The AST_CONFIG dialplan function defined in func_config.c allocates its
config file list entries using ast_malloc. List entry allocations
destined for use with Asterisk's linked list API must be ast_calloc()d
or otherwise initialized so that list pointers are set to NULL. These
uses of ast_malloc have been replaced by ast_calloc to prevent
dereferencing of uninitialized pointer values when traversing the list.
(closes issue ASTERISK-22483)
Reported by: Brian Scott
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400694 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch cleans up documentation in func_channel for the following items:
* rtpsource
* secure_signaling
* secure_media
(closes issue ASTERISK-20969)
Reported by: snuffy
patches:
func_chan-update.diff uploaded by snuffy (License 5024)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@394980 65c4cc65-6c06-0410-ace0-fbb531ad65f3
It is not apparent to the average user that the PASSTHRU function should not
be passed as ${PASSTHRU(string)} but just as PASSTHRU(string) to functions
which take a variable name and not its contents.
This patch clarifies the behavior in the documentation and provides an example.
(closes issue ASTERISK-21717)
Reported by: Richard Miller
patches:
func_strings.diff uploaded by Richard Miller (license 5685)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@394302 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When reading configuration data from an Asterisk .conf file or when pulling
data from an Asterisk RealTime backend, Asterisk was copying the data on the
stack for manipulation. Unfortunately, it is possible to read configuration
data or realtime data from some data source that provides a large blob of
characters. This could potentially cause a crash via a stack overflow.
This patch prevents large sets of data from being read from an ARA backend or
from an Asterisk conf file.
(issue ASTERISK-20658)
Reported by: wdoekes
Tested by: wdoekes, mmichelson
patches:
* issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674)
* issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378375 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk maintains an internal cache for devices in the event subsystem. The
device state cache holds the state of each device known to Asterisk, such that
consumers of device state information can query for the last known state for
a particular device, even if it is not part of an active call. The concept of
a device in Asterisk can include entities that do not have a physical
representation. One way that this occurred was when anonymous calls are allowed
in Asterisk. A device was automatically created and stored in the cache for
each anonymous call that occurred; this was possible in the SIP and IAX2
channel drivers and through channel drivers that utilized the
res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). These devices
are never removed from the system, allowing anonymous calls to potentially
exhaust a system's resources.
This patch changes the event cache subsystem and device state management to
no longer cache devices that are not associated with a physical entity.
(issue ASTERISK-20175)
Reported by: Russell Bryant, Leif Madsen, Joshua Colp
Tested by: kmoore
patches:
event-cachability-3.diff uploaded by jcolp (license 5000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378303 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This fixes three main issues
* Change asprintf() uses to ast_asprintf() so that it
pairs properly with ast_free() and no longer causes
MALLOC_DEBUG to freak out.
* When ast_asprintf() fails, set the pointer NULL if
it will be referenced later.
* Fix some memory leaks that were spotted while taking
care of the first two points.
(Closes issue ASTERISK-20135)
reported by Richard Mudgett
Review: https://reviewboard.asterisk.org/r/2071
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@371590 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This replaces all calls to alloca() with ast_alloca() which calls gcc's
__builtin_alloca() to avoid BSD semantics and removes all NULL checks
on memory allocated via ast_alloca() and ast_strdupa().
(closes issue ASTERISK-20125)
Review: https://reviewboard.asterisk.org/r/2032/
Patch-by: Walter Doekes (wdoekes)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@370642 65c4cc65-6c06-0410-ace0-fbb531ad65f3
While addressing a bug, I came across a instance of 'struct ast_datastore_info'
that was not declared 'const'. Since the API already expects them to be
'const', this patch changes the declarations of all existing instances
that were not already declared that way.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@370183 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The documentation for DEC in func_math.c was incorrect. Looks like a copy and
paste error.
(Closes issue ASTERISK-20095)
Reported by: Billy Chia
Tested by: Michael L. Young
Patches:
func_math.patch uploaded by Billy Chia (license 6381)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@369970 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This was discovered by trying to perform a call forward to an extension
that makes use of func_volume. When the local channel is optimized away,
the datastore on the local;2 channel would have its audiohook destroyed
rather than detaching the audiohook from the channel and then destroying
it.
With this patch, func_volume's datastore destructor takes the proper
route of detaching the audiohook and then destroying it.
(closes issue ASTERISK-19611)
reported by Volker Sauer
Patches:
ASTERISK-19611.patch uploaded by Mark Michelson (license #5049)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@368898 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Most of these were just saving returned values without using them and
in some cases the variable being saved to could be removed as well.
(issue ASTERISK-19672)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@368738 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The ability to set "echocan_mode" and "buffers" through the dialplan was added
to chan_dahdi some time ago. This patch adds some documentation to
func_channel.
