Kevin Harwell [Thu, 14 May 2015 20:13:58 +0000 (15:13 -0500)]
audiohook.c: Difference in read/write rates caused continuous buffer resets
Currently, everytime a sample rate change occurs (on read or write) the
associated factory buffers are reset. If the requested sample rate on a
read differed from that of a write then the buffers are continually reset
on every read and write. This has the side effect of emptying the buffer,
thus there being no data to read and then write to a file in the case of
call recording.
This patch fixes it so that an audiohook_list's rate always maintains the
maximum sample rate among hooks and formats. Audiohook sample rates are
only overwritten by this value when slin native compatibility is turned on.
Also, the audiohook sample rate can only overwrite the list's sample rate
when its rate is greater than that of the list or if compatibility is
turned off. This keeps the rate from constantly switching/resetting.
main/manager.c: Bugfix sort action_manager by alphabetically
Fix the alphabetic order added on ast_manager_register_struct. The order
for struct manager_action added is not working, this change fixes the
problem.
MySQL configuration engine contains a bug in require_mysql(). This
function is used for column type checking in tables. This bug only
affects DATETIME, DATE and FLOAT types.
It came from mixing the first condition (switch-case-like
if/then/else), to check the expected column type, with the second
condition, to check the actual column type against the expected column
type. Both conditions must be checked separately in order to avoid the
execution of the wrong block.
ASTERISK-18252 #comment This patch might fix the issue
Reported by: Gareth Blades
Richard Mudgett [Tue, 12 May 2015 22:34:45 +0000 (17:34 -0500)]
chan_dahdi/sig_pri: Fix crash on ISDN call hangup collision.
If an ISDN call is hungup by both sides at the same time a crash could
happen.
* Added missing NULL checks for the owner channel after calling
pri_queue_pvt_cause_data() in two places. Code after those calls need to
check the owner channel pointer for NULL before use because
pri_queue_pvt_cause_data() needs to do deadlock avoidance to lock the
owner and the owner may get hung up.
ASTERISK-21893 #close
Reported by: Alexandr Gordeev
MAKE_MENUSELECT currently sets CC to CC, which is the compiler for the
target platform. But menuselect is to be run on the build system, so
BUILD_CC needs to be used instead - like it was in the past, before the
recent changes (https://reviewboard.asterisk.org/r/4370/). This is the
patch for ASTERISK-25074.
ASTERISK-25074 #close
Reported by: Sebastian Kemper
Tested by: Sebastian Kemper
Corey Farrell [Tue, 12 May 2015 06:31:58 +0000 (02:31 -0400)]
Fix processing of asterisk.conf debug=yes.
The code which reads asterisk.conf supports processing the debug
option with ast_true, but ast_true returns -1. This causes debug
to still be off, convert to 1 so debug will be on as requested.
Ivan Poddubny [Mon, 11 May 2015 12:07:31 +0000 (12:07 +0000)]
pbx/pbx_spool: Fix issue when call files were executed too early
pbx_spool used to delete/move the call file upon successful outgoing
call completion, but did not delete it from in-memory list of files
(dirlist, used only when compiled with inotify/kqueue support).
That resulted in an extra attempt to process that filename after
retrytime seconds.
Then, if a new file with the same name appears that is scheduled
in future further than the completed one plus its retrytime,
then it gets executed earlier than expected.
This patch fixes remove_from_queue function to also remove the entry
from the dirlist.
Sean Bright [Fri, 8 May 2015 15:39:42 +0000 (15:39 +0000)]
res_rtp_asterisk: Issue ERROR if res_srtp is not found.
While trying to get WebRTC working with chan_pjsip, I was running
into the following error:
Attempted to set an invalid DTLS-SRTP configuration on RTP
instance...
Josh helpfully pointed out that res_srtp.so might not be loaded, and
sure enough, it wasn't. This patch adds a ERROR indiciating as much
to hopefully help others having a similar problem.
