At least one call to run_externnotify provides a NULL context parameter and
because the snprintf statement doesn't account for a NULL context parameter,
it simply writes '(null)' to the arguments string instead. This patch makes
it write two quotes back to back for that argument instead in the event of
a NULL context.
(closes issue ASTERISK-18207)
Reported by: Barry L. Kline
Patches:
modified from patch-20130306 uploaded by Karsten Wemheuer (License 5930)
........
Merged revisions 384325 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 384326 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@384327 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Updated test_uuid.c to test the new API call.
* Made system use the new API call to eliminate "10's of lines" where
used.
* Fixed untested ast_strdup() return in stasis_subscribe() by eliminating
the need for it. struct stasis_subscription now contains the uniqueid[]
string.
* Fixed some issues in exchangecal_write_event():
Create uid with enough space for a UUID string to avoid a realloc.
Fix off by one error if the calendar event provided a UUID string.
There is no need to check for NULL before calling ast_free().
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@384302 65c4cc65-6c06-0410-ace0-fbb531ad65f3
While looking at the security vulnerability in ASTERISK-20967, Walter noticed
a file descriptor leak and some other issues in off nominal code paths. This
patch corrects them.
Note that this patch is not related to the vulnerability in ASTERISK-20967,
but the patch was placed on that issue.
(closes issue ASTERISK-20967)
Reported by: wdoekes
patches:
issueA20967_file_leak_and_unused_wkspace.patch uploaded by wdoekes (License 5674)
........
Merged revisions 384118 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 384119 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@384120 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When res_rtp_asterisk.c was altered to avoid attempting to apply
unprotect algorithms to non-audio RTP packets, the test used was
incorrect. This caused the audio packets to not be decrypted and
resulted in loud white noise on the other endpoint (or both endpoints
depending on the call legs involved). The test now properly checks the
version field in the RTP header to ensure that RTP and RTCP are
decrypted while other types of packets are not.
(closes issue ASTERISK-21323)
Reported by: andrea
Tested by: Kinsey Moore, andrea, John Bigelow
Patches:
whitenoise_fix.diff uploaded by Kinsey Moore
........
Merged revisions 384048 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 384049 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@384050 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways. The
information is disclosed when:
* A "407 Proxy Authentication Required" response is sent instead of a
"401 Unauthorized" response
* The presence or absence of additional tags occurs at the end of "403
Forbidden" (such as "(Bad Auth)")
* A "401 Unauthorized" response is sent instead of "403 Forbidden" response
after a retransmission
* Retransmission are sent when a matching peer did not exist, but not when a
matching peer did exist.
This patch resolves these various vectors by ensuring that the responses sent
in all scenarios is the same, regardless of the presence of a matching peer.
This issue was reported by Walter Doekes, OSSO B.V. A substantial portion of
the testing and the solution to this problem was done by Walter as well - a
huge thanks to his tireless efforts in finding all the ways in which this
setting didn't work, providing automated tests, and working with Kinsey on
getting this fixed.
(closes issue ASTERISK-21013)
Reported by: wdoekes
Tested by: wdoekes, kmoore
patches:
AST-2013-003-1.8 uploaded by kmoore, wdoekes (License 6273, 5674)
AST-2013-003-10 uploaded by kmoore, wdoekes (License 6273, 5674)
AST-2013-003-11 uploaded by kmoore, wdoekes (License 6273, 5674)
........
Merged revisions 384003 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@384019 65c4cc65-6c06-0410-ace0-fbb531ad65f3
AST-2012-014, fixed in January of this year, contained a fix for Asterisk's
HTTP server for a remotely-triggered crash. While the fix put in place fixed
the possibility for the crash to be triggered, a denial of service vector still
exists with that solution if an attacker sends one or more HTTP POST requests
with very large Content-Length values. This patch resolves this by capping
the Content-Length at 1024 bytes. Any attempt to send an HTTP POST with
Content-Length greater than this cap will not result in any memory allocation.
The POST will be responded to with an HTTP 413 "Request Entity Too Large"
response.
This issue was reported by Christoph Hebeisen of TELUS Security Labs
(closes issue ASTERISK-20967)
Reported by: Christoph Hebeisen
patches:
AST-2013-002-1.8.diff uploaded by mmichelson (License 5049)
AST-2013-002-10.diff uploaded by mmichelson (License 5049)
AST-2013-002-11.diff uploaded by mmichelson (License 5049)
........
Merged revisions 383978 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383980 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The format attribute resource for H.264 video performs an unsafe read against a
media attribute when parsing the SDP. The value passed in with the format
attribute is not checked for its length when parsed into a fixed length buffer.
This patch resolves the vulnerability by only reading as many characters from
the SDP value as will fit into the buffer.
(closes issue ASTERISK-20901)
Reported by: Ulf Harnhammar
patches:
h264_overflow_security_patch.diff uploaded by jrose (License 6182)
........
