Kevin Harwell [Tue, 20 Aug 2019 20:05:45 +0000 (15:05 -0500)]
AST-2019-004 - res_pjsip_t38.c: Add NULL checks before using session media
After receiving a 200 OK with a declined stream in response to a T.38
initiated re-invite Asterisk would crash when attempting to dereference
a NULL session media object.
This patch checks to make sure the session media object is not NULL before
attempting to use it.
ASTERISK-28495
patches:
ast-2019-004.patch submitted by Alexei Gradinari (license 5691)
chan_sip: Handle invalid SDP answer to T.38 re-invite
The chan_sip module performs a T.38 re-invite using a single media
stream of udptl, and expects the SDP answer to be the same.
If an SDP answer is received instead that contains an additional
media stream with no joint codec a crash will occur as the code
assumes that at least one joint codec will exist in this
scenario.
George Joseph [Wed, 30 Jan 2019 19:25:55 +0000 (12:25 -0700)]
res_pjsip_sdp_rtp: Fix return code from apply_negotiated_sdp_stream
apply_negotiated_sdp_stream was returning a "1" when no joint
capabilities were found on an outgoing call instead of a "-1".
This indicated to res_pjsip_session that the handler DID handle
the sdp when in fact it didn't. Without the appropriate setup,
a subsequent media frame coming in would have an invalid stream_num
and cause a seg fault when the stream was attempted to be retrieved.
apply_negotiated_sdp_stream now returns the correct "-1" and any
media is now discarded before it reaches the core stream processing.
George Joseph [Wed, 27 Feb 2019 16:37:14 +0000 (09:37 -0700)]
CI: Update jenkinsfiles with new Gerrit URLs
The recent upgrade of Gerrit to 2.16 elimiated referencing a
repository in a way the jenkinsfiles were relying on so
the URL references were changed to a more consistent and supported
format.
George Joseph [Thu, 25 Oct 2018 15:25:58 +0000 (09:25 -0600)]
AST-2018-010: Fix length of buffer needed for SRV and NAPTR results
When dn_expand was being called on SRV and NAPTR results, the
return value was being used to calculate the size of the buffer
needed to store the host names. Since dn_expand returns the
length of the COMPRESSED name the buffer could be too short
to hold the EXPANDED name. The expanded name is NULL terminated
so using strlen() is the correct way to determine the length
actually needed for the buffer.
ASTERISK-28127
Reported by: Jan Hoffmann
patches:
patch.diff submitted by janhoffmann (license 6986)
Sean Bright [Wed, 3 Oct 2018 12:56:34 +0000 (08:56 -0400)]
http.c: Reload TLS even if http.conf hasn't changed
There is currently no way to indicate to Asterisk that TLS certificates
and/or keys have been updated other than by modifying http.conf or
restarting Asterisk.
There is already code in main/tcptls.c that determines if a reload is
actually necessary based on the hashes of the certicate and dependent
files, so this change merely gives us a way to request a reload without
explicitly modifying http.conf.
Richard Mudgett [Tue, 2 Oct 2018 21:15:37 +0000 (16:15 -0500)]
res_smdi.c: Fix module ref counting and inverted test.
I think this module is so screwed up that it doesn't work anymore. Even
with these attempts to fix things it still won't gracefully shut down.
The module refs will not go to zero to allow unloading the module.
* Fix module ref counting dealing with the SMDI interface object. There
were several off-nominal paths that unbalanced the module ref count. Also
the destructor freed the ao2 object itself which is bad. Made the
smdi_read thread not hold its own ref to the SMDI interface object so when
all refs go away the destructor will stop the listener thread.
* Fixed the smdi_load() return code of 1 concerning the number of
listeners. The test was inverted.
core/frame: Fix ast_frdup() and ast_frisolate() for empty text frames
If a channel creates an AST_TEXT_FRAME with datalen == 0, the ast_frdup()
and ast_frisolate() functions could create a clone frame with an invalid
data.ptr which would cause a crash. The proposed fix is to make sure that
for such empty text frames, ast_frdup() and ast_frisolate() return cloned
text frames with a valid data.ptr.
Corey Farrell [Mon, 1 Oct 2018 04:11:44 +0000 (00:11 -0400)]
astobj2: Record lock usage to refs log when DEBUG_THREADS is enabled.
When DEBUG_THREADS is enabled we can know if the astobj2 mutex / rwlock
was ever used, so it can be recorded in the REF_DEBUG destructor entry.
