Russell Bryant [Mon, 5 May 2008 19:49:25 +0000 (19:49 +0000)]
Avoid putting opaque="" in Digest authentication. This patch came from switchvox.
It fixes authentication with Primus in Canada, and has been in use for a very long
time without causing problems with any other providers.
(closes issue AST-36)
Russell Bryant [Mon, 5 May 2008 17:53:54 +0000 (17:53 +0000)]
Blocked revisions 115296 via svnmerge
........
r115296 | russell | 2008-05-05 12:53:26 -0500 (Mon, 05 May 2008) | 28 lines
Merge changes from team/russell/iax2_find_callno_1.2
These changes address a critical performance issue introduced in the latest
release. The fix for the latest security issue included a change that made
Asterisk randomly choose call numbers to make them more difficult to guess by
attackers. However, due to some inefficient (this is by far, an understatement)
code, when Asterisk chose high call numbers, chan_iax2 became unusable after
just a small number of calls. On a small embedded platform, it would not be
able to handle a single call. On my Intel Core 2 Duo @ 2.33 GHz, I couldn't
run more than about 16 IAX2 channels. Ouch.
These changes address some performance issues of the find_callno() function
that have bothered me for a very long time. On every incoming media frame,
it iterated through every possible call number trying to find a matching
active call. This involved a mutex lock and unlock for each call number
checked. So, if the random call number chosen was 20000, then every media
frame would cause 20000 locks and unlocks. Previously, this problem was
not as obvious since Asterisk always chose the lowest call number it could.
A second container for IAX2 pvt structs has been added. It is an astobj2
hash table. When we know the remote side's call number, the pvt goes into
the hash table with a hash value of the remote side's call number. Then,
lookups for incoming media frames are a very fast hash lookup instead of an
absolutely insane array traversal.
In a quick test, I was able to get more than 3600% more IAX2 channels
on my machine with these changes.
Joshua Colp [Sun, 4 May 2008 01:43:26 +0000 (01:43 +0000)]
Treat warnings as errors when checking if a GCC attribute exists. We have to do this as GCC will just ignore the attribute and pop up a warning, it won't actually fail to compile.
Mark Michelson [Fri, 2 May 2008 14:28:19 +0000 (14:28 +0000)]
Clarify a comment that was, well, just wrong. It turns out that
ignoring the way that macros expand. Instead, I have clarified in the
comment why the macro will work even if the scheduler id for the
task to be deleted changes during the execution of the macro.
Tilghman Lesher [Thu, 1 May 2008 18:59:08 +0000 (18:59 +0000)]
'#' is another reserved character for URIs that also needs to be escaped.
(closes issue #10543)
Reported by: blitzrage
Patches:
20080418__bug10543.diff.txt uploaded by Corydon76 (license 14)
Russell Bryant [Wed, 30 Apr 2008 16:30:01 +0000 (16:30 +0000)]
Merge changes from team/russell/iax2_find_callno and iax2_find_callno_1.4
These changes address a critical performance issue introduced in the latest
release. The fix for the latest security issue included a change that made
Asterisk randomly choose call numbers to make them more difficult to guess by
attackers. However, due to some inefficient (this is by far, an understatement)
code, when Asterisk chose high call numbers, chan_iax2 became unusable after
just a small number of calls. On a small embedded platform, it would not be
able to handle a single call. On my Intel Core 2 Duo @ 2.33 GHz, I couldn't
run more than about 16 IAX2 channels. Ouch.
These changes address some performance issues of the find_callno() function
that have bothered me for a very long time. On every incoming media frame,
it iterated through every possible call number trying to find a matching
active call. This involved a mutex lock and unlock for each call number
checked. So, if the random call number chosen was 20000, then every media
frame would cause 20000 locks and unlocks. Previously, this problem was
not as obvious since Asterisk always chose the lowest call number it could.
A second container for IAX2 pvt structs has been added. It is an astobj2
hash table. When we know the remote side's call number, the pvt goes into
the hash table with a hash value of the remote side's call number. Then,
lookups for incoming media frames are a very fast hash lookup instead of an
absolutely insane array traversal.
In a quick test, I was able to get more than 3600% more IAX2 channels
on my machine with these changes.
