Chris Rienzo [Thu, 10 Jul 2014 14:25:20 +0000 (10:25 -0400)]
mod_graylog2: additional fields can now be specified by adding LOG_FIELDS[name=string_value,@#name=number_value] to beginning of log. Added _microtimestamp additional field since graylog2 only has millisecond timestamp precision.
Patrice Fournier [Mon, 30 Jun 2014 20:24:51 +0000 (16:24 -0400)]
Disabling Require timer for T.38 re-Invites cause problems
Disabling Require timer for T.38 re-Invites tells the remote side it
doesn't need to refresh the session but FreeSwitch will still terminate
the call if the remote session doesn't refresh.
Kathleen King [Fri, 4 Jul 2014 00:03:01 +0000 (17:03 -0700)]
Fixed dead code.
While reviewing code I noticed some dead code. It was not possible to
default to the channel variable because the parameter could not be
both full and empty.
If the parameter is not a non zero length string then the code looked
like it was intending to default to the channel variable
'presence_data_cols'. If neither of these are the case it is a noop.
By enabling the dead code, you now have access to set the
'presence_data_cols' in the dialplan or scripts like lua.
Mike Jerris [Thu, 3 Jul 2014 21:45:52 +0000 (16:45 -0500)]
Merge pull request #2 in FS/freeswitch from ~KATHLEEN.KING/freeswitch-fork:doxygen-switch_apr.h to master
* commit '64fc3f7934888175b80e0cdd3a065d717d0a9014':
Changed the function parameter name in the function definition to match the updated parameter name in the function declaration. #doxygen
Changed the variable name for clarity.
Kathleen King [Thu, 3 Jul 2014 21:41:24 +0000 (14:41 -0700)]
Fixed trucation of value warning.
There was a parameter mismatch between abs(), which expects an int,
and atol() which returns a long. Since max_drift is defined as an int,
there is no need to pars q as a long rather than an int.
Kathleen King [Thu, 3 Jul 2014 20:17:12 +0000 (13:17 -0700)]
Removed a useless called to abs.
Clang 3.5 reported the following error: error: taking the absolute
value of unsigned type 'unsigned int' has no effect
[-Werror,-Wabsolute-value]
Subtracting unsigned variables will never be negative and will either
be the small expected value or will wrap to a very big value. This
code is trying to determine if the difference between these timestamps
is greater than 16000.
The variables last_write_ts and this_ts deal with timestamps. In the
normal case this_ts will be a larger timestamp than
last_write_ts. This change will maintain the intended behavior of
reseting the video if the difference is larger than
16000 and in the abnormal case this value would wrap and still exceed
the 16000.
Kathleen King [Thu, 3 Jul 2014 19:12:22 +0000 (12:12 -0700)]
Removed an autological-pointer-compare from src/switch_utils.c.
Building with Clang 3.5 gave the following warning: error: comparison
of array 'iface_out.sin6_addr.__in6_u.__u6_addr8' equal to a null
pointer is always false [-Werror,-Wtautological-pointer-compare]
This is a problem because as it is written the check will never be
true. A pointer to a structure within a structure will never be null. The
intention was either to null check the pointer or to check if the IP
address itself was not zero.
From context in the code this appeared to be a pointer null check so I
removed it.
Kathleen King [Thu, 3 Jul 2014 17:53:19 +0000 (10:53 -0700)]
Fixed trucation of value warning.
There was a parameter mismatch between abs(), which expects an int,
and atol() which returns a long. Since max_drift is defined as an int,
there is no need to pars q as a long rather than an int.
Travis Cross [Sun, 29 Jun 2014 18:42:29 +0000 (18:42 +0000)]
Avoid buffer-overflow on short RTCP/SRTCP packets
In `srtp_unprotect_rtcp()` we are not validating that the packet
length is as long as the minimum required. This would cause
`enc_octet_len` to underflow, which would cause us to try to decrypt
data past the end of the packet in memory -- a buffer over-read and
buffer overflow.
In `srtp_protect_rtcp()`, we were similarly not validating the packet
length. Here we were also polluting the address of the SRTCP
encrypted flag and index (the `trailer`), causing us to write one word
to a bogus memory address before getting to the encryption where we
would also overflow.
In this commit we add checks to appropriately validate the RTCP/SRTCP
packet lengths.
`srtp_unprotect_rtcp_aead()` (but not protect) did correctly validate
the packet length; this check would now be redundant as the check in
`srtcp_unprotect_rtcp()` will also run first, so it has been removed.