Alexander Traud [Tue, 5 May 2015 16:35:16 +0000 (18:35 +0200)]
tcptls: Avoiding ERR_remove_state in OpenSSL.
ERR_remove_state was deprecated with OpenSSL 1.0.0 and was replaced by
ERR_remove_thread_state. ERR_load_SSL_strings and ERR_load_BIO_strings were
called by SSL_load_error_strings already and got removed. These changes allow
OpenSSL forks like BoringSSL to be used with Asterisk.
ASTERISK-25043 #close
Reported by: Alexander Traud
patches:
asterisk_with_BoringSSL.patch uploaded by Alexander Traud (License 6520)
George Joseph [Thu, 7 May 2015 19:54:35 +0000 (13:54 -0600)]
doc: Make progdocs play nice with git
Moved contrib/asterisk-ng-doxygen to doc/asterisk-ng-doxygen.in
Changed /Makefile to copy asterisk-ng-doxygen.in to
asterisk-ng-doxygen then modify it with version instead of
modifying asterisk-ng-doxygen directly. Updated clean
targets as well.
Martin Tomec [Tue, 21 Apr 2015 16:52:22 +0000 (18:52 +0200)]
res_odbc: Use negative connection cache for all connections
Apply the negative connection cache setting to all connections,
even those that are not pooled. This ensures that the connection
will not be re-established before the negative connection cache
time is met.
Created autoconf/ast_check_raii.m4: contains AST_CHECK_RAII which
checks compiler requirements for RAII:
gcc: -fnested-functions support
clang: -fblocks (and if required -lBlocksRuntime)
The original check was implemented in configure.ac and now has it's
own file. This function also sets C_COMPILER_FAMILY to either gcc or
clang for use by makefile
Created autoconf/ast_check_strsep_array_bounds.m4 (contains
AST_CHECK_STRSEP_ARRAY_BOUNDS):
which checks if clang is able to handle the optimized strsep & strcmp
functions (linux). If not, the standard libc implementation should be
used instead. Clang + the optimized macro's work with:
strsep(char *, char []), but not with strsepo(char *, char *).
Instead of replacing all the occurences throughout the source code,
not using the optimized macro version seemed easier
See 'define __strcmp_gc(s1, s2, l2) in bits/string2.h':
llvm-comment: Normally, this array-bounds warning are suppressed for
macros, so that unused paths like the one that accesses __s1[3] are
not warned about. But if you preprocess manually, and feed the
result to another instance of clang, it will warn about all the
possible forks of this particular if statement. Instead of switching
of this optimization, another solution would be to run the preproces-
sing step with -frewrite-includes, which should preserve enough
information so that clang should still be able to suppress the diag-
nostic at the compile step later on.
See also "https://llvm.org/bugs/show_bug.cgi?id=20144"
See also "https://llvm.org/bugs/show_bug.cgi?id=11536"
Makefile.rules: If C_COMPILER_FAMILY=clang then add two warning
suppressions:
-Wno-unused-value
-Wno-parentheses-equality
In an earlier review (reviewboard: 4550 and 4554), they were deemed a
nuisace and less than benefitial.
configure.ac:
Added AST_CHECK_RAII() see earlier
Added AST_CHECK_STRSEP_ARRAY_BOUNDS() see earlier
Removed moved content
Build System: Prevent unneeded changes to asterisk/buildopts.h.
* Add AST_DEVMODE to BUILDOPTS
* Remove CFLAGS that do not effect ABI from BUILDOPTS.
* Use BUILDOPTS to generate AST_BUILDOPT_SUM.
* Remove loop that defined AST_MODULE_*
These changes ensure that only ABI effecting options are considered for
AST_BUILDOPT_SUM. This also reduces unneeded full system rebuilds caused
by enabling or disabling one module that another is dependent on.
