Peter Wu [Sun, 8 Nov 2015 17:12:54 +0000 (18:12 +0100)]
switch_xml_decode: avoid NUL injection
strtol can parse negative values which opens the hole for a NUL
injection. The (invalid) entity "&#-256;" is parsed as 0xFFFFFF00 which
(when casted to a char) becomes 0.
Avoid this attack by using unsigned long integers. To avoid undefined
behavior due to negative shifts, restrict the upper bound of the code
points to the UTF-8 limits. (Add an assertion to make the Clang static
analyzer happy.)
Note: due to the specification of strtol, leading spaces and minus/plus
signs are also allowed, explicitly check for an integer. "�x1;" is
still accepted, but that is considered a minor issue.
Peter Wu [Sun, 8 Nov 2015 15:26:46 +0000 (16:26 +0100)]
switch_xml_set_attr: fix inconsistent state on error paths
Partially rewrite switch_xml_set_attr to fix memory leaks, uninitialized
argument values and use-after free warnings from Clang static analyzer.
Fixes these problems:
- Add some comments and a new variable such that the code can more
easily be audited / understood.
- Always clear SWITCH_XML_DUP flag even if an error occurred to prevent
free()'ing static strings on future invocations.
- Keep the attribute list in a consistent state even if one of the
memory allocation fails.
- Keep allocation metadata in a consistent state when shrinking of the
attribute lists fails. Previously the metadata was not updated,
resulting in a wrong mapping from attributes to allocation flags.
- Fix memory leaks when allocations fail.
Previous behavior: invalid memory accesses are possible after a memory
allocation failure, previous attributes may be lost.
New behavior: attributes list is always valid, a new attribute is either
set (or not), attributes can always be removed.
Italo Rossi [Fri, 6 Nov 2015 19:38:15 +0000 (16:38 -0300)]
FS-8400 [verto_communicator] Removing deprecated use of stream.stop(), removing unused code and making volume meter gray so we can see it in a white background
After builing Freeswitch this makes actually run it easy by offering
an installer script.
* Changes to configure.ac to detect Debian8/CentOS 7 and create installer script
* Changes to build/Makefile.am to display the option
* Added build/startup directory with templates and other files
* Deleted outdated build/freeswitch.service and tmpfiles.conf
* Unit file based on the latest systemd service file FS-8194
* Won't interfere with other platforms (afaik)
* Supports all bindir directory prefixes ./configure can have
* Detects if Debian8/CentOS7 use systemd
* Can be used with a user with sudo permissions
Tyler Cross [Thu, 29 Oct 2015 17:33:42 +0000 (11:33 -0600)]
FS-8398: Added event_handlers/mod_amqp to avoided modules for Ubuntu 14.04 Trusty
This change makes it so that event_handlers/mod_amqp is avoided when building
debian packages for Ubuntu 14.04 (Trusty). If this module is packaged there is
a dependency issue related to the rabbitmq libraries.
Avoiding the module was the simplest solution to achieve debian packaging on the
Ubuntu 14.04 OS.
Ítalo Rossi [Thu, 29 Oct 2015 18:52:00 +0000 (13:52 -0500)]
Merge pull request #570 in FS/freeswitch from ~JAONZE/freeswitch:bugfix/FS-8222-closing-screen-share-does-not-end to master
* commit '320cf0adb837a8860c09c717b29c666ccb9a3c5b':
Target link for the plugin url, added comment explaining override $.FSRTC callback
FS-8222 [verto_communicator] updated getScreenId.js in order to detect plugin issues and attached an 'ended' event to screenshare stream in order to detect 'stop sharing' click
Jaon EarlWolf [Wed, 28 Oct 2015 18:35:25 +0000 (15:35 -0300)]
FS-8222 [verto_communicator] updated getScreenId.js in order to detect plugin issues and attached an 'ended' event to screenshare stream in order to detect 'stop sharing' click
Brian West [Wed, 28 Oct 2015 18:12:17 +0000 (13:12 -0500)]
Merge pull request #555 in FS/freeswitch from ~DRAGOS_OANCEA/freeswitch-dragos:opus-repacketization-toggle-fec to master
* commit 'd145111eed3505e11d9d0f0a891eab3945dddf36':
FS-8344: mod_opus: toggle FEC on the last frame which is to be packed, so that FEC will be only present on the first SILK frame of the next Opus frame (Opus repacketization).