Merged revisions 383973 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383975 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The softbutton endcall should not turn a transfer into a blind transfer but
hangup the exten being called and leave the original call on hold. This does
that.
(closes issue ASTERISK-21321)
Reported by: wedhorn
Tested by: snuffy, myself
Patches:
skinny-xferendcall01.diff uploaded by wedhorn (license 5019)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383948 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r373424, several reentrancy problems in chan_sip were addressed. As a
result, the SIP channel driver is now properly locking the channel driver
private information in certain operations that it wasn't previously. This
exposed two latent problems either in register_verify or by functions called
by register_verify. This includes:
* Holding the private lock while calling sip_send_mwi_to_peer. This can create
a new sip_pvt via sip_alloc, which will obtain the channel container lock.
This is a locking inversion, as any channel related lock must be obtained
prior to obtaining the SIP channel technology private lock.
Note that this issue was already fixed in Asterisk 11.
* Holding the private lock while calling sip_poke_peer. In the same vein as
sip_send_mwi_to_peer, sip_poke_peer can create a new SIP private, causing
the same locking inversion.
Note that this locking inversion typically occured when CLI commands were run
while a SIP REGISTER request was being processed, as many CLI commands (such
as 'sip show channels', 'core show channels', etc.) have to obtain the channel
container lock.
(issue ASTERISK-21068)
Reported by: Nicolas Bouliane
(issue ASTERISK-20550)
Reported by: David Brillert
(issue ASTERISK-21314)
Reported by: Badalian Vyacheslav
(issue ASTERISK-21296)
Reported by: Gabriel Birke
........
Merged revisions 383863 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 383878 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383879 65c4cc65-6c06-0410-ace0-fbb531ad65f3
r375757 attempted to resolve a race condition between multiple submissions of
CDRs while in batch mode from attempting to destroy the scheduled batch
submission by extending the batch CDR lock. Unfortunately, this causes a
deadlock between the pending CDR lock and the batch CDR lock. This patch
resolves the intent of r375757 by simply providing a new lock that protects
the scheduling of the batches. The original batch CDR lock is kept to protect
manipulation of the batch CDR settings, but has been placed such that it
is not held when the pending lock is held.
Thanks to Chase Venters for providing lock analysis on the issue.
(issue ASTERISK-21162)
Reported by: Chase Venters
........
Merged revisions 383839 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 383840 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383841 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This code caused a compiler warning when --enable-dev-mode was not used.
The warning was that this variable was set but not used. That was indeed
the case as the only place this is used is as an argument to SKINNY_DEBUG
which is compiled out when not in dev mode.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383838 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When an SLA trunk is ringing (inbound call on the trunk) Asterisk will
make outbound calls to the stations that have that trunk. If more than
one station answers the call at the same time, all channels other than
the first one to answer are left in a bad state. The channel gets
leaked, is not connected to anything, and there's no way to get rid of
it.
We now properly clean up these losing channels by hanging up on them.
Since they lost the race, as we process their answer, there is no
ringing trunk for them to answer.
........
Merged revisions 383835 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 383836 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383837 65c4cc65-6c06-0410-ace0-fbb531ad65f3
HangupRequest and SoftHangupRequest are now ast_channel_blob Stasis
messages, with the cause code as an optional field in the blob.
NewCallerid now simply watches for changes in the callerid information
in channel snapshots, and creates the AMI event appropriately.
Since the original NewCallerid event honored the channelvars setting
in manager.conf, the channel variables configured there had to become
a part of the channel snapshot. These are now a part of every snapshot
based event, making the configuration description "every time a
channel-oriented event is emitted" less of a lie.
There a a few other changes wrapped up in here as well.
* When ast_channel_topic() is given NULL for a channel, it returns
the ast_channel_topic_all() topic instead of NULL. This can clean
up a lot of NULL checking we're doing currently.
* The fields Cause and Cause-txt were removed from the base channel
information and put only on the Hangup events, since those fields
are meaningless outside of a Hangup event.
* Removed the pipe-delimiter processing of the channelvars field,
since that's been deprecated forever.
(closes issue ASTERISK-21096)
Review: https://reviewboard.asterisk.org/r/2405/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383726 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Core modules don't honor <depend> flags in MODULEINFO, which broke jansson
if specified --with-jansson to configure.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383633 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A regression was accidentally introduced when allowing an optional ID to be used
when calling StopMixMonitor. When we are unable to stop MixMonitor on a
channel, -1 is being returned which triggers the hangup of the channel.
This patch restores the prior behavior by returning 0 whether we were successful
or not. It also allows the call from the manager to use the return code when
the action fails.
(closes issue ASTERISK-21294)
Reported by: daroz
Tested by: daroz
Patches:
asterisk-21294-stop_mixmonitor_hangingup.diff Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/2404/
........
Merged revisions 383631 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383632 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When I moved res_json.c to json.c, I left the MODULE_INFO stuff in there,
which was interesting if you ran module show. I also forgot to call what
was in module_load() from asterisk main().
