if it
exists instead of doing an exact strcmp.
* Modifies res_pjsip_phoneprov_provider with a few tweaks to get it to work
with realtime.
Tested-by: George Joseph
Review: https://reviewboard.asterisk.org/r/4185/
Mark Michelson [Thu, 20 Nov 2014 16:36:18 +0000 (16:36 +0000)]
Fix error with mixed address family ACLs.
Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.
ASTERISK-24469 #close
Reported by Matt Jordan
Patches:
ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)
AST-2014-012
........
Merged revisions 428402 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 428417 from http://svn.asterisk.org/svn/asterisk/branches/11
Kevin Harwell [Thu, 20 Nov 2014 15:48:36 +0000 (15:48 +0000)]
AST-2014-017 - app_confbridge: permission escalation/ class authorization.
Confbridge dialplan function permission escalation via AMI and inappropriate
class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan
function when executed from an external protocol (for instance AMI), could
result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord”
could also be used to execute arbitrary system commands without first checking
for system access.
Asterisk now inhibits the CONFBRIDGE function from being executed from an
external interface if the live_dangerously option is set to no. Also, the
“ConfbridgeStartRecord” AMI action is now only allowed to execute under a
user with system level access.
Jonathan Rose [Thu, 20 Nov 2014 15:46:39 +0000 (15:46 +0000)]
PJSIP ACLs: Fix ACLs not loading on startup and apply/acl issues on contact
The biggest problem this patch fixes is that ACLs weren't previously being
loaded when the res_pjsip_acl module was loaded. Yikes. In addition, the
ACL options contact_permit and contact_acl were effectively interpreted as
contact_deny and this patch fixes that as well.
AST-1418 #close
Reported by: Thomas Thompson
Review: https://reviewboard.asterisk.org/r/4120/
ASTERISK-24531 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/4171/
Joshua Colp [Thu, 20 Nov 2014 14:54:19 +0000 (14:54 +0000)]
AST-2014-016: Fix crash when receiving an in-dialog INVITE with Replaces in res_pjsip_refer.
The implementation of INVITE with Replaces in res_pjsip_refer did not expect them to
occur in-dialog. As a result it would incorrectly attempt to hang up a channel it
thought was under its control. In reality the channel would be under the control of
another thread. When the other thread accessed the channel it would be accessing freed
memory and could crash.
This change makes res_pjsip_refer not act on an in-dialog INVITE with Replaces.
Joshua Colp [Thu, 20 Nov 2014 14:48:32 +0000 (14:48 +0000)]
AST-2014-015: Fix race condition in chan_pjsip when sending responses after a CANCEL has been received.
Due to the serialized architecture of chan_pjsip there exists a race condition where a CANCEL may
be received and processed before responses (such as 180 Ringing, 183 Session Progress, and 200 OK)
are sent. Since the session is in an unexpected state PJSIP will assert when this is attempted.
This change makes it so that these responses are not sent on disconnected sessions.
Corey Farrell [Wed, 19 Nov 2014 19:30:13 +0000 (19:30 +0000)]
stringfields: Fix bug in ast_string_fields_copy.
ast_string_fields_copy relies on the fact that
__ast_string_field_release_active never previously
zeroed pool->used, so keeping the existing pointer
was "ok". Now that existing pools can be reset to
'empty', it is important to set each field to
__ast_string_field_empty after releasing the memory.
Richard Mudgett [Wed, 19 Nov 2014 16:56:30 +0000 (16:56 +0000)]
ast_str: Fix improper member access to struct ast_str members.
Accessing members of struct ast_str outside of the string manipulation API
routines is invalid since struct ast_str is supposed to be treated as
opaque.
Joshua Colp [Wed, 19 Nov 2014 11:50:12 +0000 (11:50 +0000)]
res_pjsip_refer: Ensure Refer-To is NULL terminated and parse it as a URI.
There is no guarantee that when we get a Refer-To that it will be NULL terminated.
As the URI parsing function requires it to be we now NULL terminate it.
Additionally parsing the Refer-To as a 'To' header is needless and it can
simply be done as a URI. This also fixes a problem where certain Refer-To headers
would not be parsed as a 'To' header causing the REFER to fail.
