Richard Mudgett [Mon, 30 Nov 2015 22:42:47 +0000 (16:42 -0600)]
sched.c: Make not return a sched id of 0.
According to the API doxygen a sched ID of 0 is valid. Unfortunately, 0
was never returned historically and several users incorrectly coded usage
of the returned sched ID assuming that 0 was invalid.
Richard Mudgett [Tue, 24 Nov 2015 18:44:53 +0000 (12:44 -0600)]
Audit improper usage of scheduler exposed by 5c713fdf18f.
channels/chan_iax2.c:
* Initialize struct chan_iax2_pvt scheduler ids earlier because of
iax2_destroy_helper().
channels/chan_sip.c:
channels/sip/config_parser.c:
* Fix initialization of scheduler id struct members. Some off nominal
paths had 0 as a scheduler id to be destroyed when it was never started.
chan_skinny.c:
* Fix some scheduler id comparisons that excluded the valid 0 id.
channel.c:
* Fix channel initialization of the video stream scheduler id.
pbx_dundi.c:
* Fix channel initialization of the packet retransmission scheduler id.
Steve Davies [Wed, 11 Nov 2015 10:16:22 +0000 (10:16 +0000)]
Further fixes to improper usage of scheduler
When ASTERISK-25449 was closed, a number of scheduler issues mentioned in
the comments were missed. These have since beed raised in ASTERISK-25476
and elsewhere.
This patch attempts to collect all of the scheduler issues discovered so
far and address them sensibly.
Matt Jordan [Wed, 7 Oct 2015 01:43:58 +0000 (20:43 -0500)]
res/res_rtp_asterisk: Fix assignment after ao2 decrement
When we decide we will no longer schedule an RTCP write, we remove the
reference to the RTP instance, then assign -1 to the stored scheduler ID
in case something else comes along and wants to see if anything is scheduled.
That scheduler ID is on the RTP instance. After 60a9172d7ef2 was merged to
fix the regression introduced by 3cf0f29310, this improper assignment on a
potentially destroyed object started getting tripped on the build agents.
Frankly, this should have been crashing a lot more often earlier. I can only
assume that the timing was changed just enough by both changes to start
actually hitting this problem.
As it is, simply moving the assignment prior to the ao2 deference is sufficient
to keep the RTP instance from being referenced when it is very, truly,
aboslutely dead.
(Note that it is still good practice to assign -1 to the scheduler ID when we
know we won't be scheduling it again, as the ao2 deref *may* not always destroy
the ao2 object.)
Matt Jordan [Tue, 6 Oct 2015 02:34:41 +0000 (21:34 -0500)]
Fix improper usage of scheduler exposed by 5c713fdf18f
When 5c713fdf18f was merged, it allowed for scheduled items to have an ID of
'0' returned. While this was valid per the documentation for the API, it was
apparently never returned previously. As a result, several users of the
scheduler API viewed the result as being invalid, causing them to reschedule
already scheduled items or otherwise fail in interesting ways.
This patch corrects the users such that they view '0' as valid, and a returned
ID of -1 as being invalid.
Note that the failing HEP RTCP tests now pass with this patch. These tests
failed due to a duplicate scheduling of the RTCP transmissions.
Richard Mudgett [Tue, 8 Oct 2013 20:14:14 +0000 (20:14 +0000)]
app_confbridge: Set the language used for announcements to the conference.
ConfBridge now has the ability to set the language of announcements to the
conference. The language can be set on a bridge profile in
confbridge.conf or by the dialplan function
CONFBRIDGE(bridge,language)=en.
(closes issue ASTERISK-19983)
Reported by: Jonathan White
Patches:
M19983_rev2.diff (license #5138) patch uploaded by junky (modified)
Tested by: rmudgett
Mark Michelson [Thu, 10 Sep 2015 22:19:26 +0000 (17:19 -0500)]
scheduler: Use queue for allocating sched IDs.
It has been observed that on long-running busy systems, a scheduler
context can eventually hit INT_MAX for its assigned IDs and end up
overflowing into a very low negative number. When this occurs, this can
result in odd behaviors, because a negative return is interpreted by
callers as being a failure. However, the item actually was successfully
scheduled. The result may be that a freed item remains in the scheduler,
resulting in a crash at some point in the future.
The scheduler can overflow because every time that an item is added to
the scheduler, a counter is bumped and that counter's current value is
assigned as the new item's ID.
This patch introduces a new method for assigning scheduler IDs. Instead
of assigning from a counter, a queue of available IDs is maintained.
When assigning a new ID, an ID is pulled from the queue. When a
scheduler item is released, its ID is pushed back onto the queue. This
way, IDs may be reused when they become available, and the growth of ID
numbers is directly related to concurrent activity within a scheduler
context rather than the uptime of the system.
Jonathan Rose [Wed, 13 May 2015 20:41:07 +0000 (15:41 -0500)]
Message.c: Clear message channel frames on cleanup
The message channel is a special channel that doesn't actually process frames.
However, certain actions can cause frames to be placed in the channel's read
queue including the Hangup application which is called on the channel after
each message is processed. Since the channel will continually be reused for
many messages, it's necessary to flush these frames at some point.
Joshua Colp [Wed, 26 Aug 2015 10:40:32 +0000 (07:40 -0300)]
chan_sip: Allow call pickup to set the hangup cause.
The call pickup implementation in chan_sip currently sets the channel
hangup cause to "normal clearing" if call pickup is successfully
performed. This action overwrites the "answered elsewhere" hangup cause
set by the call pickup code and can result in the SIP device in
question showing a missed call when it should not.