Chris Rienzo [Fri, 23 Oct 2015 03:03:15 +0000 (23:03 -0400)]
FS-8370 #resolve [mod_rayo] found another place in <prompt> where a message was freed after being queued for delivery. This resulted in a freed object being serialized, crashing FS.
Bradley Jokinen [Thu, 22 Oct 2015 17:15:11 +0000 (12:15 -0500)]
FS-8380 Improve mod_av's handling of vw and vh core file params
This allows for the core file params vw and vh to be used to modify the
resolution of recordings. If the specified resolution does not match
the resolution of the call being recorded, the video will be scaled.
Ítalo Rossi [Wed, 21 Oct 2015 16:56:09 +0000 (11:56 -0500)]
Merge pull request #564 in FS/freeswitch from ~ANDCOFFEECODE/freeswitch:bugfix/FS-8365-vc-does-not-clear-new-chat to master
* commit '547d5357fa738090bc48db866f27eedc7cd0ee49':
FS-8365 [verto_communicator] fixed chat counter to increment only when the active pane is not the chat itself.
After builing Freeswitch this makes actually run it easy by offering
an installer script.
* Changes to configure.ac to detect Debian8/CentOS 7 and create installer script
* Changes to build/Makefile.am to display the option
* Added init directory with templates and other files
* Deleted outdated build/freeswitch.service and tmpfiles.conf
* Unit file based on the latest systemd service file FS-8194
* Won't interfere with other platforms (afaik)
* Supports ./configure --prefix=
* Detects if Debian8/CentOS7 use systemd
* Can be used with a user with sudo permissions
Ken Rice [Thu, 15 Oct 2015 18:31:12 +0000 (13:31 -0500)]
FS-8350 #resolve return value of SetPriorityClass() so windows build does not complain about warnings as errors on switch_core.c in set_realtime_priority()
this also addresses as similar condition in set_low_priority() where if windows it always returns 0
Dragos Oancea [Tue, 13 Oct 2015 21:54:15 +0000 (17:54 -0400)]
FS-8344: mod_opus: toggle FEC on the last frame which is to be packed, so that
FEC will be only present on the first SILK frame of the next Opus frame (Opus repacketization).
William King [Wed, 14 Oct 2015 14:43:33 +0000 (09:43 -0500)]
Merge pull request #545 in FS/freeswitch from ~PAULCUTTLER/freeswitch:feature/FS-7924-making-mod_rtmp-compatible-with-adobe to master
* commit '86d849c54e26951e313d1dcb4b220055f79aacc0':
FS-7924: [mod_rtmp] Modify initStream & createStream responses
Making mod_rtmp compatible with Adobe Media Server
FS-7928 FS-7618 systemd and package build improvements
debian/bootstrap.sh:
* only build one of freeswitch-sysvinit or freeswitch-systemd
* squeeze is removed from supported releases
* added stretch to supported releases
* avoid_mods_wheezy extended to modules which fail to build on wheezy
* use systemd by default for future distros
* new command-line option -v to enforce sysvinit
* added dependency on dh-systemd for systemd-powered distros
* freeswitch-init is now a virtual package
* freeswitch-sysvinit and freeswitch-systemd are set to conflict with each other
debian/freeswitch.postinst:
* no need to call systemctl explicitly. dh-systemd does it in a standard way
debian/rules:
* integrated dh-systemd in override_dh_installinit
debian/freeswitch-systemd.freeswitch.default renamed to
freeswitch-sysvinit.freeswitch.default:
* /etc/default/freeswitch is not installed by freeswitch-systemd, but still
respected if there is a need to modify the startup options
debian/freeswitch-systemd.freeswitch.service:
* proper expansion of DAEMON_OPTS
projects / thirdparty / freeswitch.git / log