Matt Jordan [Wed, 29 Apr 2015 19:49:23 +0000 (14:49 -0500)]
main/pbx: Improve performance of dialplan reloads with a large number of hints
The PBX core maintains two hash tables for hints: a container of the
actual hints (hints), along with a container of devices that are watching that
hint (hintdevices). When a dialplan reload occurs, each hint in the hints
container is destroyed; this requires a lookup in the container of devices to
find the device => hint mapping object. In the current code, this performs an
ao2_callback, iterating over each of the device to hint objects in the
hintdevices container. For a large number of hints, this is extremely
expensive: dialplan reloads with 20000 hints could take several minutes
in just this phase.
This patch improves the performance of this step in the dialplan reloads
by caching which devices are watching a hint on the hint object itself.
Since we don't want to create a circular reference, we just cache the
name of the device. This allows us to perform a smarter ao2_callback on
the hintdevices container during hint removal, hashing on the name of the
device and returning an iterator to the matching names. The overall
performance improvement is rather large, taking this step down to a number of
seconds as opposed to minutes.
In addition, this patch also registers the hint containers in the PBX
core with the astobj2 library. This allows for reasonable debugging to
hash collisions in those containers.
Matt Jordan [Thu, 30 Apr 2015 16:04:04 +0000 (11:04 -0500)]
include/asterisk/vector.h: Backport vector.h to Asterisk 11
Vectors are very useful constructs. As a container, they prevent having
to calloc/realloc arrays manually. They also have advantages over linked
lists, which require elements in the list to be a struct. This patch
backports vectors to Asterisk 11 for use in future patches.
Richard Mudgett [Wed, 29 Apr 2015 22:28:07 +0000 (17:28 -0500)]
chan_dahdi: Add the chan_dahdi.conf force_restart_unavailable_chans option.
Some telco switches occasionally ignore ISDN RESTART requests. The fix
for ASTERISK-19608 added an escape clause for B channels in the restarting
state if the telco ignores a RESTART request. If the telco fails to
acknowledge the RESTART then Asterisk will assume the telco acknowledged
the RESTART on the second call attempt requesting the B channel by the
telco. The escape clause is good for dealing with RESTART requests in
general but it does cause the next call for the restarting B channel to be
rejected if the telco insists the call must go on that B channel.
chan_dahdi doesn't really need to issue a RESTART request in response to
receiving a cause 44 (Requested channel not available) code. Sending the
RESTART in such a situation is not required (nor prohibited) by the
standards. I think chan_dahdi does this for historical reasons to deal
with buggy peers to get channels unstuck in a similar fashion as the
chan_dahdi.conf resetinterval option.
* Add the chan_dahdi.conf force_restart_unavailable_chans compatability
option that when disabled will prevent chan_dahdi from trying to RESTART
the channel in response to a cause 44 code.
ASTERISK-25034 #close
Reported by: Richard Mudgett
cdr/cdr_csv.c: Add a new option to enable columns added in Asterisk 1.8
This patch adds a new option to cdr.conf, 'newcdrcolumns', that will handle CDR
columns added in Asterisk 1.8. The columns are:
* peeraccount
* linkedid
* sequence
When enabled, the columns in the database entry will be populated with the data
from the CDR.
Matt Jordan [Wed, 29 Apr 2015 21:15:43 +0000 (16:15 -0500)]
main/rtp_engine: Fix DTLS double-free introduced by 0b6410c4f8
The patch in 0b6410c4f8 did correctly fix a memory leak of the DTLS
structures in the RTP engine. However, when a 'core reload' is issued, a
double free of the memory pointed to by the char *'s in the DTLS
configuration struct can occur, as ast_rtp_dtls_cfg_free does not set
the pointers to NULL when they are freed.
This patch sets those pointers to NULL, preventing a second call to
ast_rtp_dtls_cfg_free from corrupting memory.