This change sets the hangup cause to "normal clearing" as a
default initially but allows the call pickup to change it as
needed.
Kevin Harwell [Wed, 12 Aug 2015 17:59:53 +0000 (12:59 -0500)]
chan_sip.c: wrong peer searched in sip_report_security_event
In chan_sip, after handling an incoming invite a security event is raised
describing authorization (success, failure, etc...). However, it was doing
a lookup of the peer by extension. This is fine for register messages, but
in the case of an invite it may search and find the wrong peer, or a non
existent one (for instance, in the case of call pickup). Also, if the peers
are configured through realtime this may cause an unnecessary database lookup
when caching is enabled.
This patch makes it so that sip_report_security_event searches by IP address
when looking for a peer instead of by extension after an invite is processed.
Matt Jordan [Mon, 13 Apr 2015 14:54:18 +0000 (09:54 -0500)]
build_tools/make_version: Update version parsing for Git migration
External systems - such as the Asterisk Test Suite - require knowledge of the
upstream branch. Unfortunately, after moving to Git, the Asterisk version
currently consists of only a 'GIT" prefix followed by an object blob,
e.g., GIT-as08d7. This makes it difficult for such systems to know what
features are available in a particular check out of Asterisk.
This patch fixes this by hardcoding the branch in a variable in the
make_version script. Since the mainline branches are not changed often -
typically only once a year - this is a reasonable approach to solving
the problem, and is more reliable than parsing the output of 'git branch
-vv'. Branches that track off of an upstream primary branch will then get the
benefit of knowing which mainline branch they are currently based off
of.
Matt Jordan [Sun, 12 Apr 2015 17:59:22 +0000 (12:59 -0500)]
git migration: Remove support for file versions
Git does not support the ability to replace a token with a version
string during check-in. While it does have support for replacing a
token on clone, this is somewhat sub-optimal: the token is replaced
with the object hash, which is not particularly easy for human
consumption. What's more, in practice, the source file version was often
not terribly useful. Generally, when triaging bugs, the overall version
of Asterisk is far more useful than an individual SVN version of a file.
As a result, this patch removes Asterisk's support for showing source file
versions.
Specifically, it does the following:
* main/asterisk:
- Refactor the file_version structure to reflect that it no longer
tracks a version field.
- Alter the "core show file version" CLI command such that it always
reports the version of Asterisk. The file version is no longer
available.
* main/manager: The Version key now always reports the Asterisk version.
* UPGRADE: Add notes for:
- Modification to the ModuleCheck AMI Action.
- Modification to the CLI "core show file version" command.
Matt Jordan [Sun, 12 Apr 2015 04:22:59 +0000 (23:22 -0500)]
.gitignore: Ignore tarballs (*.gz)
This patch updates the root .gitignore file to ignore files with a .gz
extension. This will cause git to ignore downloaded sound tarballs in
the the sounds/ directory.
Jonathan Rose [Wed, 8 Apr 2015 17:15:07 +0000 (17:15 +0000)]
Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.
When registering to a SIP server with TLS, Asterisk will accept CA signed
certificates with a common name that was signed for a domain other than the
one requested if it contains a null character in the common name portion of
the cert. This patch fixes that by checking that the common name length
matches the the length of the content we actually read from the common name
segment. Some certificate authorities automatically sign CA requests when
the requesting CN isn't already taken, so an attacker could potentially
register a CN with something like www.google.com\x00www.secretlyevil.net
and have their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com - this is a security fix and is
noted in AST-2015-003.
ASTERISK-24847 #close
Reported by: Maciej Szmigiero
Patches:
asterisk-null-in-cn.patch submitted by mhej (license 6085)
........
Merged revisions 434337 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 434338 from http://svn.asterisk.org/svn/asterisk/branches/11
Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.
Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.
Richard Mudgett [Mon, 22 Dec 2014 20:31:18 +0000 (20:31 +0000)]
queue_log: Post QUEUESTART entry when Asterisk fully boots.
The QUEUESTART log entry has historically acted like a fully booted event
for the queue_log file. When the QUEUESTART entry was posted to the log
was broken by the change made by ASTERISK-15863.
* Made post the QUEUESTART queue_log entry when Asterisk fully boots.
This restores the intent of that log entry and happens after realtime has
had a chance to load.
chan_sip: Allow T.38 switch-over when SRTP is in use.
Previously when SRTP was enabled on a channel it was not possible
to switch to T.38 as no crypto attributes would be present.
This change makes it so it is now possible. If a T.38 re-invite
comes in SRTP is terminated since in practice you can't encrypt
a UDPTL stream. Now... if we were doing T.38 over RTP (which
does exist) then we'd have a chance but almost nobody does that so
here we are.
ASTERISK-24449 #close
Reported by: Andreas Steinmetz
patches:
udptl-ignore-srtp-v2.patch submitted by Andreas Steinmetz (license 6523)
........
Merged revisions 429632 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Fri, 19 Dec 2014 19:58:50 +0000 (19:58 +0000)]
stun: correct attribute string padding to match rfc
When sending the USERNAME attribute in an RTP STUN
response, the implementation in append_attr_string
passed the actual length, instead of padding it up
to a multiple of four bytes as required by the RFC
3489. This change adds separate variables for the
string and padded attributed lengths, and performs
padding correctly.
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/4139/
........
Merged revisions 427874 from http://svn.asterisk.org/svn/asterisk/branches/11
Richard Mudgett [Fri, 19 Dec 2014 17:41:01 +0000 (17:41 +0000)]
chan_dahdi: Don't ignore setvar when using configuration section scheme.