Travis Cross [Sun, 29 Jun 2014 17:32:33 +0000 (17:32 +0000)]
Avoid buffer over-read on null cipher AEAD
In the defined AEAD modes, SRTP packets must always be encrypted and
authenticated, but SRTCP packets may be only authenticated. It's
possible, therefore, for us to end up in `srtp_protect_aead()` without
the `sec_serv_conf` bit being set. We should just ignore this and
encrypt the RTP packet anyway.
What we are doing instead is encrypting the packet anyway, but setting
`enc_start` to NULL first. This causes `aad_len` to underflow which
will cause us to over-read in `cipher_set_aad()`.
If we could get past that, we would try to read and write memory
starting at 0x0 down in `cipher_encrypt()`.
This commit causes us to not check the `sec_serv_conf` bit and never
set `enc_start` to NULL in `srtp_protect_aead()`.
`srtp_unprotect_aead()` does not contain a similar error.
Travis Cross [Sun, 29 Jun 2014 01:10:29 +0000 (01:10 +0000)]
Prevent buffer overflow from untrusted RTP/SRTP lengths
When computing the start address of the RTP data to encrypt or SRTP
data to decrypt (`enc_start`), we are using `hdr->cc` (the CSRC
count), which is untrusted data from the packet, and the length field
of an RTP header extension, which is also untrusted and unchecked data
from the packet.
This value then pollutes our calculation of how much data we'll be
encrypting or decrypting (`enc_octet_len`), possibly causing us to
underflow.
We'll then call `cipher_encrypt()` or `cipher_decrypt()` with these
two values, causing us to read from and write to arbitrary addresses
in memory.
(In the AEAD functions, we'd also pollute `aad_len`, which would cause
us to read undefined memory in `cipher_set_aad`.)
This commit adds checks to verify that the `enc_start` we calculate is
sane based on the actual packet length.
Travis Cross [Sun, 29 Jun 2014 20:40:49 +0000 (20:40 +0000)]
Check for too many SRTP errors before warning
We're checking whether we've hit the warning threshold before checking
whether we should just end the call. This causes an off-by-one error
where we take one SRTP error more than intended.
Travis Cross [Sat, 28 Jun 2014 03:43:08 +0000 (03:43 +0000)]
Allow more SRTP errors before killing call
In a carrier interop we saw the call get killed for SRTP failures
during a reinvite. We're wondering if the SRTP errors may have been
transitory and if it may have recovered after a few more packets.
It's debatable whether we should kill calls at all for SRTP auth
failures; semantically the right thing to do when a MAC fails is to
ignore the packet completely. So raising this limit to 100 packets
shouldn't do any harm. With this change we still warn at 10 errors
and every 10 errors thereafter.
Travis Cross [Sat, 28 Jun 2014 01:18:50 +0000 (01:18 +0000)]
Relay cause of hangup on SRTP failure
We hangup the channel after receiving 10 SRTP packets in a row with a
bad auth tag or that are replayed. Prior to this commit we were
indicating a normal clearing. When doing interop and looking first at
packet traces, this made freeswitch's behavior look surprising. With
this commit we'll indicate more loudly what's happening.
Travis Cross [Sat, 28 Jun 2014 00:32:41 +0000 (00:32 +0000)]
Fix misspelled function
switch_rtp_set_invalid_handler has been misspelled as
switch_rtp_set_invald_handler going all the way back to the
beginning. So while it's possible that someone somewhere could be
relying on this misspelling, I think it's more likely that no one has
used it much and that's why it wasn't spotted. We don't even use it
ourselves anywhere anymore.
Travis Cross [Fri, 27 Jun 2014 22:14:14 +0000 (22:14 +0000)]
Allow reincarnation from mod_sofia's shutdown-on-fail
mod_sofia's parameter shutdown-on-fail now accepts the value
"reincarnate-now". This will cause the switch to exit immediately
with a non-zero exit code so that the supervisor can recover the
switch. For this to work you have to pass in -reincarnate or
-reincarnate-reexec to freeswitch.
Travis Cross [Thu, 26 Jun 2014 08:55:55 +0000 (08:55 +0000)]
Ensure mod_sofia params can be unset or reset
This is the result of auditing each mod_sofia profile parameter to
ensure that it can be unset or reset after being set. One use-case
for this being done correctly is so a later parameter in a
configuration file can reliably override an earlier one, which is
useful for setups with layered include files.
Travis Cross [Wed, 25 Jun 2014 22:17:24 +0000 (22:17 +0000)]
Allow setting format of log filename in format_cdr
This commit allows you to set a `log-file` string parameter in a
format_cdr profile. This string is a template that may (and should!)
contain variables. This template will be expanded and used as the
file name of the CDR to be written. This parameter should contain
only the template for the file name itself; the path is relative to
the `log-dir`.
projects / thirdparty / freeswitch.git / log