Kevin Harwell [Wed, 29 Apr 2015 18:19:58 +0000 (13:19 -0500)]
res_fax: allow 2400 transmission rate according to v.27ter standard
A previous set of patches (see: ASTERISK-22790 & ASTERISK-23231) made it so
a v.27 modem was not allowed to have a minimum transmission rate of 2400 bits
per second. This reverts all or some of those patches since according to the
v.27ter standard a rate of 2400 bits per second is also supported.
One of the original patches also added 9600 bits per second support for v.27.
This patch also removes that since v.27ter only supports 2400/4800 bits per
second.
Also, since Asterisk specifically supports v.27ter the enum was renamed to
better reflect this.
Mark Michelson [Wed, 29 Apr 2015 16:46:48 +0000 (11:46 -0500)]
rtp_engine: Prevent unnecessary memory increases during calls.
The doxygen for ast_rtp_codecs_payloads_copy() states:
"This copies the payloads from the codecs0 structure to the codecs1
structure, overwriting any current values."
However, in practice, the overwriting of current values was not
happening. Instead, a new RTP codec payload object would be appended to
the codecs1 structure instead of replacing the corresponding object.
This patch corrects this behavior by overwriting the object in the
codecs1 structure if it exists already. If it does not already exist,
then create a new copy and link it in.
Tests of "memory show summary rtp_engine.c" had previously shown
additional allocations being performed any time that Asterisk processed
an incoming SDP. Scenarios involving lots of reinvites resulted in lots
of allocations. With this patch, I can perform as many reinvites as
I want and see no memory increases from the RTP engine.
ASTERISK-24916 #close
Reported by Christophe Osuna
The realtime API passes down the va_list argument to each RT engine in
failover chain until one succeeds. MySQL engine used to access the
variable argument list with va_arg, which mutates the va_list, so the
next engine in failover chain gets invalid agrument list.
This patch uses va_copy to preserve the original va_list argument intact.
ASTERISK-19538 #close
Reported by: alexat
Tested by: Ivan Poddubny
Steve Davies [Tue, 28 Apr 2015 10:38:30 +0000 (11:38 +0100)]
res_rtp_asterisk: Resolve 2 discrete memory leaks in DTLS
ao2 ref leak in res_rtp_asterisk.c when a DTLS policy is created.
The resources are linked into a table, but the original alloc refs
are never released. ast_strdup leak in rtp_engine.c. If
ast_rtp_dtls_cfg_copy() is called twice on the same destination struct,
a pointer to an alloc'd string is overwritten before the string is free'd.
cdr/cdr_odbc.c: Added to record new columns add on CDR 1.8 Asterisk Version
Add new column to INSERT new columns added in cdr 1.8 version. The columns are:
* peeraccount
* linkedid
* sequence
This feature is configurable in cdr_odbc.conf using a new configuration
option, 'newcdrcolumns'.
Kevin Harwell [Thu, 23 Apr 2015 20:05:07 +0000 (15:05 -0500)]
app_confbridge: Default the template option to a compatible default profile.
Confbridge dynamic profiles did not have a default profile unless you
explicitly used Set(CONFBRIDGE(bridge,template)=default_bridge). If a
template was not set prior to the bridge being created then some
options were left with no default values set. This patch makes it so
the default templates are set to the default bridge and user profiles.
Matt Jordan [Fri, 24 Apr 2015 15:23:06 +0000 (10:23 -0500)]
Clang: Fix some more tautological-compare warnings.
clang can warn about a so called tautological-compare, when it finds
comparisons which are logically always true, and are therefore deemed
unnecessary.
Example:
unsigned int x = 4;
if (x > 0) // x is always going to be bigger than 0
Enum Case:
Each enumeration is its own type. Enums are an integer type but they do not
have to be *signed*. C leaves it up to the compiler as an implementation
option what to consider the integer type of a particular enumeration is.
