The reference held for SIP blind transfers using the Replaces header in an
INVITE was never freed on success and also failed to be freed in some error
conditions. This caused a file descriptor leak since the RTP structures in use
at the time of the transfer were never freed. This reference leak and another
relating to subscriptions in the same code path have now been corrected.
(closes issue ASTERISK-19579)
........
Merged revisions 363986 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363987 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363988 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Some switches may not handle the call-deflection/call-rerouting message if
the call is disconnected too soon after being sent. Asteisk was not
waiting for any reply before disconnecting the call.
* Added a 5 second delay before disconnecting the call to wait for a
potential response if the peer does not disconnect first.
(closes issue ASTERISK-19708)
Reported by: mehdi Shirazi
Patches:
jira_asterisk_19708_v1.8.patch (license #5621) patch uploaded by rmudgett
Tested by: rmudgett
........
Merged revisions 363730 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363734 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363740 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Some ISDN switches occasionally fail to send a RESTART ACKNOWLEDGE in
response to a RESTART request.
* Made the second SETUP received after sending a RESTART request clear the
channel resetting state as if the peer had sent the expected RESTART
ACKNOWLEDGE before continuing to process the SETUP. The peer may not be
sending the expected RESTART ACKNOWLEDGE.
(issue ASTERISK-19608)
(issue AST-844)
(issue AST-815)
Patches:
jira_ast_815_v1.8.patch (license #5621) patch uploaded by rmudgett (modified)
........
Merged revisions 363687 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363688 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363689 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk has a setting for the minimum allowed DTMF. If we get shorter
DTMF tones, these will be changed to the minimum on the outbound call
leg.
(closes issue ASTERISK-19772)
Review: https://reviewboard.asterisk.org/r/1882/
Reported by: oej
Tested by: oej
Patches by: oej
Thanks to the reviewers.
1.8 branch for this patch: agave-dtmf-duration-asterisk-conf-1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363558 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Found a small amount of curly brackets in my hotel room here in Denmark.
I hereby donate them to the Asterisk project.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363480 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1) B calls A with Dial option T
2) B DTMF atxfer to C
3) B hangs up
4) C does not answer
5) B is called back
6) B answers
7) B cannot initiate transfers anymore
* Add dial features datastore to recalled party B channel that is a copy
of the original party B channel's dial features datastore.
* Extracted add_features_datastore() from add_features_datastores().
* Renamed struct ast_dial_features features_caller and features_callee
members to my_features and peer_features respectively. These better names
eliminate the need for some explanatory comments.
* Simplified code accessing the struct ast_dial_features datastore.
(closes issue ASTERISK-19383)
Reported by: lgfsantos
........
Merged revisions 363428 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363429 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363430 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Simplify some code in app_dial and app_queue by calling
ast_app_exec_macro() and ast_app_exec_sub().
* Fix minor locking issue in app_dial for post-answer macro/gosub
MACRO/GOSUB_RESULT=GOTO: handling.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363269 65c4cc65-6c06-0410-ace0-fbb531ad65f3
As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
actions were able to run system commands by going through other AMI commands which did
not require that authorization. Specifically, GetVar and Status allowed users to do this
by setting their variable/s options to the SHELL or EVAL functions.
Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
allowed users with originate permission to run MixMonitor and supply a shell command
in the Data argument. That flaw is fixed in those versions of this patch.
(closes issue ASTERISK-17465)
Reported By: David Woolley
Patches:
162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
........
Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363156 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363159 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If Asterisk receives a SIP UPDATE request after a call has been terminated and
the channel has been destroyed but before the SIP dialog has been destroyed, a
condition exists where a connected line update would be attempted on a
non-existing channel. This would cause Asterisk to crash. The patch resolves
this by first ensuring that the SIP dialog has an owning channel before
attempting a connected line update. If an UPDATE request is received and no
channel is associated with the dialog, a 481 response is sent.
(closes issue ASTERISK-19770)
Reported by: Thomas Arimont
Tested by: Matt Jordan
Patches:
ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)
........
Merged revisions 363106 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363107 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363108 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue. When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue. The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun. This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.
(closes issue ASTERISK-19592)
Reported by: Russell Bryant
........
Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 363102 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 363103 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363105 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reimplement the "corosync show members" CLI command using a CPG iterator
instead of the cpg_membership_get API call. This will also show all
CPG members, including those in groups other than 'asterisk', which may
be useful at some point for debugging purposes.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363045 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Redo ast_app_run_sub()/ast_app_exec_sub() to use a known return point so
execution will stop after the routine returns there.