(Closes issue ASTERISK-19911)
Reported by: Dale Noll
Tested by: Michael L. Young
Patches:
asterisk-19911-branch18.diff uploaded by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/1949/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@368092 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds to what was fixed in r366880. Specifically, it addresses the
following:
* chan_sip: dispose of an allocated frame in off nominal code paths in
sip_rtp_read
* func_odbc: when disposing of an allocated resultset, ensure that any rows
that were appended to that resultset are also disposed of
* cli: free the created return string buffer in another off nominal code
path
(issue ASTERISK-19665)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1922/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366944 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses a number of memory leaks in a variety of modules that were
found by a static analysis tool. A brief summary of the changes:
* app_minivm: free ast_str objects on off nominal paths
* app_page: free the ast_dial object if the requested channel technology
cannot be appended to the dialing structure
* app_queue: if a penalty rule failed to match any existing rule list
names, the created rule would not be inserted and its memory
would be leaked
* app_read: dispose of the created silence detector in the presence of
off nominal circumstances
* app_voicemail: dispose of an allocated unique ID field for MWI event
un-subscribe requests in off nominal paths; dispose of
configuration objects when using the secret.conf option
* chan_dahdi: dispose of the allocated frame produced by ast_dsp_process
* chan_iax2: properly unref peer in CLI command "iax2 unregister"
* chan_sip: dispose of the allocated frame produced by sip_rtp_read's
call of ast_dsp_process; free memory in parse unit tests
* func_dialgroup: properly deref ao2 object grhead in nominal path of
dialgroup_read
* func_odbc: free resultset in off nominal paths of odbc_read
* cli: free match_list in off nominal paths of CLI match completion
* config: free comment_buffer/list_buffer when configuration file load
is unchanged; free the same buffers any time they were
created and config files were processed
* data: free XML nodes in various places
* enum: free context buffer in off nominal paths
* features: free ast_call_feature in off nominal paths of applicationmap
config processing
* netsock2: users of ast_sockaddr_resolve pass in an ast_sockaddr struct
that is allocated by the method. Failures in
ast_sockaddr_resolve could result in the users of the method
not knowing whether or not the buffer was allocated. The
method will now not allocate the ast_sockaddr struct if it
will return failure.
* pbx: cleanup hash table traversals in off nominal paths; free
ignore pattern buffer if it already exists for the specified
context
* xmldoc: cleanup various nodes when we no longer need them
* main/editline: various cleanup of pointers not being freed before being
assigned to other memory, cleanup along off nominal paths
* menuselect/mxml: cleanup of value buffer for an attribute when that attribute
did not specify a value
* res_calendar*: responses are allocated via the various *_request method
returns and should not be allocated in the various
write_event methods; ensure attendee buffer is freed if no
data exists in the parsed node; ensure that calendar objects
are de-ref'd appropriately
* res_jabber: free buffer in off nominal path
* res_musiconhold: close the DIR* object in off nominal paths
* res_rtp_asterisk: if we run out of ports, close the rtp socket object and free
the rtp object
* res_srtp: if we fail to create the session in libsrtp, destroy the
temporary ast_srtp object
(issue ASTERISK-19665)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1922
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366880 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This resolves core findings from ASTERISK-19650 numbers 0-2, 6, 7, 9-11, 14-20,
22-24, 28, 30-32, 34-36, 42-56, 82-84, 87, 89-90, 93-102, 104, 105, 109-111,
and 115. Finding numbers 26, 33, and 29 were already resolved. Those skipped
were either extended/deprecated or in areas of code that shouldn't be
disturbed.
(Closes issue ASTERISK-19650)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366167 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Most of the changes here are trivial NULL checks. There are a couple
optimizations to remove the need to check for NULL and outboundproxy parsing
in chan_sip.c was rewritten to avoid use of strtok. Additionally, a bug was
found and fixed with the parsing of outboundproxy when "outboundproxy=," was
set.
(Closes issue ASTERISK-19654)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365398 65c4cc65-6c06-0410-ace0-fbb531ad65f3
As it turned out, this wasn't a huge deal. We were calling
ast_app_parse_options() for a set of options of which none
took arguments. The proper thing to do for this case is to
pass NULL for the "args" parameter here. We were instead passing
a seemingly-randomly chosen char * from the function. While this
would never get written to, you can rest assured things would
have gotten bad had new options (which took arguments) been added
to func_volume.
(closes issue ASTERISK-19656)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@364899 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In a variety of locations in both reading and writing a file, the result
from the C library function ftello is used as input to other functions. For
the parameters and functions in question, a negative value is invalid input.
This patch checks the return value from the ftello function to determine if
we were able to determine the current position in the file stream and, if not,
fail gracefully.
(issue ASTERISK-19655)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1863/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362355 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If the global_curl_info data structure could not be allocated, the
datastore associated with the operation would be free'd, but the function
would not return. This would later dereference the datastore, almost
certainly causing Asterisk to crash. With this patch, if the data
structure is not allocated the method will return an error code, and
not attempt any further operation.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361753 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When the SHARED function modifies a variable, it removes it from its list of
variables and reinserts the new value at the head of the list of variables.