Gcc treats an enum without negative values as an int while clang treats this
enum as an unsigned int.
rmudgett & mmichelson:
cast the enum to (unsigned int) in assert. The cast does have an effect.
For gcc, which seems to treat all enums as int, the cast to unsigned int
will eliminate the possibility of negative values being allowed. For
clang, which seems to treat enums without any negative members as
unsigned int, the cast will have no effect. If for some reason in the
future a negative value is ever added to the enum the assert will still
catch the negative value.
clang can warn about a so called tautological-compare, when it finds
comparisons which are logically always true, and are therefor deemed
unnecessary.
Exanple:
unsigned int x = 4;
if (x > 0) // x is always going to be bigger than 0
Enum Case:
Each enumeration is its own type. Enums are an integer type but they
do not have to be *signed*. C leaves it up to the compiler as an
implementation option what to consider the integer type of a particu-
lar enumeration is. Gcc treats an enum without negative values as
an int while clang treats this enum as an unsigned int.
rmudgett & mmichelson: cast the enum to (unsigned int) in assert.
The cast does have an effect. For gcc, which seems to treat all enums
as int, the cast to unsigned int will eliminate the possibility of
negative values being allowed. For clang, which seems to treat enums
without any negative members as unsigned int, the cast will have no
effect. If for some reason in the future a negative value is ever
added to the enum the assert will still catch the negative value.
- When you need to refer to 'variable XXX' outside a block, it needs
to be declared as '__block XXX', otherwise it will not be available with-
in the block, making updating that variable hard to do, and ast_free
lead to issues.
- Removed the #error message
because it creates complications when compiling external projects
against asterisk For example when using a different compiler than the
one used to compile asterisk. The warning/error should be generated
during the configure process not the compilation process
Richard Mudgett [Mon, 20 Apr 2015 23:00:34 +0000 (18:00 -0500)]
chan_dahdi/sig_pri: Make post AMI HangupRequest events on PRI channels.
The chan_dahdi channel driver is a very old driver. The ability for it to
support ISDN was added well after the initial analog support. Setting the
softhangup flags is a carry over from the original analog code. The
driver was not updated to call ast_queue_hangup() which will post the AMI
HangupRequest event.
* Changed sig_pri.c to call ast_queue_hangup() instead of setting the
softhangup flag when the remote party initiates a hangup.
Matt Jordan [Sun, 19 Apr 2015 20:49:43 +0000 (15:49 -0500)]
main/pbx: Don't attempt to destroy a previously destroyed exten/priority tuple
When a PBX registrar is unloaded, it will fail to remove its extension from
the context root_table if a dialplan application used by that extension is
still loaded. This can be the case for AGI, which can be unloaded after several
of the standard PBX providers. Often, this is harmless; however, if the
extension's priorities are removed during the failed unloading *and* the
dialplan application later unregisters, it leaves a ticking timebomb for the
next PBX provider that attempts to iterate over the extensions. When that
occurs, the peer_table pointer on the extension will already be set to NULL.
The current code does not check to see if the pointer is NULL before passing
it to a hashtab function this is not NULL tolerant.
Since it is possible for the peer_table to be NULL when we normally would not
expect that to be the case, the solution in this patch is to simply skip over
processing an extension's priorities if peer_table is NULL.
Prior to this patch, the tests/pbx/callerid_match test would crash during
module unload. With this patch, the test no longer crashes after running.
Fix issue with AST_THREADSTORAGE_RAW when DEBUG_THREADLOCALS is enabled.
When DEBUG_THREADLOCALS is enabled it causes the threadlocal cleanup to be
called as a function. This causes a compile error with raw threadstorage as
it uses NULL for cleanup. This fix uses a macro that provides NULL when
DEBUG_THREADLOCALS is disabled, and replaces the call to "c_cleanup(data);"
with "{};" when DEBUG_THREADLOCALS is enabled.
Build System: Replace comment about setting menuselect defaults.
