Simply establishing a TCP connection and never sending anything to the
configured HTTP port in http.conf will tie up a HTTP connection. Since
there is a maximum number of open HTTP sessions allowed at a time you can
block legitimate connections.
A similar problem exists if a HTTP request is started but never finished.
* Added http.conf session_inactivity timer option to close HTTP
connections that aren't doing anything. Defaults to 30000 ms.
* Removed the undocumented manager.conf block-sockets option. It
interferes with TCP/TLS inactivity timeouts.
* AMI and SIP TLS connections now have better authentication timeout
protection. Though I didn't remove the bizzare TLS timeout polling code
from chan_sip.
* chan_sip can now handle SSL certificate renegotiations in the middle of
a session. It couldn't do that before because the socket was non-blocking
and the SSL calls were not restarted as documented by the OpenSSL
documentation.
* Fixed an off nominal leak of the ssl struct in
handle_tcptls_connection() if the FILE stream failed to open and the SSL
certificate negotiations failed.
The patch creates a custom FILE stream handler to give the created FILE
streams inactivity timeout and timeout after a specific moment in time
capability. This approach eliminates the need for code using the FILE
stream to be redesigned to deal with the timeouts.
This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of
the SSL_read/SSL_write operations.
ASTERISK-23673 #close
Reported by: Richard Mudgett
........
Merged revisions 415841 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 415854 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 415896 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415907 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A remotely exploitable crash vulnerability exists in the PJSIP channel driver's
pub/sub framework. If an attempt is made to unsubscribe when not currently
subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries
to create an expiration timer with zero seconds, which is not allowed, so an
assertion raised.
The fix was to reject a subscription that is attempting to unsubscribe when not
being already subscribed. Asterisk now checks for this situation appropriately
and responds with a 400 instead of crashing.
AST-2014-005
ASTERISK-23489 #close
........
Merged revisions 415812 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415813 65c4cc65-6c06-0410-ace0-fbb531ad65f3
SIP transaction timeouts are handled in the PJSIP monitor thread. When
this happens on a subscription, and the subscription is destroyed, the
subscription destruction is dispatched synchronously to the threadpool.
The issue is that the PJSIP dialog is locked by the monitor thread,
and then the dispatched task attempts to lock the dialog. This leads
to a deadlock that causes SIP traffic to no longer be accepted on the
Asterisk server.
The fix here is to treat the monitor thread as if it were a threadpool
thread when it attempts to dispatch synchronous tasks. This way, the
dispatched task turns into a simple function call within the same thread,
and the locking issue is averted.
AST-2014-008
ASTERISK-23802 #close
........
Merged revisions 415794 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415795 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change makes res_pjsip_pubsub persist inbound subscriptions in sorcery. By default
this uses the local astdb but it can also be configured to store within an outside
database. When Asterisk is started these subscriptions are recreated if they have not
expired. Notifications are sent to the devices which have subscribed and they are none
the wiser that the system has restarted.
Review: https://reviewboard.asterisk.org/r/3598/
........
Merged revisions 415766 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415767 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Documentation for how to add custom headers/content to notifies created
with the PJSIPNotify manager action was a little sparse and it also
wasn't vetting application of Content-length headers like its chan_sip
equivalent was (so two Content-length headers could be applied... and
PJSIP determines the content length anyway, so it just opens people up
for error). This patch also flips the variable order so that the
variables are interpreted in the same order as they are put in the AMI
action.
Review: https://reviewboard.asterisk.org/r/3587/
........
Merged revisions 415658 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415659 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When using PJSIP_HEADER() to add custom headers to outgoing INVITE requests, certain
situations could result in the headers being duplicated. For instance, if the request
were retransmitted, or if the INVITE were re-sent with authentication credentials,
the custom headers would be re-added to the request.
The fix here is to, after adding the custom headers to the outbound INVITE, remove
the datastore that holds the custom headers to add. This way, there is no risk in
accidentally adding them if the session supplement is called into a second or third
time.
........
Merged revisions 415579 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415580 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Currently, there are situations that can occur when using chan_pjsip
and certain dialplan applications (notably ChanSpy()) that can cause
the channel to get no audio with scrolling warnings about format
mismatches. This is caused by a failure to update translation paths on
a mid-call native format update since the raw formats have already
been updated by res_pjsip_sdp_rtp.c in set_caps(). Removing the
premature raw format updates allows the translation paths to be setup
correctly and the raw read and write formats with them.
AFS-63 #close
........
Merged revisions 415342 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415343 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Added a websocket server client in Asterisk. Asterisk has a websocket server,
but not a client. The ability to have Asterisk be able to connect to a websocket
server can potentially be useful for future work (for instance this could allow
ARI to connect back to some external system, although more work would be needed
in order to incorporate that).