Create contrib/scripts/reflocks.py to process locking used by
allocator. This can be used to identify places where
AO2_ALLOC_OPT_LOCK_NOLOCK should be used to reduce memory usage.
res_pjsip: improve realtime performance on CLI 'pjsip show contacts'
CLI command 'pjsip show contacts' inefficiently make a lot of DB requests.
For example if there are 10k aors then asterisk requests these 10k records
of aor and then does 10k requests of contact - one request per aor.
Even if use 'like <pattern>' the asterisk requests all aor's and contact's
records and then filters them by itself.
This patch gathers contact's container by
- retrieving all dynamic contacts by regex (filtered by reg_server)
- retrieving all aors with permanent contacts
- finally filters container by regex
Add a volatile flag to lock tracking structures so we only need to use
the global lock when first initializing tracking.
Additionally add support for DEBUG_THREADS_LOOSE_ABI. This is used by
astobj2.c to eliminate storage for tracking fields when DEBUG_THREADS is
not defined.
George Joseph [Thu, 27 Sep 2018 18:19:28 +0000 (12:19 -0600)]
app_confbridge: Use bridge join hook to send join and leave events
The first attempt at publishing confbridge events to participants
involved publishing them at the same time stasis events were
created. This caused issues with bridge and channel locks. The
second attempt involved publishing them when the stasis events
were received by the code that published the confbridge AMI events.
This caused timing issues because, depending on resources available,
the event could be received before channels actually joined the
bridge and would therefore fail to send messages to the participant.
This attempt reverts to the original mechanism with one exception.
The join and leave events are published via bridge join and leave
hooks. This guarantees the states of the channels and bridge and
provides deterministic timing for event publishing.
When REF_DEBUG and AO2_DEBUG are both enabled we closed the refs log
before we shutdown astobj2_container. This caused the AO2_DEBUG
container registration container to be reported as a leak.
app_queue: Fix Attended transfer hangup with removing pending member.
This issue related to setting of holdtime, announcements, member delays.
It works well if we set the member delays to "0" and no announcements
and no holdtime.This issue will happen if we set member delays to "1",
"2"... or announcements or holdtime and hangs up the call during
processing it.
And here is the reason:
(At the step of answering a phone.)
It takes care any holdtime, announcements, member delays,
or other options after a call has been answered if it exists.
Normally, After the call has been aswered,
and we wait for the processing one of the cases of the member delays
or hold time or announcements finished, "if (ast_check_hangup(peer))"
will be not executed, then queue will be updated at update_queue().
Here, pending member will be removed.
However, after the call has been aswered,
if we hangs up the call during one of the cases of the member delays
or hold time or announcements, "if (ast_check_hangup(peer))"
will be executed.
outgoing = NULL and at hangupcalls, pending members will not be removed.
* This fixed patch will remove the pending member from container
before hanging up the call with outgoing is NULL.
ASTERISK-27920
Reported by: Cao Minh Hiep
Tested by: Cao Minh Hiep
Moritz Fain [Tue, 26 Jun 2018 14:17:37 +0000 (16:17 +0200)]
res_stasis: Fix stale data in ARI bridges
Fixed an issue that resulted in "Allocation failed" each time an ARI
request was made to start playing MOH on a bridge.
In bridge_moh_create() we were attaching the after bridge callbacks to
chan which is the ;1 channel of the unreal channel pair. We should have
attached them to the ;2 channel which is pushed into the bridge by
ast_unreal_channel_push_to_bridge(). The callbacks are called when the
specific channel leaves the bridging system. Since the ;1 channel is
never put into a bridge the callbacks never get called. The callbacks
then never remove the moh_wrapper from the app_bridges_moh container. As
a result we cannot find the channel associated with the wrapper to start
MOH because it has hungup. This is the reason causing the reported issue.
* Rather than using after bridge callbacks to cleanup, we now have
moh_channel_thread() doing the cleanup when the channel hangs up.
* Fixed moh_channel_thread() accumulating control frames on the stasis
bridge MOH channel until MOH is stopped. Control frames are no longer
accumulated while MOH is playing.
* Fixed channel ref counting issue. stasis_app_bridge_moh_channel() may
or may not return a channel ref. As a result ast_ari_bridges_start_moh()
wouldn't know it may have a channel ref to release.
stasis_app_bridge_moh_channel() will now return a ref with the channel it
returns.
