Version: gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0
Warning:
say.c:2371:24: error: ‘%d’ directive output may be truncated writing
between 1 and 11 bytes into a region of size 10
[-Werror=format-truncation=]
2371 | snprintf(buf, 10, "%d", num);
say.c:2371:23: note: directive argument in the range [-2147483648, 9]
That's not possible though, as the if() starts out checking for (num < 0),
making this Warning a false positive.
(Also replaced some else<TAB>if with else<SP>if while in the vicinity.)
Change-Id: Ic7a70120188c9aa525a6d70289385bfce878438a
This patch initializes a couple of local variables to some default values.
Interestingly, in the 'pj_status_t dlg_status' case the value not being
initialized caused memory to grow, and not be recovered, in the off nominal
path (at least on my machine).
Change-Id: I22ee65e1e1bff8efacea8a167c6c8428898523f7
Ubuntu 20.10 does not come with GMime 2.6. Ubuntu 16.04 LTS does not
come with GMime 3.0. aptitude ignores any missing package. Therefore,
it installs the correct package(s). However, in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS, both versions are installed alongside although only
one is really needed.
Change-Id: Ic58aa9f2e131d94671f286f17dbd61e1ccbabcb7
Note to maintainers: Lua 5.4, Lua 5.3, and Lua 5.2 have not been tested
at runtime with pbx_lua. Until then, use the lowest available version
of Lua, if you enabled the module pbx_lua at all.
Change-Id: Ie5270448b11fcb4e2a53d899e4fe7fea793ce7e0
Added debug logging categories that allow a user to output debug
information based on a specified category. This lets the user limit,
and filter debug output to data relevant to a particular context,
or topic. For instance the following categories are now available for
debug logging purposes:
dtls, dtls_packet, ice, rtcp, rtcp_packet, rtp, rtp_packet,
stun, stun_packet
These debug categories can be enable/disable via an Asterisk CLI command.
While this overrides, and outputs debug data, core system debugging is
not affected by this patch. Statements still output at their appropriate
debug level. As well backwards compatibility has been maintained with
past debug groups that could be enabled using the CLI (e.g. rtpdebug,
stundebug, etc.).
ASTERISK-29054 #close
Change-Id: I6e6cb247bb1f01dbf34750b2cd98e5b5b41a1849
(cherry picked from commit 56028426de)
When handling a send_message request to a non-existing endpoint, the response's
body is overriden and not properly freed.
ASTERISK-29108
Change-Id: Ie1d3d70065f80793445b60f5e4a7eb31b4b9c5c8
With the addition of STIR/SHAKEN, the function ast_base64decode_string
was added for convenience since there is a lot of converting done during
the STIR/SHAKEN process. This function returned the decoded string for
you, but did not NULL terminate it, causing some issues (specifically
with MALLOC_DEBUG). Now, the returned string is NULL terminated, and the
documentation has been updated to reflect this.
Change-Id: Icdd7d05b323b0c47ff6ed43492937a03641bdcf5
Added a new configuration option for PJSIP endpoints - stir_shaken. If
set to yes, then STIR/SHAKEN support will be added to inbound and
outbound INVITEs. The default is no. Alembic has been updated to include
this option.
Previously the dialplan function was not trimming the whitespace from
the parameters it recieved. Now it does.
Also added a conditional that, when TEST_FRAMEWORK is enabled, the
timestamp in the identity header will be overlooked. This is just for
testing, since the testsuite will rely on a SIPp scenario with a preset
identity header to trigger the MISMATCH result.
Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1
Integrated STIR/SHAKEN support with outgoing INVITEs. When an INVITE is
sent, the caller ID will be checked to see if there is a certificate
that corresponds to it. If so, that information will be retrieved and an
Identity header will be added to the SIP message. The format is:
header.payload.signature;info=<public_key_url>alg=ES256;ppt=shaken
Header, payload, and signature are all BASE64 encoded. The public key
URL is retrieved from the certificate. Currently the algorithm and ppt
are ES256 and shaken, respectively. This message is signed and can be
used for verification on the receiving end.
Two new configuration options have been added to the certificate object:
attestation and origid. The attestation is required and must be A, B, or
C. origid is the origination identifier.
A new utility function has been added as well that takes a string,
allocates space, BASE64 encodes it, then returns it, eliminating the
need to calculate the size yourself.