Also a couple of things to note - proxy connection support has not been
implemented and there is limited http response code handling (basically, it is
connect or not).
Also added an initial new URI handling mechanism to core. Internet type URI's
are parsed into a data structure that contains pointers to the various parts of
the URI.
(closes issue ASTERISK-23742)
Reported by: Kevin Harwell
Review: https://reviewboard.asterisk.org/r/3541/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415223 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds a new channel function TALK_DETECT that, when set on a
channel, causes events indicating the start/stop of talking on a channel to be
emitted to both AMI and ARI clients.
The function allows setting both the silence threshold (the length of silence
after which we decide no one is talking) as well as the talking threshold (the
amount of energy that counts as talking). Parameters can be updated on a channel
after talk detection has been enabled, and talk detection can be removed at
any time.
The events raised by the function use a nomenclature similar to existing AMI/ARI
events.
For AMI: ChannelTalkingStart/ChannelTalkingStop
For ARI: ChannelTalkingStarted/ChannelTalkingFinished
Review: https://reviewboard.asterisk.org/r/3563/
#ASTERISK-23786 #close
Reported by: Matt Jordan
........
Merged revisions 414934 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414935 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses some aesthetic issues in Asterisk. These are all just
minor tweaks to improve the look of the CLI when used in a variety of
settings. Specifically:
* A number of chatty verbose messages were removed or demoted to DEBUG
messages. Verbose messages with a verbosity level of 5 or higher were -
if kept as verbose messages - demoted to level 4. Several messages
that were emitted at verbose level 3 were demoted to 4, as announcement
of dialplan applications being executed occur at level 3 (and so the
effects of those applications should generally be less).
* Some verbose messages that only appear when their respective 'debug'
options are enabled were bumped up to always be displayed.
* Prefix/timestamping of verbose messages were moved to the verboser
handlers. This was done to prevent duplication of prefixes when the
timestamp option (-T) is used with the CLI.
* Verbose magic is removed from messages before being emitted to
non-verboser handlers. This prevents the magic in multi-line verbose
messages (such as SIP debug traces or the output of DumpChan) from
being written to files.
* _Slightly_ better support for the "light background" option (-W) was
added. This includes using ast_term_quit in the output of XML
documentation help, as well as changing the "Asterisk Ready" prompt to
bright green on the default background (which stands a better chance of
being displayed properly than bright white).
Review: https://reviewboard.asterisk.org/r/3547/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414798 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Simply enabling PJSIP to negotiage a video codec (e.g., h264) would leak
video RTP ports if the codec were not negotiated by an incoming call.
* Made add_sdp_streams() associate the handler with the media stream if
the handler handled the media stream. Otherwise, when the
ast_sip_session_media object was destroyed it didn't know how to clean up
the RTP resources.
* Fixed sdp_requires_deferral() associating the handler with the media
stream when deciding if the SDP processing needs to be deferred for T.38.
Like the leaked video RTP ports, the T.38 handler needs to clean up
allocated resources from deciding if SDP processing needs to be deffered.
* Cleaned up some dead code in handle_incoming_sdp() and
sdp_requires_deferral().
ASTERISK-23721 #close
Reported by: cervajs
Review: https://reviewboard.asterisk.org/r/3571/
........
Merged revisions 414749 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414750 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The ODBC realtime driver uses ^NN parameter encoding to cope with the
special meaning of the semi-colon. A semi-colon in a field is
interpreted as if the key was supplied twice, something which isn't
otherwise possible with fixed database columns. E.g. allow=alaw;ulaw
is parsed as allow=alaw and allow=ulaw. A literal semi-colon is
rewritten to ^3B when stored in the database.
The module uses a stringfield to efficiently store the encoded
parameters. However, this stringfield wasn't always freed in some
off-nominal cases.
Commit r413241 fixed initialization so the encoding for INSERT and
DELETE queries wouldn't crash. (Only SELECTs and UPDATEs worked
apparently.) But that commit forgot the frees. This change cleans
that up.
Review: https://reviewboard.asterisk.org/r/3555/
........
Merged revisions 414564 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 414565 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 414566 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414567 65c4cc65-6c06-0410-ace0-fbb531ad65f3
User events can now be generated from ARI. Events can be signalled with
arbitrary json variables, and include one or more of channel, bridge, or
endpoint snapshots. An application must be specified which will receive
the event message (other applications can subscribe to it). The message
will also be delivered via AMI provided a channel is attached. Dialplan
generated user event messages are still transmitted via the channel, and
will only be received by a stasis application they are attached to or if
the channel is subscribed to.