Kevin P. Fleming [Wed, 30 Apr 2008 14:46:57 +0000 (14:46 +0000)]
use the ARRAY_LEN macro for indexing through the iaxs/iaxsl arrays so that the size of the arrays can be adjusted in one place, and change the size of the arrays from 32768 calls to 2048 calls when LOW_MEMORY is defined
Mark Michelson [Tue, 29 Apr 2008 19:40:06 +0000 (19:40 +0000)]
Use the MACRO_CONTEXT and MACRO_EXTEN channel variables instead of the channel's macrocontext
and macroexten fields. This is needed because if macros are daisy-chained, the incorrect
context and extension are placed on the new channel. I also added locking to the channel prior
to accessing these variables as noted in trunk's janitor project file.
(closes issue #12549)
Reported by: darren1713
Patches:
app_queue.c.macroextenpatch uploaded by darren1713 (license 116)
(with modifications from me)
Tested by: putnopvut
When modules are embedded, they take on a different name, without the ".so"
extension. Specifically check for this name, when we're checking if a module
is loaded.
(Closes issue #12534)
Sean Bright [Sun, 27 Apr 2008 01:26:15 +0000 (01:26 +0000)]
When we don't explicitly pass a path to the --with-tds configure option, we
may end up finding tds.h in /usr/local/include instead of /usr/include. If
this happens, the grep that looks for the version (from tdsver.h) will fail
and we'll have some problems during the build.
Mark Michelson [Thu, 24 Apr 2008 21:35:08 +0000 (21:35 +0000)]
Re-invite RTP during a masquerade so that, for instance, an AMI
redirect of two channels which are natively bridged will preserve audio
on both channels. This prevents a problem with Asterisk not re-inviting
due to one of the channels having being a zombie.
Russell Bryant [Wed, 23 Apr 2008 22:18:12 +0000 (22:18 +0000)]
Improve some broken cookie parsing code. Previously, manager login over HTTP
would only work if the mansession_id cookie was first. Now, the code builds
a list of all of the cookies in the Cookie header. This fixes a problem
observed by users of the Asterisk GUI.
(closes AST-20)
Russell Bryant [Wed, 23 Apr 2008 20:49:18 +0000 (20:49 +0000)]
Fix an issue that caused getting the correct next channel to not always work.
Also, remove setting the amount of time to wait for a digit from 5 seconds back
down to 1/10 of a second. I believe this was so the beep didn't get played over
and over really fast, but a while back I put in another fix for that issue.
Russell Bryant [Wed, 23 Apr 2008 17:55:31 +0000 (17:55 +0000)]
Store the manager session ID explicitly as 4 byte ID instead of a ulong. The
mansession_id cookie is coded to be limited to 8 characters of hex, and this
could break logins from 64-bit machines in some cases.
(inspired by AST-20)
Instead of stopping dialplan execution when SayNumber attempts to say a large number that it can not print out a message informing the user and continue on.
(closes issue #12502)
Reported by: bcnit
Russell Bryant [Tue, 22 Apr 2008 21:14:55 +0000 (21:14 +0000)]
I thought I was going to be able to leave 1.4 alone, but that was not the case.
I ran into some problems with G.722 in 1.4, so I have merged in all of the fixes
in this area that I have made in trunk/1.6.0, and things are happy again.
Russell Bryant [Tue, 22 Apr 2008 18:03:33 +0000 (18:03 +0000)]
If the dial string passed to the call channel callback does not indicate an
extension, then consider the extension on the channel before falling back
to the default.
Russell Bryant [Tue, 22 Apr 2008 15:20:37 +0000 (15:20 +0000)]
Merge changes from team/russell/issue_9520
These changes make sure that the reference count for sip_peer objects properly
reflects the fact that the peer is sitting in the scheduler for a scheduled
callback for qualifying peers or for expiring registrations. Without this, it
was possible for these callbacks to happen at the same time that the peer was
being destroyed. This was especially likely to happen with realtime peers, and
for people making use of the realtime prune CLI command.
(closes issue #9520)
Reported by: kryptolus
Committed patch by me
Only drop audio if we receive it without a progress indication. We allow other frames through such as DTMF because they may be needed to complete the call.
(closes issue #12440)
Reported by: aragon
Mark Michelson [Thu, 17 Apr 2008 21:03:29 +0000 (21:03 +0000)]
Declaration of the peer channel in this scope was making it so the peer variable defined
in the outer scope was never set properly, therefore making iterating through the channel
list always restart from the beginning. This bug would have affected anyone who called
chanspy without specifying a first argument.
Mark Michelson [Thu, 17 Apr 2008 16:28:03 +0000 (16:28 +0000)]
It was possible for a reference to a frame which was part of a freed DSP to still be
referenced, leading to memory corruption and eventual crashes. This code change ensures
that the dsp is freed when we are finished with the frame. This change is very similar
to a change Russell made with translators back a month or so ago.