The Makefile claims that you can set default menuselect options by creating
~/.asterisk.makeopts or /etc/asterisk.makeopts, but those files have never
been respected in Asterisk 11 or 13. This changes the comment to accurately
reflect that these files are not automatically used by the build system.
Matt Jordan [Mon, 13 Apr 2015 14:54:18 +0000 (09:54 -0500)]
build_tools/make_version: Update version parsing for Git migration
External systems - such as the Asterisk Test Suite - require knowledge of the
upstream branch. Unfortunately, after moving to Git, the Asterisk version
currently consists of only a 'GIT" prefix followed by an object blob,
e.g., GIT-as08d7. This makes it difficult for such systems to know what
features are available in a particular check out of Asterisk.
This patch fixes this by hardcoding the branch in a variable in the
make_version script. Since the mainline branches are not changed often -
typically only once a year - this is a reasonable approach to solving
the problem, and is more reliable than parsing the output of 'git branch
-vv'. Branches that track off of an upstream primary branch will then get the
benefit of knowing which mainline branch they are currently based off
of.
Matt Jordan [Sun, 12 Apr 2015 17:59:22 +0000 (12:59 -0500)]
git migration: Remove support for file versions
Git does not support the ability to replace a token with a version
string during check-in. While it does have support for replacing a
token on clone, this is somewhat sub-optimal: the token is replaced
with the object hash, which is not particularly easy for human
consumption. What's more, in practice, the source file version was often
not terribly useful. Generally, when triaging bugs, the overall version
of Asterisk is far more useful than an individual SVN version of a file.
As a result, this patch removes Asterisk's support for showing source file
versions.
Specifically, it does the following:
* main/asterisk:
- Refactor the file_version structure to reflect that it no longer
tracks a version field.
- Alter the "core show file version" CLI command such that it always
reports the version of Asterisk. The file version is no longer
available.
* main/manager: The Version key now always reports the Asterisk version.
* UPGRADE: Add notes for:
- Modification to the ModuleCheck AMI Action.
- Modification to the CLI "core show file version" command.
Matt Jordan [Sun, 12 Apr 2015 04:22:59 +0000 (23:22 -0500)]
.gitignore: Ignore tarballs (*.gz)
This patch updates the root .gitignore file to ignore files with a .gz
extension. This will cause git to ignore downloaded sound tarballs in
the the sounds/ directory.
Matthew Jordan [Sat, 11 Apr 2015 15:34:43 +0000 (15:34 +0000)]
main/event: Remove unnecessary assignment of negative value to enum
When cleaning up some clang compiler warnings, the comparison of a negative
value to an unsigned enum was removed. However, the initial assignment of a
negative value to said enum remained in the variable declaration. This patch
removes that assignment.
Thanks to ibercom in #asterisk-bugs for pointing it out.
Matthew Jordan [Sat, 11 Apr 2015 15:26:15 +0000 (15:26 +0000)]
clang compiler warnings: Fix various warnings for tests
This patch fixes a variety of clang compiler warnings for unit tests. This
includes autological comparison issues, ignored return values, and
interestingly enough, one embedded function. Fun!
Richard Mudgett [Fri, 10 Apr 2015 16:25:13 +0000 (16:25 +0000)]
translate.c: Only select audio codecs to determine the best translation choice.
Given a source capability of h264 and ulaw, a destination capability of
h264 and g722 then ast_translator_best_choice() would pick h264 as the
best choice even though h264 is a video codec and Asterisk only supports
translation of audio codecs. When the audio starts flowing, there are
warnings about a codec mismatch when the channel tries to write a frame to
the peer.
* Made ast_translator_best_choice() only select audio codecs.
* Restore a check in channel.c:set_format() lost after v1.8 to prevent
trying to set a non-audio codec.
This is an intermediate patch for a series of patches aimed at improving
translation path choices for ASTERISK-24841.
