There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
........
Merged revisions 425986 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@426053 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If faxing fails at a very early stage, then it is possible for
us to pass a NULL t30 state pointer to spandsp, which spandsp
is none too pleased with.
This patch ensures that we pass the correct pointer to spandsp
in the situation where we have not yet set our local t30 state
pointer.
ASTERISK-24301 #close
Reported by Matt Jordan
Patches:
ASTERISK-24301-fax.diff Uploaded by Mark Michelson (License #5049)
........
Merged revisions 423360 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@423426 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This disables building by default for all extended modules for
Certified Asterisk 11.6. This commit was missed from 11.2-cert when
creating the 11.6-cert branch.
ASTERISK-24104 #close
Reported by: Rusty Newton
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@421209 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r402345 | kmoore | 2013-11-01 05:31:49 -0700 (Fri, 01 Nov 2013) | 11 lines
chan_sip: Fix RTCP port for SRFLX ICE candidates
This corrects one-way audio between Asterisk and Chrome/jssip as a
result of Asterisk inserting the incorrect RTCP port into RTCP SRFLX
ICE candidates. This also exposes an ICE component enumeration to
extract further details from candidates.
(closes issue ASTERISK-21383)
Reported by: Shaun Clark
Review: https://reviewboard.asterisk.org/r/2967/
........
r405234 | kharwell | 2014-01-09 08:49:55 -0800 (Thu, 09 Jan 2014) | 19 lines
res_rtp_asterisk: Fails to resume WebRTC call from hold
In ast_rtp_ice_start if the ice session create check list failed, start check
was never initiated and ice_started was never set to true. Upon re-entering
the function (for instance, [un]hold) it would try to create the check list
again with duplicate remote candidates.
Fixed so that if the create check list fails the necessary data structures
are properly re-initialized for any subsequent retries.
Note, it was decided to not stop ice support (by calling ast_rtp_ice_stop) on a
check list failure because it possible things might still work. However, a
debug message was added to help with any future troubleshooting.
(closes issue ASTERISK-22911)
Reported by: Vytis Valentinavičius
Patches:
works_on_my_machine.patch uploaded by xytis (license 6558)
........
r409129 | jrose | 2014-02-27 11:19:02 -0800 (Thu, 27 Feb 2014) | 15 lines
res_rtp_asterisk: Fix checklist creating problems in ICE sessions
Prior to this patch, local candidate lists including SRFLX would fail to start
properly when building ICE candidate check lists. This patch fixes that problem
by making sure that each SRFLX candidate is associated with the proper
base address so that the check list can create matches properly.
This patch was written by jcolp. The issue will be left open to await testing
by the issue participants.
(issue ASTERISK-23213)
Reported by: Andrea Suisani
Review: https://reviewboard.asterisk.org/r/3256/
........
r409130 | jrose | 2014-02-27 11:38:10 -0800 (Thu, 27 Feb 2014) | 8 lines
res_rtp_asterisk: correct build error from r409129
Accidentally placed a declaration below functional code
(issue ASTERISK-23213)
Reported by: Andrea Suisani
Review: https://reviewboard.asterisk.org/r/3256/
........
r409565 | jrose | 2014-03-04 08:40:39 -0800 (Tue, 04 Mar 2014) | 9 lines
res_rtp_asterisk: Fix one way audio problems with hold/unhold when using ICE
ICE sessions will now be restarted if sessions are changed to use new sets of
remote candidates.
(closes issue ASTERISK-22911)
Reported by: Vytis Valentinavičius
Review: https://reviewboard.asterisk.org/r/3275/
........
r413008 | mjordan | 2014-04-25 10:47:21 -0700 (Fri, 25 Apr 2014) | 14 lines
res_rtp_asterisk: Add support for DTLS handshake retransmissions
On congested networks, it is possible for the DTLS handshake messages to get
lost. This patch adds a timer to res_rtp_asterisk that will periodically
check to see if the handshake has succeeded. If not, it will retransmit the
DTLS handshake.