When the configuration section scheme of chan_dahdi.conf is used (keyword
dahdichan instead of channel) all setvar= options are completely ignored.
No variable defined this way appears in the created DAHDI channels.
* Move the clearing of setvar values to after the deferred processing of
dahdichan.
Richard Mudgett [Sat, 13 Dec 2014 00:08:51 +0000 (00:08 +0000)]
DEBUG_THREADS: Fix regression and lock tracking initialization problems.
This patch started with David Lee's patch at
https://reviewboard.asterisk.org/r/2826/ and includes a regression fix
introduced by the ASTERISK-22455 patch.
The initialization of a mutex's lock tracking structure was not protected
in a critical section. This is fine for any mutex that is explicitly
initialized, but a static mutex may have its lock tracking double
initialized if multiple threads attempt the first lock simultaneously.
* Added a global mutex to properly serialize initialization of the lock
tracking structure. The painful global lock can be mitigated by adding a
double checked lock flag as discussed on the original review request.
* Defer lock tracking initialization until first use.
* Don't be "helpful" and initialize an uninitialized lock when
DEBUG_THREADS is enabled. Debug code is not supposed to fix or change
normal code behavior. We don't need a lock initialization race that would
force a re-setup of lock tracking. Lock tracking already handles
initialization on first use.
* Properly handle allocation failures of the lock tracking structure.
* No need to initialize tracking data in __ast_pthread_mutex_destroy()
just to turn around and destroy it.
The regression introduced by ASTERISK-22455 is the result of manipulating
a pthread_mutex_t struct outside of the pthread library code. The
pthread_mutex_t struct seems to have a global linked list pointer member
that can get changed by other threads. Therefore, saving and restoring
the contents of a pthread_mutex_t struct is a bad thing.
Thanks to Thomas Airmont for finding this obscure regression.
* Don't overwrite the struct ast_lock_track.reentr_mutex member to restore
tracking data in __ast_cond_wait() and __ast_cond_timedwait(). The
pthread_mutex_t struct must be treated as a read-only opaque variable.
Miscellaneous other items fixed by this patch:
* Match ast_suspend_lock_info() with ast_restore_lock_info() in
__ast_cond_timedwait().
* Made some uninitialized lock sanity checks return EINVAL and try a
DO_THREAD_CRASH.
Joshua Colp [Wed, 10 Dec 2014 13:31:25 +0000 (13:31 +0000)]
res_http_websocket: Fix crash due to double freeing memory when receiving a payload length of zero.
Frames with a payload length of 0 were incorrectly handled in res_http_websocket.
Provided a frame with a payload had been received prior it was possible for a double
free to occur. The realloc operation would succeed (thus freeing the payload) but be
treated as an error. When the session was then torn down the payload would be
freed again causing a crash. The read function now takes this into account.
This change also fixes assumptions made by users of res_http_websocket. There is no
guarantee that a frame received from it will be NULL terminated.
Mark Michelson [Thu, 20 Nov 2014 16:44:42 +0000 (16:44 +0000)]
Fix error with mixed address family ACLs.
Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.
ASTERISK-24469 #close
Reported by Matt Jordan
Patches:
ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)
AST-2014-012
........
Merged revisions 428402 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 428417 from http://svn.asterisk.org/svn/asterisk/branches/11
Kevin Harwell [Thu, 20 Nov 2014 16:16:46 +0000 (16:16 +0000)]
AST-2014-017 - app_confbridge: permission escalation/ class authorization.
Confbridge dialplan function permission escalation via AMI and inappropriate
class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan
function when executed from an external protocol (for instance AMI), could
result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord”
could also be used to execute arbitrary system commands without first checking
for system access.
Asterisk now inhibits the CONFBRIDGE function from being executed from an
external interface if the live_dangerously option is set to no. Also, the
“ConfbridgeStartRecord” AMI action is now only allowed to execute under a
user with system level access.
Joshua Colp [Thu, 20 Nov 2014 14:23:57 +0000 (14:23 +0000)]
AST-2014-014: Fix race condition where channels may get stuck in ConfBridge under load.
Under load it was possible for the bridging API, and thus ConfBridge, to get
channels that may have hung up stuck in it. This is because handling of state
transitions for a bridged channel within a bridge was not protected and simply
set the new state without regard to the existing state. If the existing state
had been hung up this would get overwritten.
This change adds locking to protect changing of the state and also
takes into consideration the existing state.
Matthew Jordan [Mon, 20 Oct 2014 14:37:44 +0000 (14:37 +0000)]
AST-2014-011: Fix POODLE security issues
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
........
Merged revisions 425986 from http://svn.asterisk.org/svn/asterisk/branches/11
Kinsey Moore [Sun, 17 Aug 2014 01:54:21 +0000 (01:54 +0000)]
Add missing commit from 11.2-cert
This disables building by default for all extended modules for
Certified Asterisk 11.6. This commit was missed from 11.2-cert when
creating the 11.6-cert branch.
Richard Mudgett [Fri, 25 Jul 2014 23:27:08 +0000 (23:27 +0000)]
features.c: Allow appliationmap to use Gosub.
Using DYNAMIC_FEATURES with a Gosub application as the mapped application
does not work. It does not work because Gosub just pushes the current
dialplan context, exten, and priority onto a stack and sets the specified
Gosub location. Gosub does not have a dialplan execution loop to run
dialplan like Macro.
* Made the DYNAMIC_FEATURES application mapping feature call
ast_app_exec_macro() and ast_app_exec_sub() for the Macro and Gosub
applications respectively.