Ben Ford [Mon, 10 Sep 2018 16:28:09 +0000 (11:28 -0500)]
res_rtp_asterisk.c: Add "seqno" strictrtp option
When networks experience disruptions, there can be large gaps of time
between receiving packets. When strictrtp is enabled, this created
issues where a flood of packets could come in and be seen as an attack.
Another option - seqno - has been added to the strictrtp option that
ignores the time interval and goes strictly by sequence number for
validity.
On SQL error there is not diagnostic information about this error.
There is only
WARNING res_odbc.c: SQL Execute error -1!
The function ast_odbc_print_errors calls a SQLGetDiagField to get the number
of available diagnostic records, but the SQLGetDiagField returns 0.
However SQLGetDiagRec could return one diagnostic records in this case.
Looking at many example of getting diagnostics error information
I found out that the best way it's to use only SQLGetDiagRec
while it returns SQL_SUCCESS.
Also this patch adds calls of ast_odbc_print_errors on SQL_ERROR
to res_config_odbc.
chan_sip: SipNotify on Chan_Sip vi AMI behave different to CLI
With tls and udp enabled asterisk generates a warning about sending
message via udp instead of tls.
sip notify command via cli works as expected and without warning.
asterisk has to set the connection information accordingly to connection
and not on presumption
George Joseph [Mon, 24 Sep 2018 22:56:07 +0000 (16:56 -0600)]
configure.ac: Check for unbound version >= 1.5
In order to do this and provide good feedback, a new macro was
created (AST_EXT_LIB_EXTRA_CHECK) which does the normal check and
path setups for the library then compiles, links and runs a supplied
code fragment to do the final determination. In this case, the
final code fragment compares UNBOUND_VERSION_MAJOR
and UNBOUND_VERSION_MINOR to determine if they're greater than or
equal to 1.5.
Since we require version 1.5, some code in res_resolver_unbound
was also simplified.
res_rtp_asterisk: Raise event when RTP port is allocated
This change raises a testsuite event to provide what port
Asterisk has actually allocated for RTP. This ensures that
testsuite tests can remove any assumption of ports and instead
use the actual port in use.
Kevin Harwell [Mon, 17 Sep 2018 20:35:05 +0000 (15:35 -0500)]
rtp_engine: rtcp_report_to_json can overflow the ssrc integer value
When writing an RTCP report to json the code attempts to pack the "ssrc" and
"source_ssrc" unsigned integer values as a signed int value type. This of course
means if the ssrc's unsigned value is greater than that which can fit into a
signed integer value it gets converted to a negative number. Subsequently, the
negative value goes out in the json report.
This patch now packs the value as a json_int_t, which is the widest integer type
available on a given system. This should make it so the value no longer
overflows.
Note, this was caught by two failing tests hep/rtcp-receiver/ and
hep/rtcp-sender.
res_rtp_asterisk: Fix crash on ast_rtp_new failure.
ast_rtp_new free'd rtp upon failure, but rtp_engine.c would also call
the destroy callback. Remove call to ast_free from ast_rtp_new, leave
it to rtp_engine.c to initiate the full cleanup. Add error detection
for the ssrc_mapping vector initialization. In rtp_allocate_transport
set rtp->s = -1 in the failure path where we close that FD to ensure we
don't try closing it twice.
George Joseph [Thu, 20 Sep 2018 15:15:48 +0000 (09:15 -0600)]
app_voicemail: Cleanup mailbox topic and cache
app_voicemail wasn't properly cleaning up the stasis cache or the
mwi topic pool when the module was unloaded or when a user was
deleted as a result of a reload. This resulted in leaks in both
areas.
* app_voicemail now calls ast_delete_mwi_state_full when it frees
a user structure and ast_delete_mwi_state_full in turn now calls
the new stasis_topic_pool_delete_topic function to clear the topic
from the pool.
The HTTP request processing in res_http_websocket allocates additional
space on the stack for various headers received during an Upgrade request.
An attacker could send a specially crafted request that causes this code
to overflow the stack, resulting in a crash.
* No longer allocate memory from the stack in a loop to parse the header
values. NOTE: There is a slight API change when using the passed in
strings as is. We now require the passed in strings to no longer have
leading or trailing whitespace. This isn't a problem as the only callers
have already done this before passing the strings to the affected
function.