Corey Farrell [Mon, 17 Nov 2014 15:59:04 +0000 (15:59 +0000)]
chan_sip: Fix theoretical leak of p->refer.
If transmit_refer is called when p->refer is already allocated,
it leaks the previous allocation. Updated code to always free
previous allocation during a new allocation. Also instead of
checking if we have a previous allocation, always create a
clean record.
ASTERISK-15242 #close
Reported by: David Woolley
Review: https://reviewboard.asterisk.org/r/4160/
........
Merged revisions 428117 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Mon, 17 Nov 2014 15:27:03 +0000 (15:27 +0000)]
apps/app_confbridge: Ensure 'normal' users hear message when last marked leaves
When r428077 was made for ASTERISK-24522, it failed to take into account users
who are neither wait_marked nor end_marked. These users are *also* supposed to
hear the 'leader has left the conference' message. Granted, this behaviour is
a bit odd; however, that is how it used to work... and behaviour changes are
not good.
This patch ensures that if there are any 'normal' users present when the last
marked user leaves the conference, the message will still be played to them.
Note that this regression was caught by the Asterisk Test Suite's
confbridge_nominal test, which has a quirky combination of users.
........
Merged revisions 428113 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Mon, 17 Nov 2014 15:15:30 +0000 (15:15 +0000)]
tests/test_cel: Fix CEL unit tests
This is a backport of the test_cel portion of r427870, which was not applied to
the 12 branch. This fixes the compilation issues with the CEL unit tests
introduced by the API changes needed to fix publication of blind transfer
messages.
Matthew Jordan [Mon, 17 Nov 2014 03:06:31 +0000 (03:06 +0000)]
app_confbridge: Don't play leader leaving prompt if no one will hear it
Consider the following:
- A marked user in a conference
- One or more end_marked only users in the conference
When the marked users leaves, we will be in the conf_state_multi_marked state.
This currently will traverse the users, kicking out any who have the end_marked
flags. When they are kicked, a full ast_bridge_remove is immediately called on
the channels. At this time, we also unilaterally set the need_prompt flag.
When the need_prompt flag is set, we then playback a sound to the bridge
informing everyone that the leader has left; however, no one is left in the
bridge. This causes some odd behaviour for the end_marked users - they are
stuck waiting for the bridge to be unlocked. This results in them waiting for
5 or 6 seconds of dead air before hearing that they've been kicked.
Unfortunately, we do have to keep the bridge locked while we're playing back
the 'leader-has-left' prompt. If there are any wait_marked users in the
conference, this behaviour can't be easily changed - but we do make the case
of the end_marked users better with this patch.
Review: https://reviewboard.asterisk.org/r/4184/
ASTERISK-24522 #close
Reported by: Matt Jordan
........
Merged revisions 428077 from http://svn.asterisk.org/svn/asterisk/branches/11
Joshua Colp [Sat, 15 Nov 2014 18:59:47 +0000 (18:59 +0000)]
chan_motif / chan_pjsip: Fix incorrect "No such module" messages when reloading.
For chan_motif the direct return value of the underlying config options framework
was passed back. This can relay various states which the module loader would not
interpet as success. It has been changed so only on errors will it report back
an error.
For chan_pjsip the code implemented a dummy reload function which always
returned an error. This has been removed as all configuration is held within
res_pjsip instead.
Joshua Colp [Sat, 15 Nov 2014 18:27:56 +0000 (18:27 +0000)]
res_pjsip: Enforce requirements for session timer minimum expiration period and normal expiration period.
This change enforces the requirements in PJSIP for session timer configuration. The minimum
expiration period must be 90 seconds or higher and the normal expiration period can not
be lower than the minimum expiration period. If either of these were done the code would
assert at session setup time.
Matthew Jordan [Sat, 15 Nov 2014 16:56:20 +0000 (16:56 +0000)]
cel/cel_odbc: Provide microsecond precision in 'eventtime' column when possible
This patch adds microsecond precision when inserting a CEL record into a table
with an "eventtime" column of type timestamp, instead of second precision. The
documentation (configs/cel_odbc.conf.sample) was already saying that the
eventtime column included microseconds precision, but that was not the case.