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383611 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch started out simply as fixing the bouncing tests introduced
in r382685, but required some other changes to give it a decent
implementation.
To fix the bouncing tests, the UserEvent and Newexten AMI events
needed to be refactored to dispatch via Stasis. Dispatching directly
to AMI resulted in those events sometimes getting ahead of the
associated Newchannel events, which would understandably confuse anyone.
I found that instead of creating a zillion different message types and
structures associated with them, it would be preferable to define a
message type that has a channel snapshot and a blob of structured data
with a small bit of additional information. The JSON object model
provides a very nice way of representing structured data, so I went
with that.
* Move JSON support from res_json.c to main/json.c
* Made libjansson-dev a required dependency
* Added an ast_channel_blob message type, which has a channel
snapshot and JSON blob of data.
* Changed UserEvent and Newexten events so that they are dispatched
via ast_channel_blob messages on the channel's topic.
* Got rid of the ast_channel_varset message; used ast_channel_blob
instead.
* Extracted the manager functions converting Stasis channel events to
AMI events into manager_channel.c.
(issue ASTERISK-21096)
Review: https://reviewboard.asterisk.org/r/2381/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383579 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Because of the way that topics were handled when publishing, it was
possible to dispatch a message to a subscription after that
subscription had been unsubscribed such that the dispatched message
arrived at the callback after the callback had received its final
message. In callbacks that cleaned up user data, this would often cause
a segfault. This has been resolved by locking the topic during the
entirety of dispatch. To prevent long publishing and topic locking
times, forwarding subscriptions have been made to be standard
subscriptions instead of mailboxless subscriptions which were
dispatched at publishing time.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383422 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When using scoped locks, the unref of an AO2 object should happen after
the unlock occurs which requires usage of scoped refs.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383377 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Remove MWI's dependency on the event system by moving it to
Stasis-core. This also introduces forwarding topic pools in Stasis-core
which aggregate many dynamically allocated topics into a single primary
topic.
Review: https://reviewboard.asterisk.org/r/2368/
(closes issue ASTERISK-21097)
Patch-by: Kinsey Moore
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383284 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change allows you to use XMPP buddy state in places where device state
can be used be used, such as dialplan hints. If at least one resource is
available the buddy is considered available. Now your phone can reflect
their IM status too!
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383283 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Often times, when subscribing to a topic, one wants to handle
different message types differently. While one could cascade if/else
statements through the subscription handler, it is much cleaner to
specify a different callback for each message type. The
stasis_message_router is here to help!
A stasis_message_router is constructed for a particular stasis_topic,
which is subscribes to. Call stasis_message_router_unsubscribe() to
cancel that subscription.
Once constructed, routes can be added using
stasis_message_router_add() (or stasis_message_router_set_default()
for any messages not handled by other routes). There may be only one
route per stasis_message_type. The route's callback is invoked just as
if it were a callback for a subscription; but it only gets called for
messages of the specified type.
(issue ASTERISK-20887)
Review: https://reviewboard.asterisk.org/r/2390/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383242 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Unsubscribing things in Asterisk seems to very commonly follow with
NULLing out the variable that was unsubscribed. This change makes that
a bit simpler.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383168 65c4cc65-6c06-0410-ace0-fbb531ad65f3
AMI, HTTP, and chan_sip all support TLS in some way, but none of them
support all the options that Asterisk's TLS core is capable of
interpreting. This prevents consumers of the TLS/SSL layer from setting
TLS/SSL options that they do not support.
This also gets tlsverifyclient closer to a working state by requesting
the client certificate when tlsverifyclient is set. Currently, there is
no consumer of main/tcptls.c in Asterisk that supports this feature and
so it can not be properly tested.
Review: https://reviewboard.asterisk.org/r/2370/
Reported-by: John Bigelow
Patch-by: Kinsey Moore
(closes issue AST-1093)
........
Merged revisions 383165 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 383166 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383167 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a session timer expires during a dialog that has re-negotiated to T.38
and Asterisk is the refresher, Asterisk will send a re-INVITE with an SDP
containing audio media only. This causes some hilarity with the poor fax
session under weigh.
This patch corrects that by sending T.38 parameters if we are in the middle of
a T.38 session.
(closes issue ASTERISK-21232)
Reported by: Nitesh Bansal
patches:
dont-send-audio-reinvite-for-sess-timer-in-t38-call.patch uploaded by nbansal (License 6418)
........
Merged revisions 383124 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 383125 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383126 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In certain situations, call files are not processed when using KQueue with
pbx_spool. Asterisk was sending an invalid timeout value when the spool
directory is empty, causing the call to kevent to error immediately. This
can create a tight loop, increasing the CPU load on the system.
(closes issue ASTERISK-21176)
Reported by: Carlton O'Riley
patches:
kqueue_osx.patch uploaded by coriley (License 6473)
........
Merged revisions 383120 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 383121 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383122 65c4cc65-6c06-0410-ace0-fbb531ad65f3