This patch is a complete enough fix for ASTERISK-21777 as the v11 version
of ast_translator_best_choice() does the same thing. However, chan_sip.c
still somehow tries to call ast_codec_choose() which then calls
ast_best_codec() with a capability set that doesn't contain any audio
formats for the incoming call. The remaining warning message seems to be
a benign transient.
Matthew Jordan [Fri, 10 Apr 2015 12:35:49 +0000 (12:35 +0000)]
channels/chan_iax2: Improve POKE expiration time calculation for lossy networks
POKE is used to check for peer availability; however, in networks with packet
loss, the current calculations may result in POKE expiration times that are too
short. This patch alters the expiration/retry time logic to take into account
the last known qualify round trip time, as opposed to always using a static
value for each peer.
Review: https://reviewboard.asterisk.org/r/4536
ASTERISK-22352 #close
Reported by: Frederic Van Espen
ASTERISK-24894 #close
Reported by: Y Ateya
patches:
poke_noanswer_duration.diff submitted by Y Ateya (License 6693)
This fixes autological comparison warnings in the following:
* chan_skinny: letohl may return a signed or unsigned value, depending on the
macro chosen
* func_curl: Provide a specific cast to CURLoption to prevent mismatch
* cel: Fix enum comparisons where the enum can never be negative
* enum: Fix comparison of return result of dn_expand, which returns a signed
int value
* event: Fix enum comparisons where the enum can never be negative
* indications: tone_data.freq1 and freq2 are unsigned, and hence can never be
negative
* presencestate: Use the actual enum value for INVALID state
* security_events: Fix enum comparisons where the enum can never be negative
* udptl: Don't bother to check if the return value from encode_length is less
than 0, as it returns an unsigned int
* translate: Since the parameters are unsigned int, don't bother checking
to see if they are negative. The cast to unsigned int would already blow
past the matrix bounds.
Matthew Jordan [Thu, 9 Apr 2015 02:03:57 +0000 (02:03 +0000)]
apps/app_queue: Prevent possible crash when evaluating queue penalty rules
Although it only occurred once, a crash occurred when a queue attempted to
evaluate a queue penalty rule that appeared to have already been destroyed.
In many locations in app_queue, a test is done to see if qe->pr is NULL;
however, when we dispose of a queue's penalty rules, we don't set the pointer
to NULL after free'ing it. This patch does that to prevent any dangling
pointers from lingering on the queue object.
Review: https://reviewboard.asterisk.org/r/4522
ASTERISK-23319 #close
Reported by: Vadim
patches:
rb4552.patch submitted by Stefan Engström (License 6691)
Jonathan Rose [Wed, 8 Apr 2015 16:11:53 +0000 (16:11 +0000)]
Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.
When registering to a SIP server with TLS, Asterisk will accept CA signed
certificates with a common name that was signed for a domain other than the
one requested if it contains a null character in the common name portion of
the cert. This patch fixes that by checking that the common name length
matches the the length of the content we actually read from the common name
segment. Some certificate authorities automatically sign CA requests when
the requesting CN isn't already taken, so an attacker could potentially
register a CN with something like www.google.com\x00www.secretlyevil.net
and have their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com - this is a security fix and is
noted in AST-2015-003.
ASTERISK-24847 #close
Reported by: Maciej Szmigiero
Patches:
asterisk-null-in-cn.patch submitted by mhej (license 6085)
........
Merged revisions 434337 from http://svn.asterisk.org/svn/asterisk/branches/1.8
Matthew Jordan [Wed, 8 Apr 2015 11:59:10 +0000 (11:59 +0000)]
chan_iax2: Fix crash caused by unprotected access to iaxs[peer->callno]
This patch fixes an access to the peer callnumber that is unprotected by a
corresponding mutex. The peer->callno value can be changed by multiple threads,
and all data inside the iaxs array must be procted by a corresponding lock
of iaxsl.
The patch moves the unprotected access to a location where the mutex is
safely obtained.