Change-Id: I1f84d6a5839cb2ed152ef4255b380cfc2de662b4
Integrated STIR/SHAKEN support with incoming INVITES. Upon receiving an
INVITE, the Identity header is retrieved, parsing the message to verify
the signature. If any of the parsing fails,
AST_STIR_SHAKEN_VERIFY_NOT_PRESENT will be added to the channel for this
caller ID. If verification itself fails,
AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED will be added. If anything in
the payload does not line up with the SIP signaling,
AST_STIR_SHAKEN_VERIFY_MISMATCH will be added. If all of the above steps
pass, then AST_STIR_SHAKEN_VERIFY_PASSED will be added, completing the
verification process.
A new config option has been added to the general section for
stir_shaken.conf. "signature_timeout" is the amount of time a signature
will be considered valid. If an INVITE is received and the amount of
time between when it was received and when it was signed is greater than
signature_timeout, verification will fail.
Some changes were also made to signing and verification. There was an
error where the whole JSON string was being signed rather than the
header combined with the payload. This has been changed to sign the
correct thing. Verification has been changed to do this as well, and the
unit tests have been updated to reflect these changes.
A couple of utility functions have also been added. One decodes a BASE64
string and returns the decoded string, doing all the length calculations
for you. The other retrieves a string value from a header in a rdata
object.
Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913
Added two unit tests, one for signing and another for verifying.
stir_shaken_sign checks to make sure that all the required parameters
are passed in and then signs the actual payload. If a signature is
produced and a payload returned as a result, the test passes.
stir_shaken_verify takes the signature from a signed payload to verify.
This unit test also verifies that all the required information is passed
in, and then attempts to verify the signature. If verification is
successful and a payload is returned, the test passes.
Change-Id: I9fa43380f861ccf710cd0f6b6c102a517c86ea13
Adds the "STIR_SHAKEN" dialplan function and an API call to add a
STIR_SHAKEN verification result to a channel. This information will be
held in a datastore on the channel that can later be queried through the
"STIR_SHAKEN" dialplan funtion to get information on STIR_SHAKEN results
including identity, attestation, and verify_result. Here are some
examples:
STIR_SHAKEN(count)
STIR_SHAKEN(0, identity)
STIR_SHAKEN(1, attestation)
STIR_SHAKEN(2, verify_result)
Getting the count can be used to iterate through the results and pull
information by specifying the index and the field you want to retrieve.
Change-Id: Ice6d52a3a7d6e4607c9c35b28a1f7c25f5284a82
There are a lot of moving parts in this patch, but the focus of it is on
the verification of the signature using a public key located at the
public key URL provided in the JSON payload. First, we check the
database to see if we have already downloaded the key. If so, check to
see if it has expired. If it has, redownload from the URL. If we don't
have an entry in the database, just go ahead and download the public
key. The expiration is tested each time we download the file. After
that, read the public key from the file and use it to verify the
signature. All sanity checking is done when the payload is first
received, so the verification is complete once this point is reached.
The XML has also been added since a new config option was added to
general (curl_timeout). The maximum amount of time to wait for a
download can be configured through this option, with a low value by
default.
Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
This change provides functions that take in a JSON payload, verify that
the contents contain all the mandatory fields and required values (if
any), and signs the payload with the private key. Four fields are added
to the payload: x5u, attest, iat, and origid. As of now, these are just
placeholder values that will be set to actual values once the logic is
implemented for what to do when an actual payload is received, but the
functions to add these values have all been implemented and are ready to
use. Upon successful signing and the addition of those four values, a
ast_stir_shaken_payload is returned, containing other useful information
such as the algorithm and signature.
Change-Id: I74fa41c0640ab2a64a1a80110155bd7062f13393
This commit sets up some of the initial framework for the module and
adds a way to read the private key from the specified file, which will
then be appended to the certificate object. This works fine for now, but
eventually some other structure will likely need to be used to store all
this information. Similarly, the caller_id_number is specified on the
certificate config object, but in the end we will want that information
to be tied to the certificate itself and read it from there.
A method has been added that will retrieve the private key associated
with the caller_id_number passed in. Tab completion for certificates and
stores has also been added.
Change-Id: Ic4bc1416fab5d6afe15a8e2d32f7ddd4e023295f
In the event that the desired extension already exists,
ast_add_extension2_lockopt() will free the 'data' it is passed before
returning an error, so we should not be freeing it ourselves.
Additionally, there were two places where ast_add_extension2_lockopt()
could return an error without also freeing the 'data' pointer, so we
add that.
ASTERISK-29097 #close
Change-Id: I904707aae55169feda050a5ed7c6793b53fe6eae
app_confbridge now has the ability to set the estimated bitrate on an
SFU bridge. To use it, set a bridge profile's remb_behavior to "force"
and set remb_estimated_bitrate to a rate in bits per second. The
remb_estimated_bitrate parameter is ignored if remb_behavior is something
other than "force".
