In handle_negotiated_sdp(), use session->active_media_state when
session->pending_media_state is empty. The 200's SDP should be fed into
handle_negotiated_sdp_session_media() together with the already negotiated
state, which is now in session->active_media_state instead. Only if both
the session's pending and active media are empty should
handle_negotiated_sdp() abort.
ASTERISK-27441
Change-Id: If0d5150ffe6f38d8a854831fef37942258d4629c
The pool cache gets in the way of finding use after free errors of memory
pool contents. Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.
* Added the "cache_pools" option to pjproject.conf. Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the pool
contents are used after free and who freed it.
To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.
Sample pjproject.conf setting:
[startup]
cache_pools=no
* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.
ASTERISK-27704
Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828
* Fix --tarball-config so the option doesn't cause an error.
* Allow for missing /etc/os-release.
* Add a sleep between tarballing the coredump and removing the
output directory to allow the filesystem to settle.
Change-Id: I73e03b13087978bcc7f6bc9f45753990f82d9d77
A couple of additional properties are needed in rtp_engine to enable
support for packet retransmission: AST_RTP_PROPERTY_RETRANS_RECV and
AST_RTP_PROPERTY_RETRANS_SEND. These will both be enabled automatically
if an endpoint has the webrtc option enabled. While this adds no
functionality currently, it will serve as a building block for future
changes for RTP retransmission support.
For more information, refer to the wiki page:
https://wiki.asterisk.org/wiki/display/AST/WebRTC+User+Experience+Improvements
Change-Id: Ic598acd042a045f9d10e5bdccb66f4efc9e587cc
When a line is the maximum length "\n" is found at sizeof(buf) - 2 since
the last character is actually the null terminator. In addition if a
line was exactly 8190 plus a multiple of 8192 characters long the config
parser would skip the following line.
Additionally fix comment in voicemail.conf sample config. It previously
stated that emailbody can only contain up to 512 characters which is
always wrong. The buffer is normally 8192 characters unless LOW_MEMORY
is enabled then it is 512 characters. The updated comment states that
the line can be up to 8190 or 510 characters since the line feed and
NULL terminator each use a character.
ASTERISK-26688 #close
Change-Id: I80864a0d40d2e2d8cd79d72af52a8f0a3a99c015
The transferrer's session channel was destroyed by the transferrer's
serializer thread in a race condition with the transfer target's
serializer thread during an attended transfer. The transfer target's
serializer was attempting to clean up a deferred end status on behalf of
the transferrer's channel when it should have passed the action to the
transferrer's serializer. When the transfer target's serializer lost the
race then both threads wind up trying to end the transferrer's session.
* Push the ast_sip_session_end_if_deferred() call onto the transferrer's
serializer to avoid a race condition that results in a crash. The
session_end() function that could be called by
ast_sip_session_end_if_deferred() really must be executed by the
transferrer's serializer to avoid this kind of crash.
ASTERISK-27568
Change-Id: Iacda724e7cb24d7520e49b2fd7e504aa398d7238
The handling of stream topologies was not protected by channel locks in
simple_bridge_request_stream_topology_change().
* Fixed topology handling to be protected by channel locks where needed in
simple_bridge_request_stream_topology_change().
ASTERISK-27692
Change-Id: Ica5d78a6c7ecf4f0b95fb16de28d3889b32c4776
In ast_websocket_read() we were not adequately checking that the
payload_len was non-zero before passing it to ws_safe_read(). Calling
ws_safe_read with a len argument of 0 will result in a busy loop until
the underlying socket is closed.
ASTERISK-27658 #close
Change-Id: I9d59f83bc563f711df1a6197c57de473f6b0663a
pjproject's fmtp retrieval function failed to catch invalid fmtp attributes.
Because of this Asterisk would crash if given an SDP with an invalid fmtp
attribute.
When retrieving the format this patch now makes sure the fmtp attribute is
available. If not available it now returns an error status.
ASTERISK-27583 #close
Change-Id: I5cebe000ce2d846cae3af33b6d72c416e51caf2f
pjproject's media format parsing algorithm failed to catch invalid values.
Because of this Asterisk would crash if given an SDP with a invalid media
format description.
When parsing the media format description this patch now properly parses the
value and returns an error status if it can't successfully parse/convert the
value.
ASTERISK-27582 #close
Change-Id: I883b3a4ef85b6972397f7b56bf46c5779c55fdd6
Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed. This way the features will always
be available if res_pjsip is loaded.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d
pjsip_distributor:
authenticate() creates a tdata and uses it to send a challenge or
failure response. When pjsip_endpt_send_response2() succeeds, it
automatically decrements the tdata ref count but when it fails, it
doesn't. Since we weren't checking for a return status, we weren't
decrementing the count ourselves on error and were therefore leaking
tdatas.
res_pjsip_session:
session_reinvite_on_rx_request wasn't decrementing the ref count
if an error happened while sending a 491 response.
pre_session_setup wasn't decrementing the ref count if
while sending an error after a pjsip_inv_verify_request failure.
res_pjsip:
ast_sip_send_response wasn't decrementing the ref count on error.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: Iab33a6c7b6fba96148ed465b690ba8534ac961bf