When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
ASTERISK-27818
Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
The functions acf_odbc_read/cli_odbc_read ignore a number of columns
returned by the SQLNumResultCols.
If the number of columns is zero it means no data.
In this case, a SQLFetch function has to be not called,
because it will cause an error.
ASTERISK-27888 #close
Change-Id: Ie0f7bdac6c405aa5bbd38932c7b831f90729ee19
chan_pjsip wasn't registering for "BEFORE_MEDIA" responses which meant
it was not updating HANGUPCAUSE for 4XX responses. If the remote end
sent a "180 Ringing", then a "486 Busy", the hangup cause was left at
"180 Normal Clearing".
* Removed chan_pjsip_incoming_response from the original session
supplement (which was handling only "AFTER MEDIA") and added it to a
new session supplement which accepts both "BEFORE_MEDIA" and
"AFTER_MEDIA".
* Also cleaned up some cleanup code in load module.
ASTERISK-27902
Change-Id: If9b860541887aca8ac2c9f2ed51ceb0550fb007a
There was no real reason to limit the conteny type to text/plain other
than that's what it was limited to before. Now any text/* content
type will be allowed for channel drivers that don't support enhanced
messaging and any type will be allowed for channel drivers that do
support enhanced messaging.
Change-Id: I94a90cfee98b4bc8e22aa5c0b6afb7b862f979d9
ast_indicate is invoked with the bridge locked. As ast_indicate locks the
other end of the bridge as well this can lead to a deadlock in some situations.
(Especially when a different thread does the same in the reverse order).
This patch calls ast_indicate after unlocking the bridge which fixes the
deadlock. Calling ast_indicate with these parameters without locking the
bridge should be safe as this is done at different places without a
bridge lock.
ASTERISK-27094 #close
Reported-by: David Brillert
Change-Id: I5f86c1e2ce75b9929a36ab589b18c450e62ea35f
When an AMI client connects, it cannot determine if a user was talking
prior to a transition in the user speaking state (which would generate
a ConfbridgeTalking event). This patch causes app_confbridge to track the
talking state and make this state available via ConfBridgeList.
ASTERISK-27877 #close
Change-Id: I19b5284f34966c3fda94f5b99a7e40e6b89767c6
The MeetmeJoin, MeetmeLeave, MeetmeEnd, MeetmeMute, MeetmeTalking, and
MeetmeTalkRequest AMI events were documented with sending out a Usernum
header when the User header was actually output.
* Change the online documentation to match reality.
ASTERISK-27873
ASTERISK-25261
Change-Id: I437bc70618d07c183c9624b7069c2fcae7f17a39
asterisk/tcptls.h was included (explicitly, implicitly, or transitively). Those
inclusions got replaced by forward declarations. As side effect, the inclusions
got completed.
ASTERISK-27878
Change-Id: I9d102728e30336d6522e5e4ae9e964013a0835f7
Currentrly pjsip_options code does not handle the situation when the
qualify options were changed in realtime database.
Only 'module reload res_pjsip' helps.
This patch add a check on contact add/update observers if the contact
qualify options are different than local aor qualify options.
If the qualify options were modified then synchronize
the pjsip_options AOR local state.
ASTERISK-27872
Change-Id: Id55210a18e62ed5d35a88e408d5fe84a3c513c62
Additionally, this change allows auto-negotiation of the elliptic curve/group
for servers, not only with OpenSSL 1.0.2 but also with OpenSSL 1.1.0 and newer.
This enables X25519 (since OpenSSL 1.1.0) and X448 (since OpenSSL 1.1.1) as a
side-effect.
ASTERISK-27876
Change-Id: I62c2aba4a630aefc231b71f646207e8c027d9497
The OUTPUTDIR variable in ast_debug_tools.conf.sample is now set
to "/tmp" instead of "/some/directory".
Variables set on the command line or that are already in the
environment now take predecence over variables set in the config files.
ASTERISK-27846
Reported by: Ted G
Change-Id: Ie8baec52d531886bf5849ec1d59bb59dc87ad387
Certain race conditions between changing bridge types and DTMF can
cause the current FLAG_NEED_MARKER_BIT to send the marker bit before
the actual first packet of native bridging.
This logic keeps track of the ssrc the bridge is currently sending
and will correctly ensure the marker bit is set if SSRC as changed
from the previous sent packet.
ASTERISK-27845
Change-Id: I01858bd0235f1e5e629e20de71b422b16f55759b
Currentrly pjsip_options code does not handle the situation when the
AOR qualify options were changed.
Also there is no way to find out what qualify options are using.
This patch add CLI commands to show and synchronize Aor qualify options:
pjsip show qualify endpoint <id>
Show the current qualify options for all Aors on the PJSIP endpoint.
pjsip show qualify aor <id>
Show the PJSIP Aor current qualify options.
pjsip reload qualify endpoint <id>
Synchronize the qualify options for all Aors on the PJSIP endpoint.
pjsip reload qualify aor <id>
Synchronize the PJSIP Aor qualify options.
ASTERISK-27872
Change-Id: I1746d10ef2b7954f2293f2e606cdd7428068c38c
__ast_channel_alloc_ap() had a failure exit path that hadn't setup the fd
descriptors to -1 yet. The destructor would then attempt to close these
fd's that had never been opened.
Change-Id: Icf21093f36c60781e8cf6ee9d586536302af33e3
The config engine destroy_func callback function returns the number of
rows deleted or -1 on error. But the function
ast_destroy_realtime_fields treated non-zero return values as error.
ASTERISK-27863
Change-Id: Ied02b38e8196cb03043e609a0679feebd288d17b
Correct the log warning message shown when ODBC voicemail
retrieve_file is called and there is a null value in the category
column.
A more meaningfull message is now written at debug level.
ASTERISK-27853
Change-Id: Ic36e97d5eb070a23a12ba45972f6b53e2182a3f4
Add support to handle caller-ID names ("cnam") in addition to caller-ID
numbers. The prior code ignored the caller-ID name altogether, and
used the local name for the cell phone (e.g. "my-iphone") in its place.
Note: as of this writing, at least some Android phones don't pass cnam to
us. This can be seen by issuing "core set debug 2" in the CLI and watching
the "CLIP" record when a call comes in. If cnam isn't in the CLIP record,
there's nothing we can do to provide one. We'll provide a null cnam field,
so later Asterisk processes know to try other sources (e.g. cidname database,
OpenCNAM, etc.).
Reported by: Brian Martin
Tested by: Brian Martin
ASTERISK-27726
Change-Id: I89490d85fa406c36261879c50ae5e65595538ba5
Asterisk uses Reference Counting to track whether a module can be unloaded.
Every consumer who requires a module, increases the reference count. When the
consumer goes, is unloaded itself, it has to decrease the reference count on
all its used/required modules. That way
core stop gracefully
works on the command-line interface (CLI): One module after the other is
unloaded. A recent change broke this for the module res_pjsip.
ASTERISK-27861
Change-Id: I261abcb411d026bbb0691cc78f28300bfd3103a3
The module (res_)pjsip_transport_management got moved into res_pjsip. It is no
longer an independent/external module with (un)load_module and therefore has to
register just internally with res_pjsip.
ASTERISK-27860
Change-Id: Icd0413be7d2e98b92f51e6d6c353f2570bb4be95