Change-Id: Idce6464ff014a37ea3b82944452e56cc4d75ab0a
Stop advertising RFC2833 support on the rtp_engine when DTMF mode is
auto but no tel_event was found inside SDP file.
On an incoming call create_rtp will be called and when session->dtmf is
set to AST_SIP_DTMF_AUTO, the AST_RTP_PROPERTY_DTMF will be set without
looking at the SDP file.
Once get_codecs gets called we move the DTMF mode from RFC2833 to INBAND
but continued to advertise RFC2833 support.
This meant the native_rtp bridge would falsely consider the two channels
as compatible. In addition to changing the DTMF mode we now set or
remove the AST_RTP_PROPERTY_DTMF.
The property is checked in ast_rtp_dtmf_compatible and called by
native_rtp_bridge_compatible.
ASTERISK-29051 #close
Change-Id: I1e0c1e324598a437932c0b7836bcb626aba8e287
Arming response to both AST_SIP_SESSION_BEFORE_REDIRECTING and
AST_SIP_SESSION_BEFORE_MEDIA causes 302 to to be handled twice,
resulting in to 181 being generated.
Change-Id: I866e5461564644ffb8a5e12b6f1330b50a7b63ab
When constructing a stream name based on the media type
and position the allocated name was not being freed
causing a leak.
Change-Id: I52510863b24a2f531f0a55b440bb2c81844029de
Because we use shared thread-local cURL instances, we need to ensure
that the state of the cURL instance is correct before each invocation.
In the case of custom headers, we were not resetting cURL's internal
HTTP header pointer which could result in a crash if subsequent
requests do not configure custom headers.
ASTERISK-29085 #close
Change-Id: I8b4ab34038156dfba613030a45f10e932d2e992d
Only track our sample offset if we are playing a non-announcement file,
otherwise we will skip that number of samples when we start playing the
first MoH file.
ASTERISK-24329 #close
Change-Id: Ib6b3c84fcaa1063889ab38ba7e7fc50050a3ccfc
The ast_sip_dialog_get_session function returns the session
with reference count increased. This was not taken into
account and was causing sessions to remain around when they
should not be.
ASTERISK-29089
Change-Id: I430fa721b0a824311a59effec6056e9ec528e3e8
Sometimes not play MOH on bridge.
ASTERISK-29081
Reported-by: Michal Hajek <michal.hajek@daktela.com>
Change-Id: I760c73e0c9be1d340303b5d1c18a00c4759e8232
ast_trace() was always emitting messages when it's level was set to -1
because it was ignoring scope_level.
Change-Id: I849c8f4f4613899c37f82be0202024e7d117e506
When a channel joins a bridge, we do topology change requests on all
existing channels to add the new participant to them. However the
announcer channel will return an error because it doesn't support
topology in the first place. Unfortunately, there doesn't seem to be a
reliable way to tell if the error is expected or not so the error is
ignored for all channels. If the request fails on a "real" channel,
that channel just won't get the new participant's video.
Change-Id: Ic95db4683f27d224c1869fe887795d6b9fdea4f0
Implemention of History-Info capable of interworking with Diversion
Header following RFC7544
ASTERISK-29027 #close
Change-Id: I2296369582d4b295c5ea1e60bec391dd1d318fa6
The recent 491 changes introduced a check to determine if the active
and pending topologies were equal and to suppress the re-invite if they
were. When a re-invite is sent for a COLP-only change, the pending
topology is NULL so that check doesn't happen and the re-invite is
correctly sent. Of course, sending the re-invite sets the pending
topology. If a 491 is received, when we resend the re-invite, the
pending topology is set and since we didn't request a change to the
topology in the first place, pending and active topologies are equal so
the topologies-equal check causes the re-invite to be erroneously
suppressed.
This change checks if the topologies are equal before we run the media
state resolver (which recreates the pending topology) so that when we
do the final topologies-equal check we know if this was a topology
change request. If it wasn't a change request, we don't suppress
the re-invite even though the topologies are equal.
ASTERISK-29014
Change-Id: Iffd7dd0500301156a566119ebde528d1a9573314
Added to:
* bridges/bridge_softmix.c
* channels/chan_pjsip.c
* include/asterisk/res_pjsip_session.h
* main/channel.c
* res/res_pjsip_session.c
There NO functional changes in this commit.
Change-Id: I06af034d1ff3ea1feb56596fd7bd6d7939dfdcc3
When both Asterisk and a UA send re-invites at the same time, both
send 491 "Transaction in progress" responses to each other and back
off a specified amount of time before retrying. When Asterisk
prepares to send its re-invite, it sets up the session's pending
media state with the new topology it wants, then sends the
re-invite. Unfortunately, when it received the re-invite from the
UA, it partially processed the media in the re-invite and reset
the pending media state before sending the 491 losing the state it
set in its own re-invite.