George Joseph [Thu, 20 Sep 2018 14:41:15 +0000 (08:41 -0600)]
stasis: Add function to delete topic from pool
There's been a long standing leak when using topic pools. The
topics in the pool get cleaned up when the last pool reference is
released but you can't remove a topic specifically. If you reloaded
app_voicemail for instance, and mailboxes went away, their topics
were left in the pool.
* Added stasis_topic_pool_delete_topic() so modules can clean up
topics from pools.
* Registered the topic pool containers so it can be examined from
the CLI when AO2_DEBUG is enabled. They'll be named
"<topic_pool_name>-pool".
res_remb_modifier: Add module for controlling REMB from CLI.
This adds a module which registers a CLI command that can set the
REMB bitrate value for REMB as it enters or exits Asterisk. This
allows you to ignore what Asterisk or a client produces and is
useful for demonstrations.
This does not generate REMB frames, however, but just modifies
them as they flow to or from a channel.
Richard Mudgett [Fri, 14 Sep 2018 20:51:41 +0000 (15:51 -0500)]
stasis: No need to keep a stasis type ref in a stasis msg or cache object.
Stasis message types are global ao2 objects and we make stasis messages
and cache entries hold references to them. Since there are currently
situations where cache objects are never deleted, the reference count on
the types can exceed 100000 and generate a FRACK assertion message. The
stasis message cache could conceivably also have that many messages
legitimately on large systems.
The only down side to not holding the message type ref in the stasis
message is it only makes a crash either at shutdown or when manually
unloading a busy module slightly more likely. However, this is more
exposing a pre-existing stasis shutdown ordering issue than a problem with
not holding a message type ref in stasis messages.
* Made stasis messages and cache entries no longer hold a ref to the
message type.
Richard Mudgett [Fri, 14 Sep 2018 20:48:24 +0000 (15:48 -0500)]
stasis_message.c: Don't create immutable stasis objects with locks.
* Create the stasis message object without a lock as it is immutable.
* Create the stasis message type object without a lock as it is immutable.
* Creating the stasis message type could crash if the passed in type name
is NULL and REF_DEBUG is enabled. Added missing NULL check when passing
the ao2 object tag string.
This change brings in PJSIP 2.8, removes all the patches
that were merged upstream, and makes a minor change to
support a breaking change that was done.
alembic: fix suppress_q850_reason_headers column name
In the original commit introducing the feature the column in the alembic
script was called 'suppress_q850_reason_header'.
In the code however the option is called 'suppress_q850_reason_headers'
(trailing 's'). This leads to errors when ARI push configuration is used.
George Joseph [Thu, 13 Sep 2018 12:55:20 +0000 (06:55 -0600)]
app_voicemail: Remove need to subscribe to stasis
app_voicemail was using the stasis cache to build and maintain a
list of mailboxes that had subscribers. It then used this list
to determine if a mailbox should be polled for new messages if
polling was enabled. For this to work, stasis had to cache every
subscription and unsubscription to the mailbox which caused a lot of
overhead, both cpu and memory related.
Since polling is only required when changes are being made to
mailboxes outside of app_voicemail and since the number of mailboxes
that don't have any subscribers is likely to be very low, all
mailboxes are now polled instead of just the ones with subscribers.
This paves the way for disabling the caching of stasis subscription
change messages.
Also fixed cleanup in some of the unit tests that not only left
test users in the users list but also caused segfaults if the tests
were run more than once.
res_pjsip_session: Don't add declined stream if one does not exist.
Given a scenario where a session refresh was done with a removed
stream we would always add a removed stream to the outgoing SDP
even if one did not already exist.
This change makes it so that a removed stream is only placed into
the SDP if one already exists.
Sean Bright [Fri, 7 Sep 2018 14:40:05 +0000 (10:40 -0400)]
res_pjsip: Log IPv6 addresses correctly
Both pjsip_tx_data.tp_info.dst_name and pjsip_rx_data.pkt_info.src_name
store IPv6 addresses without enclosing brackets. This causes some log
output to be confusing because it is difficult to separate the IPv6
address from a port specification.
* Use pj_sockaddr_print() along with pjsip_tx_data.tp_info.dst_addr and
pjsip_rx_data.pkt_info.src_addr where possible for consistent IPv6
output.
* When a pj_sockaddr is not available, explicitly wrap IPv6 addresses
in brackets.
* When assigning pjsip_rx_data.pkt_info.src_name ourselves, make sure
to also set pjsip_rx_data.pkt_info.src_addr.
projects / thirdparty / asterisk.git / log