Also, without this patch, if you had a table with an "eventtime" column of
type varchar, you had millisecond precision. With this patch, you also get
microsecond precision in this case.
stun: correct attribute string padding to match rfc
When sending the USERNAME attribute in an RTP STUN
response, the implementation in append_attr_string
passed the actual length, instead of padding it up
to a multiple of four bytes as required by the RFC
3489. This change adds separate variables for the
string and padded attributed lengths, and performs
padding correctly.
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/4139/
........
Merged revisions 427874 from http://svn.asterisk.org/svn/asterisk/branches/11
Mark Michelson [Fri, 14 Nov 2014 15:00:45 +0000 (15:00 +0000)]
Fix race condition that could result in ARI transfer messages not being sent.
From reviewboard:
"During blind transfer testing, it was noticed that tests were failing
occasionally because the ARI blind transfer event was not being sent.
After investigating, I detected a race condition in the blind transfer
code. When blind transferring a single channel, the actual transfer
operation (i.e. removing the transferee from the bridge and directing
them to the proper dialplan location) is queued onto the transferee
bridge channel. After queuing the transfer operation, the blind transfer
Stasis message is published. At the time of publication, snapshots of
the channels and bridge involved are created. The ARI subscriber to the
blind transfer Stasis message then attempts to determine if the bridge
or any of the involved channels are subscribed to by ARI applications.
If so, then the blind transfer message is sent to the applications. The
way that the ARI blind transfer message handler works is to first see
if the transferer channel is subscribed to. If not, then iterate over
all the channel IDs in the bridge snapshot and determine if any of
those are subscribed to. In the test we were running, the lone
transferee channel was subscribed to, so an ARI event should have been
sent to our application. Occasionally, though, the bridge snapshot did
not have any channels IDs on it at all. Why?
The problem is that since the blind transfer operation is handled by a
separate thread, it is possible that the transfer will have completed and
the channels removed from the bridge before we publish the blind transfer
Stasis message. Since the blind transfer has completed, the bridge on
which the transfer occurred no longer has any channels on it, so the
resulting bridge snapshot has no channels on it. Through investigation of
the code, I found that attended transfers can have this issue too for the
case where a transferee is transferred to an application."
The fix employed here is to decouple the creation of snapshots for the transfer
messages from the publication of the transfer messages. This way, snapshots
can be created to reflect what they are at the time of the transfer operation.
Joshua Colp [Fri, 14 Nov 2014 14:55:40 +0000 (14:55 +0000)]
app_confbridge: Play "leader has left" sound even when musiconhold is enabled.
Currently if the leader of a conference bridge leaves any participant
that has musiconhold enabled will not hear the "leader has left" sound.
This is because musiconhold is started and THEN the sound is played.
This change makes it so that the sound is played and THEN musiconhold
is started. This provides a better experience for users as they may not
have known previously why they went back to musiconhold.
Mark Michelson [Fri, 14 Nov 2014 14:21:55 +0000 (14:21 +0000)]
Fix a possible race condition where duplicate requests may be handled by separate threads.
If an endpoint retransmits a request, it's possible due to temporary load
that Asterisk may end up processing both requests at the same time in separate
threads. One thread will successfully handle the request, while the other thread
fails to handle the request since the first thread already registered the
transaction with the PJSIP core.
The fix here is to detect the duplicated transaction failure and to silently
absorb the request since another thread should be properly handling the request.
When using a non-default sorcery wizard (in this instance realtime) for
outbound registrations and after adding in an appropriate call to
ast_sorcery_apply_config() (since it is missing) Asterisk will crash after
a stack overflow occurs due to the code infinitely recursing. The fix entails
removing the outbound registration state dependency from the outbound
registration sorcery object and instead keeping an in memory container that
can be used to lookup the state when needed.
ASTERISK-24514
Reported by: Mark Michelson
Review: https://reviewboard.asterisk.org/r/4164/
Kinsey Moore [Thu, 13 Nov 2014 15:42:28 +0000 (15:42 +0000)]
Stasis: Fix StasisEnd message ordering
This change corrects message ordering in cases where a channel-related
message can be received after a Stasis/ARI application has received the
StasisEnd message. The StasisEnd message was being passed to
applications directly without waiting for the channel topic to empty.