Doing this inside a standard list traversal can be dangerous, as the
standard list traversal does not account for the list being changed. While
the code in question should not cause a use after free violation due to its
breaking out of the loop after freeing the variable, it could lead to a
maintenance issue if the loop was modified. This also fixes a violation
reported by a static analysis tool, which also makes this code easier to
maintain in the future.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361657 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change restores functionality that was present in 1.4, when AEL macros
were implemented with the Macro dialplan application. Macros are fraught with
functionality issues, because they consume a large portion of the underlying
application stack. This limits the ability of AEL users to call many layers
of subroutines, an issue which Gosub does not have (originally tested to
100,000 levels deep). Therefore, starting in 1.6.0, AEL macros were
implemented with Gosub.
However, there were some implicit behaviors of Macro, which were not replicated
at the same time as with the transition to Gosub, one of which is documented in
the related issue. In particular, the "h" extension is designed to execute not
in the Macro context, but in the topmost calling context. Due to legacy issues
with a misapplied bugfix many years ago, when a macro exited in 1.4, it looks
in all calling contexts, bubbling up from the deepest level until it finds an
"h" extension.
Since AEL hides the complexity of the underlying dialplan logic from the AEL
programmer, it's reasonable to assume that this behavior should not change in
the transition from Asterisk 1.4 LTS to Asterisk 1.8 LTS, lest we break
working AEL configurations in the transition to Asterisk 1.8 LTS. This fix
is the result, which implements a search for the "h" extension in all calling
Gosub contexts.
Fixes ASTERISK-19336
Patch: 20120308__ael_bugfix_for_trunk__2.diff (License #5003) by Tilghman Lesher
(with slight modifications for 1.8)
Tested by: Johan Wilfer
Review: https://reviewboard.asterisk.org/r/1776/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358810 65c4cc65-6c06-0410-ace0-fbb531ad65f3
CDRs cannot be modified after a bridge is torn down, (e.g. after
Dial() returns) even though the CDR() function may be called. Since
modifying the CDR code to change this behavior could very easily
break all kinds of things, this patch just documents this limitation.
(closes issues ASTERISK-16923)
Review: https://reviewboard.asterisk.org/r/1720/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@354749 65c4cc65-6c06-0410-ace0-fbb531ad65f3
For some reason this function was completely undocumented in 1.8. I copied the
10 docs over to 1.8 and removed references to an enumerator that was added in
the Asterisk 10 version of func_curl. That was the only change I noted.
(closes issue ASTERISK-19186)
Reported by: Olivier Krief
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353818 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Note: Noone calls ast_app_dtget() with the timeout parameter of zero so
the bad code normally will never get executed.
* Fix unnecessary floating point division in func_timeout.c
timeout_write() when all other values are integers.
(closes issue ASTERISK-16817)
Reported by: Dmitry Andrianov
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@352029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The time passed by the LOCK function to an internal function was relative
time when the function expected absolute time.
* Don't use C++ keywords in get_lock().
(closes issue ASTERISK-16868)
Reported by: Andrey Solovyev
Patches:
20101102__issue18207.diff.txt (license #5003) patch uploaded by Andrey Solovyev (modified)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@350311 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The ast_cdr_setcid() and ast_cdr_update() were shown in ASTERISK-18836 to
be called by different threads for the same channel. The channel driver
thread and the PBX thread running dialplan.
* Add lock protection around CDR API calls that access an ast_channel
pointer.
(closes issue ASTERISK-18836)
Reported by: gpluser
Review: https://reviewboard.asterisk.org/r/1628/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@348362 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Dummy channels created by ast_dummy_channel_alloc() should be destoyed by
ast_channel_unref(). Using ast_channel_release() needlessly grabs the
channel container lock and can cause a deadlock as a result.
* Analyzed use of ast_dummy_channel_alloc() and made use
ast_channel_unref() when done with the dummy channel. (Primary reason for
the reported deadlock.)
* Made app_dial.c:dial_exec_full() not call ast_call() holding any channel
locks. Chan_local could not perform deadlock avoidance correctly.
(Potential deadlock exposed by this issue. Secondary reason for the
reported deadlock since the held lock was part of the deadlock chain.)
* Fixed some uses of ast_dummy_channel_alloc() not checking the returned
channel pointer for failure.
* Fixed some potential chan=NULL pointer usage in func_odbc.c. Protected
by testing the bogus_chan value.
* Fixed needlessly clearing a 1024 char auto array when setting the first
char to zero is enough in manager.c:action_getvar().
(closes issue ASTERISK-18613)
Reported by: Thomas Arimont
Patches:
jira_asterisk_18613_v1.8.patch (license #5621) patch uploaded by rmudgett
Tested by: Thomas Arimont
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@337973 65c4cc65-6c06-0410-ace0-fbb531ad65f3