* Backported ast_app_exec_macro() and ast_app_exec_sub() from v11 to
execute dialplan routines from the DYNAMIC_FEATURES application mapping
feature.
NOTE: This issue does not affect v12+ because it already does what this
patch implements.
When updating voicemail.conf when a user changes
their pin, change the generator string to be the
same as the module name when reading so that the
same config_hook will be called.
config: inform config hook of change when writing file
When updated configuration is written back to the conf
file - for example when a user changes their voicemail
pin, make sure that any config hook that wants to know
of changes is informed.
This corrects one-way audio between Asterisk and Chrome/jssip as a
result of Asterisk inserting the incorrect RTCP port into RTCP SRFLX
ICE candidates. This also exposes an ICE component enumeration to
extract further details from candidates.
res_rtp_asterisk: Fails to resume WebRTC call from hold
In ast_rtp_ice_start if the ice session create check list failed, start check
was never initiated and ice_started was never set to true. Upon re-entering
the function (for instance, [un]hold) it would try to create the check list
again with duplicate remote candidates.
Fixed so that if the create check list fails the necessary data structures
are properly re-initialized for any subsequent retries.
Note, it was decided to not stop ice support (by calling ast_rtp_ice_stop) on a
check list failure because it possible things might still work. However, a
debug message was added to help with any future troubleshooting.
res_rtp_asterisk: Fix checklist creating problems in ICE sessions
Prior to this patch, local candidate lists including SRFLX would fail to start
properly when building ICE candidate check lists. This patch fixes that problem
by making sure that each SRFLX candidate is associated with the proper
base address so that the check list can create matches properly.
This patch was written by jcolp. The issue will be left open to await testing
by the issue participants.
res_rtp_asterisk: Add support for DTLS handshake retransmissions
On congested networks, it is possible for the DTLS handshake messages to get
lost. This patch adds a timer to res_rtp_asterisk that will periodically
check to see if the handshake has succeeded. If not, it will retransmit the
DTLS handshake.
res_rtp_asterisk: Add SHA-256 support for DTLS and perform DTLS negotiation on RTCP.
This change fixes up DTLS support in res_rtp_asterisk so it can accept and provide
a SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after ICE negotiation
completes. Configuration options to chan_sip have also been added to allow behavior
to be tweaked (such as forcing the AVP type media transports in SDP).
Richard Mudgett [Thu, 12 Jun 2014 19:32:28 +0000 (19:32 +0000)]
AST-2014-007: Fix DOS by consuming the number of allowed HTTP connections.
Simply establishing a TCP connection and never sending anything to the
configured HTTP port in http.conf will tie up a HTTP connection. Since
there is a maximum number of open HTTP sessions allowed at a time you can
block legitimate connections.
A similar problem exists if a HTTP request is started but never finished.
* Added http.conf session_inactivity timer option to close HTTP
connections that aren't doing anything. Defaults to 30000 ms.
* Removed the undocumented manager.conf block-sockets option. It
interferes with TCP/TLS inactivity timeouts.
* AMI and SIP TLS connections now have better authentication timeout
protection. Though I didn't remove the bizzare TLS timeout polling code
from chan_sip.
* chan_sip can now handle SSL certificate renegotiations in the middle of
a session. It couldn't do that before because the socket was non-blocking
and the SSL calls were not restarted as documented by the OpenSSL
documentation.
* Fixed an off nominal leak of the ssl struct in
handle_tcptls_connection() if the FILE stream failed to open and the SSL
certificate negotiations failed.
The patch creates a custom FILE stream handler to give the created FILE
streams inactivity timeout and timeout after a specific moment in time
capability. This approach eliminates the need for code using the FILE
stream to be redesigned to deal with the timeouts.
This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of
the SSL_read/SSL_write operations.
ASTERISK-23673 #close
Reported by: Richard Mudgett
........
Merged revisions 415841 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 415854 from http://svn.asterisk.org/svn/asterisk/branches/11
app_queue: delayed state can cause early leavewhenempty ringing
In app_queue, device state changes arrive in event messages and
update the queue member status value. That value is checked in
get_member_status() to decide that the caller should leave when
there are no available members. Although event messages can be
delayed by other activity, there is no adverse affect by lagged
status except in one specific case: there is only one available
member, it was just rung, and leavewhenempty is enabled set for
ringing members. This change adds a direct check of the device
state only under this condition where the caller may be dropped
incorrectly, resolving this issue without affecting performance
of app_queue normally.
AST-1248 #close
Review: https://reviewboard.asterisk.org/r/3595/
Reported by: Thomas Arimont
........
Merged revisions 415833 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Jonathan Rose [Thu, 12 Jun 2014 16:06:51 +0000 (16:06 +0000)]
MixMonitor: Add class authorization requirements to MixMonitor AMI commands
MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked class
authorization. StopMixMonitor now requires that the manager user either have
the call or system class authorization. StartMixMonitor is a slightly larger
issue since it can execute shell commands if the right arguments are passed
into it, and we consider this a permission escalation. A security release
will be issued for problem this shortly.
ASTERISK-23609 #close
Reported by: Corey Farrell
........
Merged revisions 415837 from http://svn.asterisk.org/svn/asterisk/branches/11
Richard Mudgett [Tue, 13 May 2014 00:48:49 +0000 (00:48 +0000)]
chan_dahdi/sig_pri: Prevent unnecessary PROGRESS events when overlap dialing is enabled.