As a result of this fix, other bugs were also identified and fixed:
* StasisStart messages were also being sent directly to apps and are
now routed through the stasis message bus properly
* Masquerade monitor datastores were being removed at the incorrect
time in some cases and were causing StasisEnd messages to not be sent
* General refactoring where necessary for the above
* Unsubscription on StasisEnd timing changes to prevent additional
messages from following the StasisEnd when they shouldn't
A channel sanitization function pointer was added to reduce processing
and AO2 lookups.
Review: https://reviewboard.asterisk.org/r/4163/
ASTERISK-24501 #close
Reported by: Matt Jordan
Matthew Jordan [Wed, 12 Nov 2014 23:59:33 +0000 (23:59 +0000)]
main/rtp_engine: Fix crash when processing more than one RTCP report info block
Asterisk - in res_rtp_asterisk - only understands a single RTCP report info
block. When the RTCP information was refactored in the RTP Engine to be pushed
over the Stasis message bus, I put in the hooks into the engine to handle
multiple RTCP report info blocks, in the hope that a future RTP implementation
would be able to provide that data. Unfortunately, res_rtp_asterisk has a
tendency to "lie":
(1) It will send RTCP reports with a reception_report_count greater than 1
(which is pulled directly from the RTCP packet itself, so that part is
correct)
(2) It will only provide a single report block
When the rtp_engine goes to convert this to a JSON blob, hilarity ensues as it
looks for a report block that doesn't exist.
This patch updates the rtp_engine to be a bit more skeptical about what it is
presented with. While this could also be fixed in res_rtp_asterisk, this patch
prefers to fix it in the engine for two reasons:
(1) The engine is designed to work with multiple RTP implementation, and hence
having it be more robust is a good thing (tm)
(2) res_rtp_asterisk's handling of RTCP information is "fun". It should report
the correct reception_report_count; ideally it should also be giving us all
of the blocks - but it is *definitely* not designed to do that. Going down
that road is a non-trivial effort.
Joshua Colp [Wed, 12 Nov 2014 16:11:37 +0000 (16:11 +0000)]
pbx: Fix off-nominal case where a freed extension may still be used.
If during the operation of adding an extension a priority is added but
fails it is possible for the extension to be freed but still exist in
the PBX core. If this occurs subsequent lookups may try to access the
extension and end up in freed memory.
This change removes the extension from the PBX core when the priority
addition fails and then frees the extension.
Corey Farrell [Wed, 12 Nov 2014 13:45:34 +0000 (13:45 +0000)]
Fix compiler error when using ./configure --enable-dev-mode --enable-coverage
When DONT_OPTIMIZE is enabled with dev-mode, it causes a shadow compilation
to be done with output to /dev/null. This can cause errors with coverage
when GCC attempts to write to /dev/null.gcno. This change disables
coverage for the shadow compilation.
In chan_agent, a '*' is used by default to terminate a bridge with a caller.
This can lead to all sorts of problems if '*' is used by a feature in
features.conf, as the chan_agent disconnect '*' may be detected first.
This patch adds a documentation snippet to features.conf so that users who
attempt to use features with agents know of the potential conflict.
ASTERISK-20402 #close
Reported by: Matt Riddell
patches:
features.conf.diff uploaded by Matt Riddell (License 5023)
Matthew Jordan [Sun, 9 Nov 2014 00:37:25 +0000 (00:37 +0000)]
channels/chan_mgcp: Fix regression which causes gateways to be skipped
In r227276, a while loop was turned into a for loop. Unfortunately, a portion
of the while loop was left in the code such that, when a static gateway is
encountered in the list of MGCP gateways, the next gateway would be skipped.
At best, we would simply flip past a gateway; at worst, this could lead to a
crash.
Matthew Jordan [Sun, 9 Nov 2014 00:25:18 +0000 (00:25 +0000)]
addons/chan_mobile: Increase buffer size of UCS2 encoded SMS messages
When UCS2 character encoding is used, one symbol in national language can be
expanded to 4 bytes. The current buffer used for receiving message in
do_monitor_phone is 256 bytes, which is not large enough for incoming messages.