Review: https://reviewboard.asterisk.org/r/3337
ASTERISK-23649 #close
Reported by: Nitesh Bansal
patches:
dtls_retransmission.patch uploaded by Nitesh Bansal (License 6418)
........
r417141 | file | 2014-06-23 11:49:14 -0700 (Mon, 23 Jun 2014) | 5 lines
res_rtp_asterisk: Return the length of data written when sending via ICE instead of 0.
ASTERISK-23834 #close
Reported by: Richard Kenner
........
r417677 | file | 2014-06-30 12:42:18 -0700 (Mon, 30 Jun 2014) | 12 lines
res_rtp_asterisk: Add SHA-256 support for DTLS and perform DTLS negotiation on RTCP.
This change fixes up DTLS support in res_rtp_asterisk so it can accept and provide
a SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after ICE negotiation
completes. Configuration options to chan_sip have also been added to allow behavior
to be tweaked (such as forcing the AVP type media transports in SDP).
ASTERISK-22961 #close
Reported by: Jay Jideliov
Review: https://reviewboard.asterisk.org/r/3679/
........
Merged revisions 402345,405234,409129-409130,409565,413008,417141,417677 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@417724 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Simply establishing a TCP connection and never sending anything to the
configured HTTP port in http.conf will tie up a HTTP connection. Since
there is a maximum number of open HTTP sessions allowed at a time you can
block legitimate connections.
A similar problem exists if a HTTP request is started but never finished.
* Added http.conf session_inactivity timer option to close HTTP
connections that aren't doing anything. Defaults to 30000 ms.
* Removed the undocumented manager.conf block-sockets option. It
interferes with TCP/TLS inactivity timeouts.
* AMI and SIP TLS connections now have better authentication timeout
protection. Though I didn't remove the bizzare TLS timeout polling code
from chan_sip.
* chan_sip can now handle SSL certificate renegotiations in the middle of
a session. It couldn't do that before because the socket was non-blocking
and the SSL calls were not restarted as documented by the OpenSSL
documentation.
* Fixed an off nominal leak of the ssl struct in
handle_tcptls_connection() if the FILE stream failed to open and the SSL
certificate negotiations failed.
The patch creates a custom FILE stream handler to give the created FILE
streams inactivity timeout and timeout after a specific moment in time
capability. This approach eliminates the need for code using the FILE
stream to be redesigned to deal with the timeouts.
This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of
the SSL_read/SSL_write operations.
ASTERISK-23673 #close
Reported by: Richard Mudgett
........
Merged revisions 415841 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 415854 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@415977 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r396884 | jbigelow | 2013-08-16 17:45:10 -0500 (Fri, 16 Aug 2013) | 8 lines
Add test suite events to indicate when a feature is detected or not
These are needed by the bridge test suite tests for them to be able to run
against Asterisk 11.
Review: https://reviewboard.asterisk.org/r/2751/
........
r400075 | mjordan | 2013-09-28 16:59:12 -0500 (Sat, 28 Sep 2013) | 16 lines
Add check for openSUSE when detecting bfd library
In ASTERISK-17842, some additional library checks were added to the configure
script so that the bfd library could be found on CentOS and Fedora systems.
As it turns out, openSUSE requires an additional library. This patch adds
another check to the configure script for openSUSE that will add that library.
Review: https://reviewboard.asterisk.org/r/2885/
(closes issue AST-1169)
Reported by: Guenther Kelleter
........
Merged revisions 400073 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
r400093 | mjordan | 2013-09-28 17:21:37 -0500 (Sat, 28 Sep 2013) | 23 lines
res_rtp_asterisk: Correct erroneous lost packet information in RTCP reports
RTCP's calculation of the number of lost packets in an RTP stream is based on
that stream's sequence number count, the number of received packets, and how
many packets we expect to receive. When the SSRC for an RTP stream changes,
there can - and almost always will be - a large jump in the next packet's
timestamp and sequence number. If we don't reset the number of received
packets, sequence number count, and other metrics used by RTCP, the next RR/SR
report will use the previous SSRC's values to calculate the lost packet count
for the new SSRC - resulting in a very large number of lost packets.