When overlap dialing is enabled, the lack of inband audio available
information in the SETUP_ACKNOWLEDGE events causes an interoperability
problem with SIP. sig_pri doesn't know if there is dialtone present when
a SETUP_ACKNOWLEDGE is received so it assumes it is there and posts an
AST_CONTROL_PROGRESS frame. The SIP channel driver then sends out a 183
Session Progress and blocks the desired 180 Ringing message when the
ALERTING message comes in.
* Made the configure script detect if the installed version of libpri
supports the SETUP_ACKNOWLEDGE enhancements.
* Using the new API, made generate an AST_CONTROL_PROGRESS frame on an
incoming SETUP_ACKNOWLEDGE message when the message indicates inband audio
is present instead of assuming that dialtone is present.
* Using the new API, made SETUP_ACKNOWLEDGE send out an inband audio
available indication only if dialtone is expected. The change also makes
the fallback behaviour of sending the PROGRESS message better by sending
it only if dialtone is expected.
* Changed receiving a PROCEEDING message to not generate an
AST_CONTROL_PROGRESS frame if the progress indication ie indicates
non-end-to-end-ISDN. This helps interoperability with SIP.
* Changed sending a PROCEEDING message in response to an
AST_CONTROL_PROCEEDING frame to not indicate inband audio available. It
was silly to do so anyway because the channel driver doesn't know if
inband audio is even available. This helps interoperability with SIP.
This patch and a corresponding change in libpri work together to allow
Asterisk to control the inband audio available progress indication ie on
the SETUP_ACKNOWLEDGE message when dialtone is present.
Richard Mudgett [Mon, 10 Mar 2014 17:34:29 +0000 (17:34 +0000)]
AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
(closes issue ASTERISK-23340)
Reported by: Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. Manuel Sadosky, Buenos Aires, Argentina
........
Merged revisions 410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 410381 from http://svn.asterisk.org/svn/asterisk/branches/11
Kinsey Moore [Mon, 10 Mar 2014 14:04:38 +0000 (14:04 +0000)]
AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
Richard Mudgett [Wed, 19 Feb 2014 19:17:15 +0000 (19:17 +0000)]
config: Add file size and nanosecond resolution fields to the cached modified config file information.
Repeatedly modifying config files and reloading too fast sometimes fails
to reload the configuration because the cached modification timestamp has
one second resolution.
* Added file size and nanosecond resolution fields to the cached config
file modification timestamp information. Now if the file size changes or
the file system supports nanosecond resolution the modified file has a
better chance of being detected for reload.
* Added a missing unlock in an off-nominal code path.
Richard Mudgett [Fri, 7 Feb 2014 19:30:20 +0000 (19:30 +0000)]
chan_iax2: Block unnecessary control frames to/from the wire.
Establishing an IAX2 call between Asterisk v1.4 and v1.8 (or later)
results in an unexpected call disconnect. The problem happens because
newer values in the enum ast_control_frame_type are not consistent between
the branch versions of Asterisk.
For example:
1) v1.4 calls v1.8 (or later) using IAX2
2) v1.8 answers and sends a connected line update control frame. (on v1.8
AST_CONTROL_CONNECTED_LINE = 22)
3) v1.4 receives the control frame as an end-of-q (on v1.4
AST_CONTROL_END_OF_Q = 22)
4) v1.4 disconnects the call once the receive queue becomes empty.
Several things are done by this patch to fix the problem and attempt to
prevent it from happening again in the future:
* Added a warning at the definition of enum ast_control_frame_type about
how to add new control frame values.
* Made block sending and receiving control frames that have no reason to
go over the wire.
* Extended the connectedline iax.conf parameter to also include the
redirecting information updates.
* Updated the connectedline iax.conf parameter documentation to include a
notice that the parameter must be "no" when the peer is an Asterisk v1.4
instance.
Richard Mudgett [Sat, 25 Jan 2014 00:13:47 +0000 (00:13 +0000)]
CEL: Protect data structures during reload and shutdown.
The CEL data structures need to be protected during a configuration reload
and shutdown. Asterisk crashed during a shutdown because CEL events were
still in flight and the CEL data structures were already destroyed.
* Protected the appset and linkedids ao2 containers using the reload_lock.
As a result appset, linkedids, and held objects don't need a lock.
* Added NULL checks before use of the appset and linkedids ao2 containers
in case the CEL module is already shutdown.
* Fixed overloading of the linkedids held objects reference count. During
shutdown any held objects would be leaked.
* Fixed memory leak of linkedids held objects if the LINKEDID_END is not
being tracked. The objects in the linkedids container were not removed if
the LINKEDID_END event is not used.
* Added access protection to the appset container during the CLI "cel show
status" command.
* Made CEL config reload not set defaults if the cel.conf file is invalid.
Richard Mudgett [Fri, 24 Jan 2014 18:28:16 +0000 (18:28 +0000)]
manager: Protect data structures during shutdown.
Occasionally, the manager module would get an "INTERNAL_OBJ: bad magic
number" error on a "core restart gracefully" command if an AMI connection
is established.
* Added ao2_global_obj protection to the sessions global container.
* Fixed the order of unreferencing a session object in session_destroy().
* Removed unnecessary container traversals of the white/black filters
during session_destructor().
Matthew Jordan [Wed, 15 Jan 2014 15:27:36 +0000 (15:27 +0000)]
pbx.c: put copy of ast_exten.data on stack to prevent memory corruption
During dialplan execution in pbx_extension_helper(), the contexts global
read lock prevents link list corruption, but was released with a pointer
to the ast_exten and data later used in variable substitution. Instead,
this patch removes pbx_substitute_variables() and locates a copy of the
ast_exten data on the stack before releasing the lock, where ast_exten
could get free'd by another thread performing a module reload.