(s@gosub_virtual_context:1)
* Create ast_app_exec_macro() and ast_app_exec_sub() to run the macro and
gosub application respectively with the parameter string already created.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362962 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Move debug message in ast_rtp_instance_early_bridge_make_compatible() to
be output when what it states has actually happened.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362920 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Security Events Framework API was changed while adding the generation of
security events in chan_sip. A payload type and name was missed from being
added to struct ie_maps.
(closes issue ASTERISK-19759)
Reported by: Michael L. Young
Patches:
issue-asterisk-19759.diff uploaded by Michael L. Young (license 5026)
........
Merged revisions 362918 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362919 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The CHANNEL_DEADLOCK_AVOIDANCE() feature of preserving where the channel
lock was originally obtained is overkill where ast_channel_lock_both() was
inlined.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362888 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Speech API apps return -1 on failure, which will hang up the channel. This
may not be desirable behavior for some, but it isn't something that can be
changed without breaking people's dialplans or writing an option to all of the
Speech apps that does what TryExec already does. This patch documents the
hangup behavior of the apps, and suggests TryExec as the solution.
(closes issue AST-813)
........
Merged revisions 362815 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362816 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362817 65c4cc65-6c06-0410-ace0-fbb531ad65f3
ISDN ETSI PTP and Q.SIG (And SS7 in future) have support for reporting who
was the original redirecting party of a call.
* Added support for the original redirecting party and reason to the
REDIRECTING function and the system core as well as to the stubbed
locations in sig_pri.c.
Review: https://reviewboard.asterisk.org/r/1829/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362779 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* chan_mobile: Fixed an overrun where the cind_state buffer (an integer array
of size 16) would be overrun due to improper bounds checking. At worst, the
buffer can be overrun by a total of 48 bytes (assuming 4-byte integers),
which would still leave it within the allocated memory of struct hfp. This
would corrupt other elements in that struct but not necessarily cause any
further issues.
* app_sms: The array imsg is of size 250, while the array (ud) that the data
is copied into is of size 160. If the size of the inbound message is
greater then 160, up to 90 bytes could be overrun in ud. This would corrupt
the user data header (array udh) adjacent to ud.
* chan_unistim: A number of invalid memmoves are corrected. These would move
data (which may or may not be valid) into the ends of these buffers.
* asterisk: ast_console_toggle_loglevel does not check that the console log
level being set is less then or equal to the allowed log levels of 32.
* format_pref: In ast_codec_pref_prepend, if any occurrence of the specified
codec is not found, the value used to index into the array pref->order
would be one greater then the maximum size of the array.
* jitterbuf: If the element being placed into the jitter buffer lands in the
last available slot in the jitter history buffer, the insertion sort attempts
to move the last entry in the buffer into one slot past the maximum length
of the buffer. Note that this occurred for both the min and max jitter
history buffers.
* tdd: If a read from fsk_serial returns a character that is greater then 32,
an attempt to read past one of the statically defined arrays containing the
values that character maps to would occur.
* localtime: struct ast_time and tm are not the same size - ast_time is larger,
although it contains the elements of tm within it in the same layout. Hence,
when using memcpy to copy the contents of tm into ast_time, the size of tm
should be used, as opposed to the size of ast_time.
* extconf: this treats ast_timing's minmask array as if it had a length of 48,
when it has defined the size of the array as 24. pbx.h defines minmask as
having a size of 48.
(issue ASTERISK-19668)
Reported by: Matt Jordan
........
Merged revisions 362485 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362496 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362497 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Security Events Framework API changed in trunk to support IPv6. This broke
the building of the security events test which was based around IPv4. This
patches fixes the build by changing the test to conform to the new changes.
(related to issue ASTERISK-19447)
Review: https://reviewboard.asterisk.org/r/1874/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362432 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Several telcos bring the BRI PTMP layer 1 down when the line is idle.
When layer 1 goes down, Asterisk cannot make outgoing calls. Incoming
calls could fail as well because the alarm processing is handled by a
different code path than the Q.931 messages.
* Add the layer1_presence configuration option to ignore layer 1 alarms
when the telco brings layer 1 down. This option can be configured by span
while the similar DAHDI driver teignorered=1 option is system wide. This
option unlike layer2_persistence does not require libpri v1.4.13 or newer.
Related to JIRA AST-598
JIRA ABE-2845
........
