XML encoding in chan_sip is accomplished by naively building the XML
directly from strings. While this usually works, it fails to take into
account escaping the reserved characters in XML.
This patch adds an 'ast_xml_escape' function, which works similarly to
'ast_uri_encode'. This is used to properly escape the local_display
attribute in XML formatted NOTIFY messages.
Several things to note:
* The Right Thing(TM) to do would probably be to replace the
ast_build_string stuff with building an ast_xml_doc. That's a much
bigger change, and out of scope for the original ticket, so I
refrained myself.
* It is with great sadness that I wrote my own ast_xml_escape
function. There's one in libxml2, but it's knee-deep in
libxml2-ness, and not easily used to one-off escape a
string.
* I only escaped the string we know is causing problems
(local_display). At least some of the other strings are
URI-encoded, which should be XML safe. Rather than figuring out
what's safe and escaping what's not, it would be much cleaner to
simply build an ast_xml_doc for the messages and let the XML
library do the XML escaping. Like I said, that's out of scope.
(closes issue ABE-2902)
Reported by: Guenther Kelleter
Tested by: Guenther Kelleter
Review: http://reviewboard.digium.internal/r/365/
........
Merged revision 378919 from https://origsvn.digium.com/svn/asterisk/be/branches/C.3-bier
........
Merged revisions 378933 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 378934 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378935 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The original comment was separated from the code at some point, and didn't
reflect the use of libc's other than glibc for Linux.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@376821 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Although it is very rare and timing dependent, the potential exists for the
call to 'daemon' to cause what appears to be a deadlock in Asterisk during
startup. This can occur when a recursive mutex is obtained prior to the
daemon call executing. Since daemon uses fork to send the process into the
background, any threading primitives are unsafe to re-use after the call.
Implementations of pthread recursive mutexes are highly likely to store the
thread identifier of the thread that previously obtained the mutex. If
the mutex was locked prior to the fork, a subsequent unlock operation will
potentially fail as the thread identifier is no longer valid. Since the
mutex is still locked, all subsequent attempts to grab the mutex by other
threads will block.
This behavior exhibited itself most often when DEBUG_THREADS was enabled, as
this compile time option surrounds the mutexes in Asterisk with another
recursive mutex that protects the storage of thread related information. This
made it much more likely that a recursive mutex would be obtained prior to
daemon and unlocked after the call.
This patch does the following:
a) It backports a patch from Asterisk 11 that prevents the spawning of the
localtime monitoring thread. This thread is now spawned after Asterisk has
fully booted.
b) It re-orders the startup sequence to call daemon earlier during Asterisk
startup. This limits the potential of threading primitives being accessed
by initialization calls before daemon is called.
c) It removes calls to ast_verbose/ast_log/etc. prior to daemon being called.
Developers should send error messages directly to stderr prior to daemon,
as calls to ast_log may access recursive mutexes that store thread related
information.
d) It reorganizes when thread local storage is created for storing lock
information during the creation of threads. Prior to this patch, the
read/write lock protecting the list of threads in ast_register_thread would
utilize the lock in the thread local storage prior to it being initialized;
this patch prevents that.
On a very related note, this patch will *greatly* improve the stability of the
Asterisk Test Suite.
Review: https://reviewboard.asterisk.org/r/2197
(closes issue ASTERISK-19463)
Reported by: mjordan
Tested by: mjordan
........
Merged revisions 376428 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 376431 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 376441 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@376447 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Makes malloc() behave like calloc(). It will return a memory block
filled with 0x55. A nonzero value.
* Makes free() fill the released memory block and boundary fence's with
0xdeaddead. Any pointer use after free is going to have a pointer
pointing to 0xdeaddead. The 0xdeaddead pointer is usually an invalid
memory address so a crash is expected.
* Puts the freed memory block into a circular array so it is not reused
immediately.
* When the circular array rotates out a memory block to the heap it checks
that the memory has not been altered from 0xdeaddead.
* Made the astmm_log message wording better.
* Made crash if the DO_CRASH menuselect option is enabled and something is
found.
* Fixed a potential alignment issue on 64 bit systems.
struct ast_region.data[] should now be aligned correctly for all
platforms.
* Extracted region_check_fences() from __ast_free_region() and
handle_memory_show().
* Updated handle_memory_show() CLI usage help.
Review: https://reviewboard.asterisk.org/r/2182/
........
Merged revisions 376029 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 376030 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 376048 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@376049 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r375993 | mmichelson | 2012-11-07 11:01:13 -0600 (Wed, 07 Nov 2012) | 30 lines
Fix misuses of timeouts throughout the code.
Prior to this change, a common method for determining if a timeout
was reached was to call a function such as ast_waitfor_n() and inspect
the out parameter that told how many milliseconds were left, then use
that as the input to ast_waitfor_n() on the next go-around.