(issue AST-1179)
Reported by: Thomas Arimont
(issue AST-1246)
Reported by: Alexander Hömig
Review: https://reviewboard.asterisk.org/r/3055/
........
Merged revisions 403862 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 403863 from http://svn.asterisk.org/svn/asterisk/branches/11
Matthew Jordan [Tue, 14 Jan 2014 19:46:52 +0000 (19:46 +0000)]
chan_sip: Hangup transferer/transferee when transfer to Parking fails
When performing a SIP transfer to a Park extension, if the Park fails, chan_sip
will currently not hang up either the transferer or the transfer target. This
results in the channels being orphaned with no thread to service frames,
resulting in stuck channels.
This patch immediately hangs up the two channels if a Park fails.
Richard Mudgett [Tue, 14 Jan 2014 18:50:09 +0000 (18:50 +0000)]
verbosity: Fix performance of console verbose messages.
The per console verbose level feature as previously implemented caused a
large performance penalty. The fix required some minor incompatibilities
if the new rasterisk is used to connect to an earlier version. If the new
rasterisk connects to an older Asterisk version then the root console
verbose level is always affected by the "core set verbose" command of the
remote console even though it may appear to only affect the current
console. If an older version of rasterisk connects to the new version
then the "core set verbose" command will have no effect.
* Fixed the verbose performance by not generating a verbose message if
nothing is going to use it and then filtered any generated verbose
messages before actually sending them to the remote consoles.
* Split the "core set debug" and "core set verbose" CLI commands to remove
the per module verbose support that cannot work with the per console
verbose level.
* Added a silent option to the "core set verbose" command.
* Fixed "core set debug off" tab completion.
* Made "core show settings" list the current console verbosity in addition
to the root console verbosity.
* Changed the default verbose level of the 'verbose' setting in the
logger.conf [logfiles] section. The default is now to once again follow
the current root console level. As a result, using the AMI Command action
with "core set verbose" could again set the root console verbose level and
affect the verbose level logged.
Matthew Jordan [Thu, 9 Jan 2014 16:34:05 +0000 (16:34 +0000)]
app_confbridge: Fix crash caused when waitmarked/marked users leave together
When waitmarked users join a ConfBridge, the conference state is transitioned
from EMPTY -> INACTIVE. In this state, the users are maintined in a waiting
users list. When a marked user joins, the ConfBridge conference transitions
from INACTIVE -> MULTI_MARKED, and all users are put onto the active list of
users. This process works correctly.
When the marked user leaves, if they are the last marked user, the MULTI_MARKED
state does the following:
(1) It plays back a message to the bridge stating that the leader has left the
conference. This requires an unlocking of the bridge.
(2) It moves waitmarked users back to the waiting list
(3) It transitions to the appropriate state: in this case, INACTIVE
However, because it plays the prompt back to the bridge before moving the users
and before finishing the state transition, this creates a race condition: with
the bridge unlocked, waitmarked users who leave the conference (or are kicked
from it) can cause a state transition of the bridge to another state before
the conference is transitioned to the INACTIVE state. This causes the state
machine to get a bit wonky, often leading to a crash when the MULTI_MARKED state
attempts to conclude its processing.
This patch fixes this problem:
(1) It prevents kicked users from being kicked again. That's just a nicety.
(2) More importantly, it fixes the race condition by only playing the prompt
once the state has transitioned correctly to INACTIVE. If waitmarked users
sneak out during the prompt being played, no harm no foul.
Review: https://reviewboard.asterisk.org/r/3108/
(closes issue AST-1258)
Reported by: Steve Pitts
........
Merged revisions 405215 from http://svn.asterisk.org/svn/asterisk/branches/11
When Asterisk is shut down, the astdb_atexit() function releases
(finalize) the previously initiated (prepared) SQL statements in
sqlite3. Another thread making a subsequent request can cause a
crash in sqlite3. This patch eliminates that issue by resetting
the statement pointer after it is released/cleared. The sqlite3
code detects the null pointer, and aborts the operation cleanly.
David M. Lee [Mon, 16 Dec 2013 17:29:54 +0000 (17:29 +0000)]
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
app_sms: BufferOverflow when receiving odd length 16 bit message
This patch prevents an infinite loop overwriting memory when
a message is received into the unpacksms16() function, where
the length of the message is an odd number of bytes.
(closes issue ASTERISK-22590)
Reported by: Jan Juergens
Tested by: Jan Juergens
Kevin Harwell [Mon, 4 Nov 2013 21:20:58 +0000 (21:20 +0000)]
chan_sip: notify dialog info ignores presentation indicator in callerid
The presentation indicator in a callerid (e.g. set by dialplan function
Set(CALLERID(name-pres)= ...)) is not checked when SIP Dialog Info Notifies
are generated during extension monitoring. Added a check to make sure the
name and/or number presentations on the callee (remote identity) are set to
allow. If they are restricted then "anonymous" is used instead.
(closes issue AST-1175)
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/2976/
........
Merged revisions 402450 from http://svn.asterisk.org/svn/asterisk/branches/11
In ASTERISK-17842, some additional library checks were added to the configure
script so that the bfd library could be found on CentOS and Fedora systems.