Merged revisions 362428 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362429 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362430 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses a number of modules in resources that did not handle the
negative return value from function calls adequately. This includes:
* res_agi.c: if the result of the read function is a negative number,
indicating some failure, the result would instead be treated as the number
of bytes read. This patch now treats negative results in the same manner
as an end of file condition, with the exception that it also logs the
error code indicated by the return.
* res_musiconhold.c: if spawn_mp3 fails to assign a file descriptor to srcfd,
and instead assigns a negative value, that file descriptor could later be
passed to functions that require a valid file descriptor. If spawn_mp3 fails,
we now immediately retry instead of continuing in the logic.
* res_rtp_asterisk.c: if no codec can be matched between two RTP instances
in a peer to peer bridge, we immediately return instead of attempting to
use the codec payload type as an index to determine the appropriate negotiated
codec.
(issue ASTERISK-19655)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1863/
........
Merged revisions 362362 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362364 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362365 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A number of va_copy operations weren't matched with a corresponding va_end in res_config_odbc. Also, there was a potential for va_end to be invoked twice on the same va_arg in utils, which would mean invoking va_end on an undefined variable... which is bad.
va_end is removed from various functions in config_pgsql and config_curl since they aren't making their own copy. The invokers of those functions are responsible for calling va_end on them.
(issue ASTERISK-19451)
Reported by: Walter Doekes
Review: https://reviewboard.asterisk.org/r/1848/
........
Merged revisions 362354 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362357 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362363 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses a number of modules in main that did not handle the
negative return value from function calls adequately, or were not sufficiently
clear that the conditions leading to improper handling of the return values
could not occur. This includes:
* asterisk.c: A negative return value from the read function would be used
directly as an index into a buffer. We now check for success of the read
function prior to using its result as an index.
* manager.c: Check for failures in mkstemp and lseek when handling the
temporary file created for processing data returned from a CLI command in
action_command. Also check that the result of an lseek is sanitized prior
to using it as the size of a memory map to allocate.
(issue ASTERISK-19655)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1863/
........
Merged revisions 362359 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362360 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362361 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In a variety of locations in both reading and writing a file, the result
from the C library function ftello is used as input to other functions. For
the parameters and functions in question, a negative value is invalid input.
This patch checks the return value from the ftello function to determine if
we were able to determine the current position in the file stream and, if not,
fail gracefully.
(issue ASTERISK-19655)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1863/
........
Merged revisions 362355 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362356 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362358 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A very inappropriate placement of a ')' (introduced in r362151) caused the
maximum size of a file to be set as the result of a comparison operation, as
opposed to the result of the ftello operation. This resulted in seeking being
restricted to the beginning of the file, or 1 byte into the file. Thanks to
the Asterisk Test Suite for properly freaking out about this on at least one
test.
(issue ASTERISK-19655)
Reported by: Matt Jordan
........
Merged revisions 362304 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362305 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362306 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a bind address is set to an ANY address (udpbindport=::), a warning message
is displayed stating that "Address remapping activated in sip.conf but we're
using IPv6, which doesn't need it. Please remove 'localnet' and/or 'externaddr'
settings." But if one is running dual stack, we shouldn't be told to turn those
settings off.
This patch checks if the bind address is an ANY address or not. The warning
message will now only be displayed if the bind address is NOT an ANY address and
IPv6 is being used.
Also, updated the copyright year.
(closes issue ASTERISK-19456)
Reported by: Michael L. Young
Tested by: Michael L. Young
Patches:
chan_sip_ipv6_message.diff uploaded by Michael L. Young (license 5026)
........
Merged revisions 362253 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362264 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362266 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In chan_agent, while handling a channel indicate, the agent channel driver
must obtain a lock on both the agent channel, as well as the channel the
agent channel is using. To do so, it attempts to lock the other channel
first, then unlock the agent channel which is locked prior to entry into
the indicate handler. If this unlock fails with a negative return value,
which can occur if the object passed to agent_indicate is an invalid ao2
object or is NULL, the return value is passed directly to strerror, which
can only accept positive integer values.
In chan_dahdi, the return value of dahdi_get_index is used to directly
index into the sub-channel array. If dahd_get_index returns a negative
value, it would use that value to index into the array, which could cause
an invalid memory access. If dahdi_get_index returns a negative number,
we now default to SUB_REAL.
(issue ASTERISK-19655)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1863/
........
Merged revisions 362204 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 362205 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362206 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Olle Johansson
Kinsey Moore
Alec L Davis
Richard Mudgett
Terry Wilson
Tilghman Lesher
Jonathan Rose
Matthew Jordan
Russell Bryant
Michael L. Young
Walter Doekes
Sean Bright