For example:
* AT+CMGR phone response prefix
'+CMGR: "REC UNREAD","+7**********",,"14/10/29,13:31:39+12"\r\n' - 60 bytes
* SMS body with UCS2 encoding (max) - 280 bytes
* AT+CMGR phone response suffix '\r\n\r\nOK\r\n' - 8 bytes
* Terminating null character - 1 byte
This results in a needed buffer size of 349 bytes. Hence, this patch opts for a
350 byte buffer.
Matthew Jordan [Sun, 9 Nov 2014 00:00:09 +0000 (00:00 +0000)]
bridge_native_rtp: Fix T.38 issues with remote bridges
After r425242 the fax/sip/directmedia_reinvite_t38 test started failing due to
the surviving channel not being re-INVITEd back from T.38 to audio. This patch
fixes that bug - a deeper explanation of what happened follows.
When two RTP channels are in a native bridge, the bridging layer will
investigate each via the get_rtp_info glue callback. This callback returns the
native bridge preference of the channel *at that moment in time* (that part is
key). At different points during the bridging, the native bridging layer will
inform the RTP capable channels of the status of the bridge via the update_peer
glue callback.
In a T.38 scenario with audio direct media, the sequence of events will often
look like the following:
* SIP/A and SIP/B both have audio and enter a native bridge.
* Asterisk re-INVITEs audio between SIP/A and SIP/B directly (via an
update_peer callback).
* SIP/A sends a re-INVITE to T.38, which causes Asterisk to send a re-INVITE
to T.38 to SIP/B. Assuming everyone 200 OKs the process, the UDPTL stack
receives UDPTL packets in Asterisk from both endpoints. From the perspective
of the channels, we are now in a local bridge for T.38, even though we are
technically still in a remote bridge in bridge_native_rtp. (YAY!)
* When one side hangs up, bridge_native_rtp is told to stop bridging. It then
re-evaluates the channels and asks them how they are bridged - and since
T.38 is enabled, they reply with a Local bridge (which is correct), but is
wrong because the audio portion is still technically in a remote bridge.
* Asterisk releases the surviving channel, whose audio is *not* re-INVITED
back to Asterisk as bridge_native_rtp incorrectly assumes that it was in a
local bridge.
Ironically, prior to r425242, this used to work mostly due to a fluke in the
bridging layer.
The purpose of the get_rtp_info callback shouldn't be modified: it should tell
the bridging layer what kind of bridge the channel prefers at that moment in
time. If you have T.38 enabled, that *must* be a local bridge, as the UDPTPL
stack must be in the media path. As such, this patch does not modify that
part of the code.
However, we have to tell the channels to re-evaluate themselves when they come
out of a native bridge, since we can no longer trust the get_rtp_info callbacks
when the native bridge is being stopped. Something else may have changed in the
channels, and they may now be lying to us. As such, this patch makes it so that
we unilaterally tell the channels that they are no longer bridged via the
update_peer callback. This is actually what the channels expect anyway: code in
both chan_sip and chan_pjsip's callbacks look at the T.38 state and - if they
were in T.38 - send a re-INVITE to get the audio back to Asterisk.
Richard Mudgett [Thu, 6 Nov 2014 19:21:26 +0000 (19:21 +0000)]
app_agent_pool: Made agent alert interruptable by DTMF.
Made agent able to interrupt the alerting beep playback with DTMF. Any
digit can interrupt if the call does not need to be acknowledged. Only
the first digit of the acknowledgement can interrupt if the call needs to
be acknowledged. The agent interrupting the alerting playback builds on
the ASTERISK-24447 patch because it knows what digit interrupted the
playback and needs to be able to pass that digit to the DTMF hook digit
collection code.
Joshua Colp [Thu, 6 Nov 2014 18:20:12 +0000 (18:20 +0000)]
res_pjsip: Ensure in-dialog responses have an endpoint associated.
When handling incoming messages we determine if it is associated with
a dialog. If so we use that to determine what serializer and endpoint
to use for the message. Previously this would pass the endpoint to the
endpoint lookup module to actually place the endpoint completely on the
message. For in-dialog responses, however, this did not occur as
dialog processing took over and the endpoint lookup did not occur.