As it turns out, openSUSE requires an additional library. This patch adds
another check to the configure script for openSUSE that will add that library.
res_rtp_asterisk: Correct erroneous lost packet information in RTCP reports
RTCP's calculation of the number of lost packets in an RTP stream is based on
that stream's sequence number count, the number of received packets, and how
many packets we expect to receive. When the SSRC for an RTP stream changes,
there can - and almost always will be - a large jump in the next packet's
timestamp and sequence number. If we don't reset the number of received
packets, sequence number count, and other metrics used by RTCP, the next RR/SR
report will use the previous SSRC's values to calculate the lost packet count
for the new SSRC - resulting in a very large number of lost packets.
This patch modifies res_rtp_asterisk such that, if it detects a SSRC change, it
will reset the various values used by the RTCP calculations. From the
perspective of RTCP, this appears as a new media stream - which is what it is.
Review: https://reviewboard.asterisk.org/r/2886/
(closes issue AST-1174)
Reported by: Thomas Arimont
........
Merged revisions 400089 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
r401446 | mjordan | 2013-10-22 17:42:24 -0500 (Tue, 22 Oct 2013) | 15 lines
res_rtp_asterisk: Fix crash when RTCP is not available during SSRC change
In r400089, a patch was put in to correct erroneous RTCP statistic resets.
Unfortunately, ast_rtp_read can be called on an RTP instance that does not
have RTCP information. This patch prevents that crash by only resetting
the statistics if we do actually have an RTCP instance.
(issue AST-1174)
(closes issue ASTERISK-22667)
Reported by: John Bigelow
........
Merged revisions 401445 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
r401960 | sgriepentrog | 2013-10-25 15:44:40 -0500 (Fri, 25 Oct 2013) | 15 lines
pbx.c: fix confused match caller id that deleted exten still in hash
This fixes a bug where a zero length callerid match adjacent to a no
match callerid extension entry would be deleted together, which then
resulted in hashtable references to free'd memory. A third state of
the matchcid value has been added to indicate match to any extension
which allows enforcing comparison of matchcid on/off without errors.
Richard Mudgett [Wed, 18 Sep 2013 23:36:12 +0000 (23:36 +0000)]
UDPTL: Backport some fixes from v12 that should be in v11.
Backported the following as applied to udptl.c:
* -r398020 Fixup udpdl defaults if config file not present.
* -r398533 Fixup improper use of ao2_global_obj_replace().
Kinsey Moore [Wed, 18 Sep 2013 19:55:46 +0000 (19:55 +0000)]
Fix jitter buffer log file creation
This adjusts '/'-to-'#' replacement to replace all instances of '/'
instead of just the first to ensure that the jitter buffer log file
gets the correct name as per Richard Kenner's suggestion.
(closes issue ASTERISK-21036)
Reported by: Richard Kenner
........
Merged revisions 399402 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Wed, 18 Sep 2013 17:17:13 +0000 (17:17 +0000)]
Add a WARNING in bridge_softmix when a timing module isn't loaded
If bridge_softmix fails to be created because no timing source is present in
Asterisk, this will currently fail gracefully but with (most likely) a generic
error message by whatever module tried to create the softmix bridge. This
patch adds a more explicit warning so you can actually diagnose and fix the
problem.
Michael L. Young [Wed, 18 Sep 2013 01:34:09 +0000 (01:34 +0000)]
Fix Segfault When Syntax Of A Line Under [applicationmap] Is Invalid
When processing the lines under the [applicationmap] context in features.conf, a
segfault occurs from attempting to process a line with an invalid syntax
(basically missing most of the arguments).
Example:
[applicationmap]
automon=*6
* This patch moves the checking for empty arguments to before they are accessed.
* Also, checked the "todo" comment and removed it. Some applications do not
require arguments.
(closes issue ASTERISK-22416)
Reported by: CGI.NET
Tested by: CGI.NET
Patches:
asterisk-22416-check-syntax-first_v2.diff by Michael L. Young (license 5026)
Kevin Harwell [Tue, 17 Sep 2013 18:32:57 +0000 (18:32 +0000)]
Remote console: more output discrepancies
The remote console continued to have issues with its output. In this case CLI
command output would either not show up (if verbose level = 0) or would contain
verbose prefixes (if verbose level > 0) once log messages were sent to the
remote console. The fix now now adds verbose prefix data to all new lines
contained in a verbose log string.
Kevin Harwell [Tue, 17 Sep 2013 14:24:02 +0000 (14:24 +0000)]
Confbridge: empty conference not being torn down
Confbridge would not properly tear down an empty conference bridge when all
users were kicked via end_marked=yes and at least one user was also set to
wait_marked. This occurred because while end_marked users were being kicked
and at least one was also set to wait_marked then the leave wait_marked handler
would be called on that user, but there would be no waiting user (still
considered active). The waiting users would decrement and now be negative. The
conference would remain, but be put into an inactive state. The solution was
to move from the active list to the wait list, those users with wait_marked set
right before kicking. This allows both the active and wait users to decrement
correctly and the confbridge to tear down properly.
A crashed also occurred when trying to list the specific conference from the CLI.
This happened because the conference specified was invalid. Since the
conference properly tears down now there is no way to reference it thus
alleviating the crash as well.
(closes issue ASTERISK-21859)
Reported by: Chris Gentle
Review: https://reviewboard.asterisk.org/r/2848/
Richard Mudgett [Mon, 16 Sep 2013 16:42:35 +0000 (16:42 +0000)]
chan_iax2: Fix saving the wrong expiry time in astdb.
When a new IAX2 client registers, the astdb database is updated with the
value of minregexpire defined in iax.conf instead of using the expiry time
that is provided by the client. The provided expiry time of the client is
updated after inserting the astdb entry. As a consequence, restarting or
reloading asterisk creates clients whose registration may expire before
they reregister. The clients are therefore unavailable after minregexpire
seconds until they reregister.