Asterisk also was not tracking re-invites received while an existing
re-invite was queued resulting in sending stale SDP with missing
or duplicated streams, or no re-invite at all because we erroneously
determined that a re-invite wasn't needed.
There was also an issue in bridge_softmix where we were using a stream
from the wrong topology to determine if a stream was added. This also
caused us to erroneously determine that a re-invite wasn't needed.
Regardless of how the delayed re-invite was triggered, we need to
reconcile the topology that was active at the time the delayed
request was queued, the pending topology of the queued request,
and the topology currently active on the session. To do this we
need a topology resolver AND we need to make stream named unique
so we can accurately tell what a stream has been added or removed
and if we can re-use a slot in the topology.
Summary of changes:
* bridge_softmix:
* We no longer reset the stream name to "removed" in
remove_all_original_streams(). That was causing multiple streams
to have the same name and wrecked the checks for duplicate streams.
* softmix_bridge_stream_sources_update() was checking the old_stream
to see if it had the softmix prefix and not considering the stream
as "new" if it did. If the stream in that slot has something in it
because another re-invite happened, then that slot in old might
have a softmix stream but the same stream in new might actually
be a new one. Now we check the new_stream's name instead of
the old_stream's.
* stream:
* Instead of using plain media type name ("audio", "video", etc) as
the default stream name, we now append the stream position to it
to make it unique. We need to do this so we can distinguish multiple
streams of the same type from each other.
* When we set a stream's state to REMOVED, we no longer reset its
name to "removed" or destroy its metadata. Again, we need to
do this so we can distinguish multiple streams of the same
type from each other.
* res_pjsip_session:
* Added resolve_refresh_media_states() that takes in 3 media states
and creates an up-to-date pending media state that includes the changes
that might have happened while a delayed session refresh was in the
delayed queue.
* Added is_media_state_valid() that checks the consistency of
a media state and returns a true/false value. A valid state has:
* The same number of stream entries as media session entries.
Some media session entries can be NULL however.
* No duplicate streams.
* A valid stream for each non-NULL media session.
* A stream that matches each media session's stream_num
and media type.
* Updated handle_incoming_sdp() to set the stream name to include the
stream position number in the name to make it unique.
* Updated the ast_sip_session_delayed_request structure to include both
the pending and active media states and updated the associated delay
functions to process them.
* Updated sip_session_refresh() to accept both the pending and active
media states that were in effect when the request was originally queued
and to pass them on should the request need to be delayed again.
* Updated sip_session_refresh() to call resolve_refresh_media_states()
and substitute its results for the pending state passed in.
* Updated sip_session_refresh() with additional debugging.
* Updated session_reinvite_on_rx_request() to simply return PJ_FALSE
to pjproject if a transaction is in progress. This stops us from
creating a partial pending media state that would be invalid later on.
* Updated reschedule_reinvite() to clone both the current pending and
active media states and pass them to delay_request() so the resolver
can tell what the original intention of the re-invite was.
* Added a large unit test for the resolver.
ASTERISK-29014
Change-Id: Id3440972943c611a15f652c6c569fa0e4536bfcb
Currently, it was not possible to create bridge with video_mode single.
This made hard to put the bridge in a vidoe_single mode.
So, added video_single option for Bridge creation using the ARI.
This allows create a bridge with video_mode single.
ASTERISK-29055
Change-Id: I43e720e5c83fc75fafe10fe22808ae7f055da2ae
Currently, the ps_contacts table's reg_server column in realtime database type is varchar(20).
This is fine for normal cases, but if the hostname is longer than 20, it returns error and then
failed to register the contact address of the peer.
Normally, 20 characters limitation for the hostname is fine, but with the cloud env.
So, increased the size to 255.
ASTERISK-29056
Change-Id: Iac52c8c35030303cfa551bb39f410b33bffc507d
There's a race condition with bridging where a bridge can be torn down
causing the bridge_channel's ast_channel to become NULL when it's still
needed. This particular case happened with attended transfers, but the
crash occurred when trying to publish a stasis message. Now, the
bridge_channel is locked, a ref to the ast_channel is obtained, and that
ref is passed down the chain.
Change-Id: Ic48715c0c041615d17d286790ae3e8c61bb28814
Building on ASTERISK-25854. When the device requests hold by sending SDP with attribute recvonly, asterisk places the session in sendonly mode. When the device later requests to resume the call by using a re-INVITE excluding SDP, asterisk needs to change the sendonly mode to sendrecv again.
Change-Id: I60341ce3d87f95869f3bc6dc358bd3e8286477a6