This patch modifies res_rtp_asterisk such that, if it detects a SSRC change, it
will reset the various values used by the RTCP calculations. From the
perspective of RTCP, this appears as a new media stream - which is what it is.
Review: https://reviewboard.asterisk.org/r/2886/
(closes issue AST-1174)
Reported by: Thomas Arimont
........
Merged revisions 400089 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
r401446 | mjordan | 2013-10-22 17:42:24 -0500 (Tue, 22 Oct 2013) | 15 lines
res_rtp_asterisk: Fix crash when RTCP is not available during SSRC change
In r400089, a patch was put in to correct erroneous RTCP statistic resets.
Unfortunately, ast_rtp_read can be called on an RTP instance that does not
have RTCP information. This patch prevents that crash by only resetting
the statistics if we do actually have an RTCP instance.
(issue AST-1174)
(closes issue ASTERISK-22667)
Reported by: John Bigelow
........
Merged revisions 401445 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
r401960 | sgriepentrog | 2013-10-25 15:44:40 -0500 (Fri, 25 Oct 2013) | 15 lines
pbx.c: fix confused match caller id that deleted exten still in hash
This fixes a bug where a zero length callerid match adjacent to a no
match callerid extension entry would be deleted together, which then
resulted in hashtable references to free'd memory. A third state of
the matchcid value has been added to indicate match to any extension
which allows enforcing comparison of matchcid on/off without errors.
(closes issue AST-1235)
Reported by: Guenther Kelleter
Review: https://reviewboard.asterisk.org/r/2930/
........
Merged revisions 401959 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 396884,400075,400093,401446,401960 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@402382 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Sometimes the Google Voice servers have a bad habit of sending out 1
byte replies to the xmpp resource. When a blank 1 byte reply is
received from the socket the buffer attempts to wait (endlessly) for
the rest of the reply from google which effectively blocks the socket
and google voice calls will no longer come into the server.
This patch allows the xmpp module to correctly detect empty packets and
send out ping replies to google. It also sets a socket timeout on the
default socket which prevents the xmpp socket from closing and
preventing future google voice calls from coming into the server.
Furthermore instead of sending an empty reply back to google we send a
proper xmpp ping reply back. This also adds several more
socket messages.
(closes issue ASTERISK-22347)
Reported by: Andrew Nagy
Review: https://reviewboard.asterisk.org/r/2771
Patches:
xmpp_fix_1.diff uploaded by Andrew Nagy (License #6524)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@398618 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The mailbox and context are swapped on the receiving end for all users
of Jabber and XMPP distributed MWI in Asterisk 1.8 and all more recent
versions. This swaps those values to be correct when publishing to the
internal event system from Jabber/XMPP distributed MWI state.
(closes issue ASTERISK-22435)
Reported by: abelbeck
Tested by: Michael Keuter
Patches:
asterisk-1.8-res_jabber-aji_handle_pubsub_event.patch uploaded by abelbeck
asterisk-11-res_xmpp-xmpp_pubsub_handle_event.patch uploaded by abelbeck
........
Merged revisions 398523 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@398558 65c4cc65-6c06-0410-ace0-fbb531ad65f3
ast_xmldoc_printable returns an allocated block that must be freed by the
caller. Fixed manager.c and res_agi.c to stop leaking these results.
(closes issue ASTERISK-22395)
Reported by: Corey Farrell
Patches:
manager-leaks-11.patch uploaded by coreyfarrell (license 5909)
res_agi-xmldoc-leaks.patch uploaded by coreyfarrell (license 5909)
........
Merged revisions 398060 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@398061 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If there is an error streaming an audio file, the current return status makes it
difficult for an AGI script to determine that there was an error with the audio
file.
This patches changes the result to return -1 and the function returns
RESULT_FAILURE instead of RESULT_SUCCESS. From looking at other parts of
res_agi, this would appear to be the proper way to handle an error.
(closes issue ASTERISK-21903)
Reported by: Ariel Wainer
Tested by: Ariel Wainer
Patches:
asterisk-21903-return-stream-res_1.8.diff
by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/2625/
........