This change also introduces the multi object blob mechanism used to send
multiple snapshot types in a single message. The dialplan app UserEvent
was also changed to use multi object blob, and a new stasis message type
created to handle them.
ASTERISK-22697 #close
Review: https://reviewboard.asterisk.org/r/3494/
........
Merged revisions 414405 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414406 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch fixes res_corosync such that it works with Asterisk 12. This
restores the functionality that was present in previous versions of
Asterisk, and ensures compatibility with those versions by restoring the
binary message format needed to pass information from/to them.
The following changes were made in the core to support this:
* The event system has been partially restored. All event definition and
event types in this patch were pulled from Asterisk 11. Previously, we had
hoped that this information would live in res_corosync; however, the
approach in this patch seems to be better for a few reasons:
(1) Theoretically, ast_events can be used by any module as a binary
representation of a Stasis message. Given the structure of an ast_event
object, that information has to live in the core to be used universally.
For example, defining the payload of a device state ast_event in
res_corosync could result in an incompatible device state representation
in another module.
(2) Much of this representation already lived in the core, and was not
easily extensible.
(3) The code already existed. :-)
* Stasis message types now have a message formatter that converts their
payload to an ast_event object.
* Stasis message forwarders now handle forwarding to themselves. Previously
this would result in an infinite recursive call. Now, this simply creates a
new forwarding object with no forwards set up (as it is the thing it is
forwarding to). This is advantageous for res_corosync, as returning NULL
would also imply an unrecoverable error. Returning a subscription in this
case allows for easier handling of message types that are published directly
to an aggregate topic that has forwarders.
Review: https://reviewboard.asterisk.org/r/3486/
ASTERISK-22912 #close
ASTERISK-22372 #close
........
Merged revisions 414330 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414331 65c4cc65-6c06-0410-ace0-fbb531ad65f3
While load testing an ARI application, I noticed asterisk was returning HTTP 500
internal server errors on channels/:id/answer. After talking to #asterisk-dev,
the issue appeared to be a lack of media flowing after __ast_answer() was
called. So now, we call ast_raw_answer instead and no longer wait for media.
ASTERISK-23758 #close
Review: https://reviewboard.asterisk.org/r/3549/
........
Merged revisions 414195 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414196 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch fixes issues with direct media bridges that occur after a blind
transfer. These issues were caught by the (currently failing)
pjsip/transfers/blind_transfer/caller_direct_media test.
The test currently fails primarily for two reasons:
(1) When Bob and Charlie (the transfer target and the transfer destination)
enter a bridge together, the framehook remains on the transfer target
channel until both channels are in the bridge. As it consumes voice frames,
the initial bridge type is a simple bridge. The framehook is removed when
both channels are in the bridge; however, this does not currently cause the
bridging framework to re-evaluate the bridge. This patch adds a
AST_SOFTHANGUP_UNBRIDGE poke to the transfer target channel when a
framehook is removed so the bridge can re-evaluate itself.
(2) When a channel leaves a native RTP bridge, it may be leaving due to being
hung up. Sending a re-INVITE to a channel that is about to be hung up is
not nice - in fact, there's a good chance we'll send the BYE request before
the channel has had a chance to send back a 200 OK. To be somewhat nicer,
this patch adds a function to channel.h that allows the bridging framework
to query for exactly why a channel is leaving a bridge via the channel's
soft hangup flags. This allows it to only send the re-INVITE if there's a
chance the channel will survive the native bridging experience.
Review: https://reviewboard.asterisk.org/r/3535/
........
Merged revisions 414122 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414123 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Embedded carriage return line feed combinations may appear in presence subtypes
and messages since they may be derived from user input in an instant messenger
client. As such, they need to be properly escaped so that XML parsers do not
vomit when the messages are received.
........
Merged revisions 413372 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413381 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There was an underlying issue in a realtime backend where database updates
would fail. Since we were not checking for failure, we would end up in a
strange state where the old database entry was still present but Asterisk
thought that it had been updated. Now when an entry fails to update, we
print a warning and delete the old contact from sorcery so there is no
mismatch between foreground and backend state.
Patches:
res_pjsip_registrar.patch by John Hardin (License #6512)
........
Merged revisions 413358 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413359 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The realtime API specifies that the store callback is supposed to return the number
of rows affected. res_config_pgsql was instead returning an Oid cast as an int, which
during any nominal execution would be cast to 0. Returning 0 when more than 0 rows were
inserted causes problems to the function's callers.