Matthew Jordan [Wed, 8 Apr 2015 11:51:24 +0000 (11:51 +0000)]
chan_sip: Handle IPv4 mapped IPv6 clients when NAT is enabled
When udpbindaddr is set to the IPv6 bind all address of '::', Asterisk will
attempt to handle both IPv4 and IPv6 addresses, although the information will
be stored in a struct with an AF_INET6 address type. However, the current
NAT handling code won't handle the IPv4 mapped IPv6 addresses correctly.
This patch adds an additional check for the mapped address case, allowing
the NAT code to handle clients even when the address is IPv6.
Review: https://reviewboard.asterisk.org/r/4563/
ASTERISK-18032 #close
Reported by: Christoph Timm
patches:
nat_with_ipv6.diff submitted by Valentin Vidić (License 6697)
This patch fixes several warnings pointed out by the clang compiler.
* app_minivm: Fixed evaluation of etemplate->locale, which will always
evaluate to 'true'. This patch changes the evaluation to use
ast_strlen_zero.
* app_queue:
- Fixed evaluation of qe->parent->monfmt, which always evaluates to
true. Instead, we just check to see if the dereferenced pointer
evaluates to true.
- Fixed evaluation of mem->state_interface, wrapping it with a call to
ast_strlen_zero.
Matthew Jordan [Tue, 7 Apr 2015 02:09:19 +0000 (02:09 +0000)]
clang compiler warnings: Fix sometimes-initialized warning in func_math
This patch fixes a bug in a unit test in func_math where a variable could be
passed to ast_free that wasn't allocated. This patch corrects the issue and
ensures that we only attempt to free a variable if we previously allocated
it.
Clang will flag errors when a char pointer is set to '\0', as opposed to a
value that the char pointer points to. This patch fixes this warning
in a variety of locations.
George Joseph [Mon, 6 Apr 2015 18:58:30 +0000 (18:58 +0000)]
build: Fixes for gcc 5 compilation
These are fixes for compilation under gcc 5.0...
chan_sip.c: In parse_request needed to make 'lim' unsigned.
inline_api.h: Needed to add a check for '__GNUC_STDC_INLINE__' to detect C99
inline semantics (same as clang).
ccss.c: In ast_cc_set_parm, needed to fix weird comparison.
dsp.c: Needed to work around a possible compiler bug. It was throwing
an array-bounds error but neither
sgriepentrog, rmudgett nor I could figure out why.
manager.c: In action_atxfer, needed to correct an array allocation.
This patch will go to 11, 13, trunk.
Review: https://reviewboard.asterisk.org/r/4581/ Reported-by: Jeffrey Ollie Tested-by: George Joseph
ASTERISK-24932 #close
Matthew Jordan [Mon, 6 Apr 2015 18:07:35 +0000 (18:07 +0000)]
clang compiler warnings: Remove large chunks of unused code from extconf
This patch fixes a warning caught by clang, in which it detected that large
chunks of extconf were unused. Frankly, I wish we could pretend that all of
extconf was unused, but alas, that is not yet the case.
Matthew Jordan [Mon, 6 Apr 2015 18:03:23 +0000 (18:03 +0000)]
clang compiler warnings: Fix sometimes-uninitialized warning in pbx_config
This patch fixes a warning caught by clang, in which a char pointer could be
assigned to before it was initialized. The patch re-organizes the code to
ensure that the pointer is always initialized, even on off nominal paths.
Matthew Jordan [Mon, 6 Apr 2015 17:51:59 +0000 (17:51 +0000)]
clang compiler warnings: Fix format specified in framehook
This patch fixes an invalid format specifier used in the formatting of an
ERROR message in the framehook code. The format specifier specifies a
type of 'unsigned short', but the argument passed to it is of type 'int'.
The patch changes the format specifier to 'i'.
projects / thirdparty / asterisk.git / log