The problem with this is that in some cases, submillisecond timeouts
can occur, resulting in the out parameter not decreasing any. When this
happens thousands of times, the result is that the timeout takes much
longer than intended to be reached. As an example, I had a situation where
a 3 second timeout took multiple days to finally end since most wakeups
from ast_waitfor_n() were under a millisecond.
This patch seeks to fix this pattern throughout the code. Now we log the
time when an operation began and find the difference in wall clock time
between now and when the event started. This means that sub-millisecond timeouts
now cannot play havoc when trying to determine if something has timed out.
Part of this fix also includes changing the function ast_waitfor() so that it
is possible for it to return less than zero when a negative timeout is given
to it. This makes it actually possible to detect errors in ast_waitfor() when
there is no timeout.
(closes issue ASTERISK-20414)
reported by David M. Lee
Review: https://reviewboard.asterisk.org/r/2135/
........
r375994 | mmichelson | 2012-11-07 11:08:44 -0600 (Wed, 07 Nov 2012) | 3 lines
Remove some debugging that accidentally made it in the last commit.
........
Merged revisions 375993-375994 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 375995 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 376014 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@376015 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When compiling with BETTER_BACKTRACES enabled, Asterisk will sometimes
crash when "core show locks" is run. This happens regularly in the
testsuite since several tests run "core show locks" to help with
debugging. This seems to be a fault with libraries on certain operating
systems (notably CentOS 6.2/6.3) running on virtual machines and
utilizing gcc 4.4.6.
(issue ASTERISK-20090)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371535 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r369001 | kpfleming | 2012-06-15 10:56:08 -0500 (Fri, 15 Jun 2012) | 11 lines
Add support-level indications to many more source files.
Since we now have tools that scan through the source tree looking for files
with specific support levels, we need to ensure that every file that is
a component of a 'core' or 'extended' module (or the main Asterisk binary)
is explicitly marked with its support level. This patch adds support-level
indications to many more source files in tree, but avoids adding them to
third-party libraries that are included in the tree and to source files
that don't end up involved in Asterisk itself.
........
r369002 | kpfleming | 2012-06-15 10:57:14 -0500 (Fri, 15 Jun 2012) | 3 lines
Add a script to enable finding source files without support-levels defined.
........
Merged revisions 369001-369002 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 369005 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369013 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Hangup now can take a regular expression as the Channel option. If you want
to hangup multiple channels, use /regex/ as the Channel option. Existing
behavior to hanging up a single channel is unchanged, but if you pass a regex,
the manager will send you a list of channels back that were hung up.
(closes issue ASTERISK-19575)
Reported by: Mark Murawski
Tested by: Mark Murawski
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@361038 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Everything still compiled after making these changes, so I assume these
whitespace-only changes didn't break anything (and shouldn't have).
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@360190 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There exists a remotely exploitable stack buffer overflow in HTTP digest
authentication handling in Asterisk. The particular method in question
is only utilized by HTTP AMI. When parsing the digest information, the
length of the string is not checked when it is copied into temporary buffers
allocated on the stack.
This patch fixes this behavior by parsing out pre-defined key/value pairs
and avoiding unnecessary copies to the stack.
(closes issue ASTERISK-19542)
Reported by: Russell Bryant
Tested by: Matt Jordan
........
Merged revisions 359706 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 359707 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@359708 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Integers should always be aligned. For some platforms (ARM, SPARC) this
is more important than for others. This changeset ensures that the
string field string lengths are aligned on *all* platforms, not just on
the SPARC for which there was a workaround. It also fixes that the
length integer can be resized to 32 bits without problems if needed.
(closes issue ASTERISK-17310)
Reported by: radael, S Adrian
Reviewed by: Tzafrir Cohen, Terry Wilson
Tested by: S Adrian
Review: https://reviewboard.asterisk.org/r/1549
........
Merged revisions 343157 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 343158 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@343163 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The ast_string_field_build_va functions were written to take to separate
va_lists to work around FreeBSD 4 not having va_copy defined.
In the end, we don't support anything using gcc < 3 anyway because we use
va_copy all over the place anyway. This patch just simplifies things by
removing the second va_list function arguments in favor of va_copy.
Review: https://reviewboard.asterisk.org/r/1233/
--This line, and those below, will be ignored--
M include/asterisk/stringfields.h
M main/utils.c
M main/channel.c
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@320946 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r316917 | seanbright | 2011-05-04 22:23:28 -0400 (Wed, 04 May 2011) | 5 lines
Make sure that tcptls_session is properly initialized.
(issue #18598)
Reported by: ksn
........
r316918 | seanbright | 2011-05-04 22:25:20 -0400 (Wed, 04 May 2011) | 5 lines
Look at the correct buffer for our digest info instead of an empty one.