Add special case for when the agi cannot be executed, to comply with the documentation that
we return failure in that case.
(closes issue #12462)
Reported by: fmueller
Patches:
20080416__bug12462.diff.txt uploaded by Corydon76 (license 14)
Tested by: fmueller
Kevin P. Fleming [Wed, 16 Apr 2008 20:46:38 +0000 (20:46 +0000)]
use the ZT_SET_DIALPARAMS ioctl properly by initializing the structure to all zeroes in case it contains fields that we don't write values into (which it does as of Zaptel 1.4.10)
Jason Parker [Tue, 15 Apr 2008 16:18:08 +0000 (16:18 +0000)]
Allow autofill to work in the general section of queues.conf.
Additionally, don't try to (re)set options when they have empty values in realtime (all unset columns would have an empty value).
Mark Michelson [Mon, 14 Apr 2008 17:41:03 +0000 (17:41 +0000)]
Increase the retry count when attempting to show channels. This apparently
cleared an issue someone was seeing when attempting to show channels when
the load was high.
(closes issue #11667)
Reported by: falves11
Patches:
11677.txt uploaded by russell (license 2)
Tested by: falves11
Mark Michelson [Mon, 14 Apr 2008 16:24:22 +0000 (16:24 +0000)]
If the datastore has been moved to another channel due to a masquerade, then
freeing the datastore here causes an eventual double free when the new channel
hangs up. We should only free the datastore if we were able to successfully remove
it from the channel we are referencing (i.e. the datastore was not moved).
Mark Michelson [Mon, 14 Apr 2008 14:58:02 +0000 (14:58 +0000)]
Save a local copy of the generate callback prior to unlocking the channel in
case the generate callback goes NULL on us after the channel is unlocked. Thanks
to Russell for pointing this need out to me.
Don't change the SSRC when a new source comes into play, this might happen quite often and depending on the remote side... they might not like this.
(closes issue #12353)
Reported by: dimas
Terry Wilson [Fri, 11 Apr 2008 22:32:51 +0000 (22:32 +0000)]
Several places in the code called find_callno() (which releases the lock on the pvt structure) and then immediately locked the call and did things with it. Unfortunately, the call can disappear between the find_callno and the lock, causing Bad Stuff(tm) to happen.
Added find_callno_locked() function to return the callno withtout unlocking for instances that it is needed.
Create the directory where name recordings will go if it does not exist.
(closes issue #12311)
Reported by: rkeene
Patches:
12311-mkdir.diff uploaded by qwell (license 4)
Don't add custom URI options if they don't exist OR they are empty.
(closes issue #12407)
Reported by: homesick
Patches:
uri_options-1.4.diff uploaded by homesick (license 91)
Mark Michelson [Wed, 9 Apr 2008 20:54:31 +0000 (20:54 +0000)]
We need to set the persistant_route [sic] parameter for the sip_pvt
during the initial INVITE, no matter if we're building the route set from
an INVITE request or response.
If the [csv] section does not exist in cdr.conf, then an unload/load sequence
is needed to correct the problem. Track whether the load succeeded with a
variable, so we can fix this with a simple reload event, instead.
If we receive an AUTHREQ from the remote server and we are unable to reply (for example they have a secret configured, but we do not) then queue a hangup frame on the Asterisk channel. This will cause the channel to hangup and a HANGUP to be sent via IAX2 to the remote side which is the proper thing to do in this scenario.
(closes issue #12385)
Reported by: viraptor
Mark Michelson [Tue, 8 Apr 2008 19:07:38 +0000 (19:07 +0000)]
Fix potential buffer overflow that could happen if more than 100 announce files
were specified when calling ParkAndAnnounce. This overflow is not exploitable remotely
and so there is no need for a security advisory.
Move check for still-bridged channels out a little further, to avoid possible
deadlocks. (Closes issue #12252)
Reported by: callguy
Patches:
20080319__bug12252.diff.txt uploaded by Corydon76 (license 14)
Tested by: callguy
If audio suddenly gets fed into one side of a channel after a lapse of frames flush the other factory so that old audio does not remain in the factory causing the sync code to not execute.
(closes issue #12296)
Reported by: jvandal
Jeff Peeler [Mon, 7 Apr 2008 21:34:45 +0000 (21:34 +0000)]
(closes issue #12362) [redo of 113012]
This fixes a for loop (in realtime_peer) to check all the ast_variables the loop was intending to test rather than just the first one. The change exposed the problem of calling memcpy on a NULL pointer, in this case the passed in sockaddr_in struct which is now checked.
projects / thirdparty / asterisk.git / log