To give an idea of how strange code can be, this is the necessary code change to fix
a device state issue reported against chan_pjsip in Asterisk 12+. The issue was that
the registrar would attempt to insert contacts into the database. Because of the 0
return from res_config_pgsql, the registrar would think that the contact was not successfully
inserted, even though it actually was. As such, even though the contact was query-able
and it was possible to call the endpoint, Asterisk would "think" the endpoint was unregistered,
meaning it would report the device state as UNAVAILABLE instead of NOT_INUSE.
The necessary fix applies to all versions of Asterisk, so even though the bug reported
only applies to Asterisk 12+, the code correction is being inserted into 1.8+.
Closes issue ASTERISK-23707
Reported by Mark Michelson
........
Merged revisions 413224 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 413225 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 413226 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413227 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Per rfc3892, the Referred-By header in a REFER must be copied into the
referenced request (IE. The outgoing INVITE to the transfer target).
* Automatically put the Referred-By header in the outgoing INVITE message
if the SIPREFERREDBYHDR channel variable is defined with a value.
* Made chan_sip.c:get_refer_info() set SIPREFERREDBYHDR for inheritance so
chan_pjsip has a better chance to interoperate.
* Fixed refer_blind_callback() and refer_incoming_refer_request() to not
modify the data in the pointer returned by pjsip_msg_find_hdr_by_name().
It seems wrong to modify that data since the calling routine doesn't own
the buffer.
ASTERISK-23501 #close
Reported by: John Bigelow
Review: https://reviewboard.asterisk.org/r/3514/
........
Merged revisions 413210 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413211 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The PBX core already takes care of ensuring that repeated state changes
are not communicated to exten state consumers. Because the check in res_pjsip_exten_state
was incomplete, it was causing valid presence state changes not to be sent out. For instance,
if the presence state did not change but the message or subtype did, then no presence-related
NOTIFY request would be sent out.
closes issue ASTERISK-23672
Reported by Mark Michelson
........
Merged revisions 413173 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413174 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Fixed early exit in sip_msg_send() not destroying the message iterator.
* Made ast_msg_var_iterator_next() and ast_msg_var_iterator_destroy()
tolerant of a NULL iter parameter in case ast_msg_var_iterator_init()
fails.
* Made ast_msg_var_iterator_destroy() clean up any current message data
ref.
* Made struct ast_msg_var_iterator, ast_msg_var_iterator_init(),
ast_msg_var_iterator_next(), ast_msg_var_unref_current(), and
ast_msg_var_iterator_destroy() use iter instead of i.
* Eliminated RAII_VAR usage in res_pjsip_messaging.c:vars_to_headers().
........
Merged revisions 413139 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 413142 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413144 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change fixes a bug where if an SDP with media address and sendonly was
received twice the underlying call would go off hold, instead of remaining on hold.
This occured because the code did not properly take into account that the SDP
may contain both a valid media address and the sendonly attribute.
The code now examines the sendonly attribute and media address first, so if the
SDP is received again no change will occur.
ASTERISK-23558 #comment Reported by: John Bigelow
Review: https://reviewboard.asterisk.org/r/3472/
........
Merged revisions 413119 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413120 65c4cc65-6c06-0410-ace0-fbb531ad65f3
For some odd reason, loading app_mixmonitor was fine, but res_monitor was not.
This patch fixes a set of issues related to func_periodic_hook exporting the
beep functions that gets res_monitor working again.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@412910 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This changes fixes a crash that occurs when stasis determines if it
should send a message out to an application or not. The code
incorrectly assumed that a bridge snapshot would always be present
when in reality for failure cases it may not be.
ASTERISK-23573 #close
........
Merged revisions 412882 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@412883 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change fixes a problem where permanent contacts being qualified were not
being updated. This was caused by the permanent contacts getting a uuid and not a
known identifier, causing an inability to look them up when updating in the
qualify code. A bug also existed where the new configuration may not be available
immediately when updating qualifies.
(closes issue ASTERISK-23514)
Reported by: Richard Mudgett
Review: https://reviewboard.asterisk.org/r/3448/
........
Merged revisions 412551 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@412552 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Adds a tones URI type to the playback resource. The tone can be specified by
name (from indications.conf) or by a tone pattern. In addition, tonezone can
be specified in the URI (by appending ;tonezone=<zone>). Tones must be
stopped manually in order for a stasis control to move on from playback of
the tone. Tones may be paused, resumed, restarted, and stopped. They may
not be rewound or fast forwarded (tones can't be controlled in a way that
lets you skip around from note to note and pausing and resuming will also
restart the tone from the beginning). Tests are currently in development
for this feature (https://reviewboard.asterisk.org/r/3428/).
(closes issue ASTERISK-23433)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/3427/
........
Merged revisions 412535 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@412536 65c4cc65-6c06-0410-ace0-fbb531ad65f3