(issue #18598)
Reported by: ksn
........
r316919 | seanbright | 2011-05-04 22:30:45 -0400 (Wed, 04 May 2011) | 10 lines
Use the correct HTTP method when generating our digest, otherwise we always fail.
When calculating the 'A2' portion of our digest for verification, we need the
HTTP method that is currently in use. Unfortunately our mapping function was
incorrect, resulting in invalid hashes being generated and, in turn, failures
in authentication.
(closes issue #18598)
Reported by: ksn
........
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@316920 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/1.8
........
r304950 | tilghman | 2011-01-31 00:41:36 -0600 (Mon, 31 Jan 2011) | 18 lines
Change mutex tracking so that it only consumes memory in the core mutex object when it's actually being used.
This reduces the overall size of a mutex which was 3016 bytes before this back
down to 216 bytes (this is on 64-bit Linux with a glibc-implemented mutex).
The exactness of the numbers here may vary slightly based upon how mutexes are
implemented on a platform, but the long and short of it is that prior to this
commit, chan_iax2 held down 98MB of memory on a 64-bit system for nothing more
than a table of 32767 locks. After this commit, the same table occupies a mere
7MB of memory.
(closes issue #18194)
Reported by: job
Patches:
20110124__issue18194.diff.txt uploaded by tilghman (license 14)
Tested by: tilghman
Review: https://reviewboard.asterisk.org/r/1066
........
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@304951 65c4cc65-6c06-0410-ace0-fbb531ad65f3
For each component, the set of valid BNF expansions defines exactly
which characters may appear unescaped. All other characters MUST be
escaped.
This patch modifies ast_uri_encode() to encode strings in line with this recommendation. This patch also adds an ast_escape_quoted() function which escapes '"' and '\' characters in quoted strings in accordance with section 25.1 of RFC 3261. The ast_uri_encode() function has also been modified to take an ast_flags struct describing the set of rules it should use when escaping characters to allow for it to escape SIP URIs in addition to HTTP URIs and other types of URIs or variations of those two URI types in the future.
The ast_uri_decode() function has also been modified to accept an ast_flags struct describing the set of rules to use when decoding to enable decoding '+' as ' ' in legacy http URLs.
The unit tests for these functions have also been updated.
ABE-2705
Review: https://reviewboard.asterisk.org/r/1081/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@303509 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/1.8
................
r302555 | seanbright | 2011-01-19 14:03:32 -0500 (Wed, 19 Jan 2011) | 14 lines
Merged revisions 302554 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
........
r302554 | seanbright | 2011-01-19 14:02:29 -0500 (Wed, 19 Jan 2011) | 7 lines
Don't call strlen() when we only need to look at the next character or two.
(closes issue #18042)
Reported by: wdoekes
Patches:
astsvn-inefficient-ast-uri-decode.patch uploaded by wdoekes (license 717)
........
................
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@302556 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/1.8
................
r298960 | tilghman | 2010-12-17 17:52:04 -0600 (Fri, 17 Dec 2010) | 20 lines
Merged revisions 298957 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
................
r298957 | tilghman | 2010-12-17 17:30:55 -0600 (Fri, 17 Dec 2010) | 13 lines
Merged revisions 298905 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r298905 | tilghman | 2010-12-17 15:40:56 -0600 (Fri, 17 Dec 2010) | 6 lines
Let Asterisk find better backtrace information with libbfd.
The menuselect option BETTER_BACKTRACES, if enabled, will use libbfd to search
for better symbol information within both the Asterisk binary, as well as
loaded modules, to assist when using inline backtraces to track down problems.
Review: https://reviewboard.asterisk.org/r/1055/
........
................
................
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@298961 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Already had the pthread ID which is not the same. The most obvious enhancement
is in the "core show threads" output. As stated in the utils header, if the
platform isn't supported -1 is reported (instead of the process ID previously).
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@298137 65c4cc65-6c06-0410-ace0-fbb531ad65f3
(Copied from reviewboard)
Tests the following:
1. Basic allocation and setting of string fields.
2. Shrinking a string field and re-expanding it.
3. Growing the last allocation in a string field pool.
4. Setting a string to a large value such that a new string field pool must be
allocated.
In each part, we make sure that the string field is accurate (has the correct
value in it), make sure that the 2 bytes before the string field has the correct
capacity for the field, and for tests 2-4, we make sure that the string field is
where we expect it to be in memory.
Also tested:
5. Shrinking a string field and partially re-expanding it.
6. Setting strings in such a way as to create three separate string field pools
and then removing the middle pool.
There is a bug fix in the init function, which ensures the embedded_pool is set
to NULL which is important for stack allocated structures.