This change just places the endpoint in the expected spot immediately
instead of relying on the endpoint lookup module. In-dialog responses
thus have the expected endpoint.
Corey Farrell [Thu, 6 Nov 2014 12:12:47 +0000 (12:12 +0000)]
main/file.c: fix possible extra ast_module_unref to format modules.
fn_wrapper only adds a reference to the format's module if the file
was able to be opened. If not this causes an unmatched
ast_module_unref in filestream_destructor. Move ast_module_ref to
get_stream.
George Joseph [Wed, 5 Nov 2014 15:05:00 +0000 (15:05 +0000)]
Recorded merge of revisions 427328 from http://svn.asterisk.org/svn/asterisk/branches/11
........
config: Make text_file_save and 'dialplan save' escape semicolons in values.
When a config file is read, an unescaped semicolon signals comments which are
stripped from the value before it's stored. Escaped semicolons are then
unescaped and become part of the value. Both of these behaviors are normal
and expected. When the config is serialized either by 'dialplan save' or
AMI/UpdateConfig however, the now unescaped semicolons are written as-is.
If you actually reload the file just saved, the unescaped semicolons are
now treated as start of comments.
Since true comments are stripped on read, any semicolons in
ast_variable.value must have been escaped originally. This patch
re-escapes semicolons in ast_variable.values before they're written to
file either by 'dialplan save' or config/ast_config_text_file_save which
is called by AMI/UpdateConfig. I also fixed a few pre-existing formatting
issues nearby in pbx_config.c
George Joseph [Wed, 5 Nov 2014 00:11:45 +0000 (00:11 +0000)]
config: Make text_file_save and 'dialplan save' escape semicolons in values.
When a config file is read, an unescaped semicolon signals comments which are
stripped from the value before it's stored. Escaped semicolons are then
unescaped and become part of the value. Both of these behaviors are normal
and expected. When the config is serialized either by 'dialplan save' or
AMI/UpdateConfig however, the now unescaped semicolons are written as-is.
If you actually reload the file just saved, the unescaped semicolons are
now treated as start of comments.
Since true comments are stripped on read, any semicolons in
ast_variable.value must have been escaped originally. This patch
re-escapes semicolons in ast_variable.values before they're written to
file either by 'dialplan save' or config/ast_config_text_file_save which
is called by AMI/UpdateConfig. I also fixed a few pre-existing formatting
issues nearby in pbx_config.c
Corey Farrell [Tue, 4 Nov 2014 19:30:43 +0000 (19:30 +0000)]
res_http_websockets: Fix extra unref of module
In websocket_add_protocol_internal is used to add the "echo"
protocol, but ast_websocket_remove_protocol is used to remove
it. This causes an extra call to ast_module_unref.
Richard Mudgett [Mon, 3 Nov 2014 17:54:20 +0000 (17:54 +0000)]
res_pjsip: Add disable_tcp_switch option.
When a packet exceeds the MTU, pjproject will switch from UDP to TCP. In
some circumstances (on some networks), this can cause some issues with
messages not getting sent to the correct destination - and can also cause
connections to get dropped due to quirks in pjproject deciding to
terminate TCP connections with no messages.
While fixing the routing/messaging issues is important, having a
configuration option in Asterisk that tells pjproject to not switch over
to TCP would be useful. That way, if some glitch is discovered on some
other network/site, we can at least disable the behavior until a fix is
put into place.
Corey Farrell [Sun, 2 Nov 2014 08:05:00 +0000 (08:05 +0000)]
Fix ast_writestream leaks
Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.
11+: Fix leak of ast_writestream recording_fs in
app_voicemail:leave_voicemail.
Matthew Jordan [Sun, 2 Nov 2014 01:01:15 +0000 (01:01 +0000)]
res/res_stasis: Fix crash on module unload while performing operation
When the res_stasis module is unloaded, it will dispose of the apps_registry
container. This is a problem if an ARI operation is in flight that attempts
to use the registry, as the shutdown occurs in a separate thread. This patch
adds some sanity checks to the various routines that access the registry which
cause the operations to fail if the apps_registry does not exist.