* Move updating of the expiry time to before inserting into the astdb.
(closes issue ASTERISK-22504)
Reported by: Stefan Wachtler
Patches:
chan_iax2.c.patch (license #6533) patch uploaded by Stefan Wachtler
........
Merged revisions 399158 from http://svn.asterisk.org/svn/asterisk/branches/1.8
David M. Lee [Fri, 13 Sep 2013 20:49:33 +0000 (20:49 +0000)]
Don't write to /tmp/refs when REF_DEBUG is not defined.
If MALLOC_DEBUG is enabled, then the debug destructor for the container
is used, which would erroneously write to /tmp/refs. This patch only
uses the debug destructor if ref_debug is used.
(closes issue ASTERISK-22536)
........
Merged revisions 399098 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Kinsey Moore [Fri, 13 Sep 2013 13:48:34 +0000 (13:48 +0000)]
Fix several crashes in MeetMeAdmin
This change ensures that MeetMeAdmin commands requiring a user actually
get a user and fixes another issue where an extra dereference could
occur for a last-entered user being ejected if a user identifier was
also provided.
(closes issue ASTERISK-21907)
Reported by: Alex Epshteyn
Review: https://reviewboard.asterisk.org/r/2844/
........
Merged revisions 399033 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Rusty Newton [Thu, 12 Sep 2013 00:02:37 +0000 (00:02 +0000)]
'queue add member' help text correction
You are adding dial strings to the queue, not channels. An aribitrary string
could be used, but you are typically referencing a channel. Correcting the
command help text.
(issue ASTERISK-22263)
(closes issue ASTERISK-22263)
Reported By: Rusty Newton
........
Merged revisions 398884 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Jonathan Rose [Wed, 11 Sep 2013 19:46:39 +0000 (19:46 +0000)]
chan_sip: Reject calls without prior SDP on 200 OK
If we receive a 200 OK without SDP, we will now check to see if
the remote address has been established for that channel's RTP
session and if the to tag for that channel has changed from
the most recent to tag in a response less than 200.
If either a change has been made since the last to-tag was
received or the remote address is unset, then we will drop
the call.
(closes issue ASTERISK-22424)
Reported by: Jonathan Rose
Review: https://reviewboard.asterisk.org/r/2827/diff/#index_header
........
Merged revisions 398835 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Richard Mudgett [Mon, 9 Sep 2013 23:21:46 +0000 (23:21 +0000)]
MALLOC_DEBUG: Change fence magic number to be completely different from the freed magic number.
Race conditions between freeing a nul terminated string and
ast_strdup()'ing it are more likely to be detected if the fence and freed
magic numbers are completely different.
........
Merged revisions 398703 from http://svn.asterisk.org/svn/asterisk/branches/1.8
David M. Lee [Mon, 9 Sep 2013 20:02:32 +0000 (20:02 +0000)]
Fix DEBUG_THREADS when lock is acquired in __constructor__
This patch fixes some long-standing bugs in debug threads that were
exacerbated with recent Optional API work in Asterisk 12.
With debug threads enabled, on some systems, there's a lock ordering
problem between our mutex and glibc's mutex protecting its module list
(Ubuntu Lucid, glibc 2.11.1 in this instance). In one thread, the module
list will be locked before acquiring our mutex. In another thread, our
mutex will be locked before locking the module list (which happens in
the depths of calling backtrace()).
This patch fixes this issue by moving backtrace() calls outside of
critical sections that have the mutex acquired. The bigger change was to
reentrancy tracking for ast_cond_{timed,}wait, which wrongly assumed
that waiting on the mutex was equivalent to a single unlock (it actually
suspends all recursive locks on the mutex).
Kinsey Moore [Sat, 7 Sep 2013 00:59:41 +0000 (00:59 +0000)]
Prevent XMPP timeout on blank responses
Sometimes the Google Voice servers have a bad habit of sending out 1
byte replies to the xmpp resource. When a blank 1 byte reply is
received from the socket the buffer attempts to wait (endlessly) for
the rest of the reply from google which effectively blocks the socket
and google voice calls will no longer come into the server.
This patch allows the xmpp module to correctly detect empty packets and
send out ping replies to google. It also sets a socket timeout on the
default socket which prevents the xmpp socket from closing and
preventing future google voice calls from coming into the server.
Furthermore instead of sending an empty reply back to google we send a
proper xmpp ping reply back. This also adds several more
socket messages.
(closes issue ASTERISK-22347)
Reported by: Andrew Nagy
Review: https://reviewboard.asterisk.org/r/2771
Patches:
xmpp_fix_1.diff uploaded by Andrew Nagy (License #6524)
Kinsey Moore [Fri, 6 Sep 2013 19:28:16 +0000 (19:28 +0000)]
Fix Jabber/XMPP distributed MWI
The mailbox and context are swapped on the receiving end for all users
of Jabber and XMPP distributed MWI in Asterisk 1.8 and all more recent
versions. This swaps those values to be correct when publishing to the
internal event system from Jabber/XMPP distributed MWI state.
(closes issue ASTERISK-22435)
Reported by: abelbeck
Tested by: Michael Keuter
Patches:
asterisk-1.8-res_jabber-aji_handle_pubsub_event.patch uploaded by abelbeck
asterisk-11-res_xmpp-xmpp_pubsub_handle_event.patch uploaded by abelbeck
........
Merged revisions 398523 from http://svn.asterisk.org/svn/asterisk/branches/1.8
projects / thirdparty / asterisk.git / log