Review: https://reviewboard.asterisk.org/r/185/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@251736 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1. URI Encoding
This patch changes ast_uri_encode()'s behavior when doreserved is enabled.
Previously when doreserved was enabled only a small set of reserved
characters were encoded. This set was comprised primarily of the reserved
characters defined in RFC3261 section 25.1, but contained other characters as
well. Rather than only escaping the reserved set, doreserved now escapes
all characters not within the unreserved set as defined by RFC 3261 and
RFC 2396. Also, the 'doreserved' variable has been renamed to 'do_special_char'
in attempts to avoid confusion.
When doreserve is not enabled, the previous logic of only encoding the
characters <= 0X1F and > 0X7f remains, except for the '%' character, which
must always be encoded as it signifies a HEX escaped character during the decode
process.
2. URI Decoding: Break up URI before decode.
In chan_sip.c ast_uri_decode is called on the entire URI instead of it's
individual parts after it is parsed. This is not good as ast_uri_decode
can introduce special characters back into the URI which can mess up parsing.
This patch resolves this by not decoding a URI until parsing is completely
done. There are many instances where we check to see if pedantic checking
is enabled before we decode a URI. In these cases a new macro,
SIP_PEDANTIC_DECODE, is used on the individual parsed segments of the URI
rather than constantly putting if (pedantic) { decode() } checks everywhere
in the code. In the areas where ast_uri_decode is not dependent upon
pedantic checking this macro is not used, but decoding is still moved to
each individual part of the URI. The only behavior that should change from
this patch is the time at which decoding occurs.
Since I had to look over every place URI parsing occurs to create this
patch, I found several places where we use duplicate code for parsing.
To consolidate the code, those areas have updated to use the parse_uri()
function where possible.
3. SIP display-name decoding according to RFC3261 section 25.
To properly decode the display-name portion of a FROM header, chan_sip's
get_calleridname() function required a complete re-write. More information
about this change can be found in the comments at the beginning of this function.
4. Unit Tests.
Unit tests for ast_uri_encode, ast_uri_decode, and get_calleridname() have been
written. This involved the addition of the test_utils.c file for testing the
utils api.
(closes issue #16299)
Reported by: wdoekes
Patches:
astsvn-16299-get_calleridname.diff uploaded by wdoekes (license 717)
get_calleridname_rewrite.diff uploaded by dvossel (license 671)
Tested by: wdoekes, dvossel, Nick_Lewis
Review: https://reviewboard.asterisk.org/r/469/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@243200 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk would crash on startup if MALLOC_DEBUG were set in menuselect. This is because
the manager action UpdateConfig had to resize its string field allocation to set the
description. When the resize occurred, ast_copy_string would crash because we were
attempting to copy a string from a NULL pointer. Setting the strings initially makes
the code much less crashy.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@240420 65c4cc65-6c06-0410-ace0-fbb531ad65f3
It is possible for a stringfield manager structure (and pool) structure to be allocated
as part of a larger structure allocation (using ast_calloc_with_strinfields()); when
this is done, the stringfield pool cannot be separately freed, but users of the tructure
may not be aware (and shouldn't have to be aware) of whether the pool was embedded.
This patch modifies the behavior so that they can always call ast_string_field_free_memory()
and the function will do the right thing for both embedded and non-embedded situations.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@197775 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds 'const' tags to a number of Asterisk APIs where they are appropriate (where the API already demanded that the function argument not be modified, but the compiler was not informed of that fact). The list includes:
- CLI command handlers
- CLI command handler arguments
- AGI command handlers
- AGI command handler arguments
- Dialplan application handler arguments
- Speech engine API function arguments
In addition, various file-scope and function-scope constant arrays got 'const' and/or 'static' qualifiers where they were missing.
Review: https://reviewboard.asterisk.org/r/251/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@196072 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit adds an API call that can be used to allocate a structure along with this stringfield storage in a single allocation.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@192362 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Under some conditions, the memory allocation for stringfields and ao2 objects would not have supplied valid file/function names for MALLOC_DEBUG tracking, so this commit corrects that.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@192357 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit modifies the stringfield pool allocator to remember the 'owner' of the stringfield manager the pool is being allocated for, and ensures that pools allocated in the future when fields are populated are owned by that file/function.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@192279 65c4cc65-6c06-0410-ace0-fbb531ad65f3
David M. Lee
Russell Bryant
Matthew Jordan
Richard Mudgett
Mark Michelson
Kinsey Moore
Kevin P. Fleming
Joshua Colp
Mark Murawki
Jonathan Rose
Walter Doekes
Terry Wilson
Sean Bright
Alec L Davis
Tilghman Lesher
Matthew Nicholson
Jeff Peeler
Tzafrir Cohen
David Vossel
Michiel van Baak