A question arose as to whether a .pem file
could be provided in place of the .crt and
.key files in a PJSIP TLS configuration. I
tested this and discovered that although a
cert will be read from the pem file, a key
will not, and thus the priv_key_file entry
is still required. This update to the fine
documentation clarifies the option usage.
AST-1448 #close
Review: https://reviewboard.asterisk.org/r/4129/
Reported by: John Bigelow
This updates the status of the outbound registration
to reflect when it has been unregistered. Since the
registration is unregistered but is not stopped, the
registration schedule remains active as before. The
patch also updates the documentation of both the AMI
and CLI commands.
ASTERISK-24411 #close
Review: https://reviewboard.asterisk.org/r/4119/
Reported by: John Bigelow
patches:
unregister-patch1.txt uploaded by John Bigelow (License 5091)
Matthew Jordan [Fri, 31 Oct 2014 03:25:39 +0000 (03:25 +0000)]
channels/sip/reqresp_parser: Fix unit tests for r426594
When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.
........
Merged revisions 426858 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 426860 from http://svn.asterisk.org/svn/asterisk/branches/11
Corey Farrell [Thu, 30 Oct 2014 23:54:36 +0000 (23:54 +0000)]
app_queue: fix a couple leaks to struct call_queue in set_member_value
set_member_value has a couple leaks to references in the variable q
found through testsuite tests/queues/set_penalty. Also remove the
REF_DEBUG_ONLY_QUEUES compiler declaration, this is no longer possible
with the updated REF_DEBUG code.
Currently, it is possible for some subscriptions to get into a NULL state. When
this occurs and the PJSIPShowSubscriptionsInbound ami action is issued and a
device is subscribed for extension state then the associated subscription state
object can't be located. The code then attempts to dereference a NULL object.
Added a NULL check to avoid the problem.
Kevin Harwell [Thu, 30 Oct 2014 17:16:28 +0000 (17:16 +0000)]
res_pjsip: incorrect qualify statistics after disabling for contact
When removing the qualify_frequency from an AoR or a contact the statistics
shown when issuing "pjsip show aors" from the CLI are incorrect. This patch
deletes the contact's status object from sorcery, disassociating it from the
contact, if the qualify_freqency is removed from configuration.
ASTERISK-24462 #close
Reported by: Mark Michelson
Review: https://reviewboard.asterisk.org/r/4116/
Walter Doekes [Thu, 30 Oct 2014 09:18:52 +0000 (09:18 +0000)]
app_voicemail: Fix unchecked bounds of myArray in IMAP_STORAGE.
In update_messages_by_imapuser(), messages were appended to a finite
array which resulted in a crash when an IMAP mailbox contained more
than 256 entries. This memory is now dynamically increased as needed.
Observe that this patch adds a bunch of XXX's to questionable code. See
the review (url below) for more information.
ASTERISK-24190 #close
Reported by: Nick Adams
Tested by: Nick Adams
Matthew Jordan [Thu, 30 Oct 2014 01:58:33 +0000 (01:58 +0000)]
channels/chan_sip: Add improved support for 4xx error codes
This patch adds support for 414, 493, 479, and a stray 400 response in REGISTER
response handling. This helps interoperability in a number of scenarios.
Review: https://reviewboard.asterisk.org/r/3437
patches:
rb3437.patch uploaded by oej (License 5267)
........
Merged revisions 426599 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 426600 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Thu, 30 Oct 2014 01:46:55 +0000 (01:46 +0000)]
channels/chan_sip: Support mutltiple Supported and Required headers
A SIP request may contain multiple Supported: and Required: headers. Currently,
chan_sip only parses the first Supported/Required header it finds. This patch
adds support for multiple Supported/Required headers for INVITE requests.
Review: https://reviewboard.asterisk.org/r/2478
ASTERISK-21721 #close
Reported by: Olle Johansson
patches:
rb2478.patch uploaded by oej (License 5267)
........
Merged revisions 426594 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 426595 from http://svn.asterisk.org/svn/asterisk/branches/11
projects / thirdparty / asterisk.git / log