Merged revisions 394640 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@394641 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch fixes the following memory leaks:
* http.c: The structure containing the addresses to bind to was not being
deallocated when no longer used
* named_acl.c: The global configuration information was not disposed of
* config_options.c: An invalid read was occurring for certain option types.
* res_calendar.c: The loaded calendars on module unload were not being
properly disposed of.
* chan_motif.c: The format capabilities needed to be disposed of on module
unload. In addition, this now specifies the default options for the
maxpayloads and maxicecandidates in such a way that it doesn't cause the
invalid read in config_options.c to occur.
(issue ASTERISK-21906)
Reported by: John Hardin
patches:
http.patch uploaded by jhardin (license 6512)
named_acl.patch uploaded by jhardin (license 6512)
config_options.patch uploaded by jhardin (license 6512)
res_calendar.patch uploaded by jhardin (license 6512)
chan_motif.patch uploaded by jhardin (license 6512)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@392810 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The WebSocket code would allocate, on the stack, a string large enough
to hold a key provided by the client, and the WEBSOCKET_GUID. If the key
is NULL, this causes a segfault. If the key is too large, it could
overflow the stack.
This patch checks the key for NULL and checks the length of the key to
avoid stack smashing nastiness.
(closes issue ASTERISK-21825)
Reported by: Alfred Farrugia
Tested by: Alfred Farrugia, David M. Lee
Patches:
issueA21825_check_if_key_is_sent.patch uploaded by Walter Doekes (license 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@391560 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When we send out a CN packet (for instance, in the case of using rtpkeepalives),
we are not setting the payload code properly. Also, we are setting the marker
bit when we shouldn't be according to RFC 3389, section 4.
AST_RTP_CN is not defined by AST_FORMAT codes. Therefore, we should be using
ast_rtp_codecs_payload_code() rather than ast_rtp_codecs_payload_lookup().
11 and trunk already use the appropriate function.
* In 1.8, use ast_rtp_codecs_payload_code()
* Remove the setting of the marker bit
* Fix the debug message by incrementing the seqno after the debug message is set
in order to display the correct seqno that was sent out
(closes issue ASTERISK-21246)
Reported by: Peter Katzmann
Tested by: Peter Katzmann, Michael L. Young
Patches:
asterisk-21246-rtp-cng-payload-error_1.8_v2.diff
uploaded by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/2500/
........
Merged revisions 388111 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@388112 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In certain situations, when the RTP engine goes to send a DTMF end digit
it may be in a situation where the remote address is no longer available,
or the digit that was supposed to be sent is invalid. In such cases, we
need to clear the RTP counters appropriately. Otherwise, when the RTP
source is set again, we'll continue to think that we're in the middle of
sending a DTMF digit, which can confuse the remote party (signficantly).
(closes issue ASTERISK-21522)
Reported by: Corey Farrell
patches:
rtp_dtmf_process_end.patch uploaded by Corey Farrell (License 5909)
........
Merged revisions 387213 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@387216 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There were several reports of deadlock when using
res_timing_pthread. Backtraces indicated that one thread was blocked
waiting for the write to the pipe to complete and this thread held
the container lock for the timers. Therefore any thread that wanted
to create a new timer or read an existing timer would block waiting
for either the timer lock or the container lock and deadlock ensued.
This patch changes the way the pipe is used to eliminate this source
of deadlocks:
1) The pipe is placed in non-blocking mode so that it would never
block even if the following changes someone fail...
2) Instead of writing bytes into the pipe for each "tick" that's
fired the pipe now has two states--signaled and unsignaled. If
signaled, the pipe is hot and any pollers of the read side
filedescriptor will be woken up. If unsigned the pipe is idle. This
eliminates even the chance of filling up the pipe and reduces the
potential overhead of calling unnecessary writes.
3) Since we're tracking the signaled / unsignaled state, we can
eliminate the exta poll system call for every firing because we know
that there is data to be read.
(closes issue ASTERISK-21389)
Reported by: Matt Jordan
Tested by: Shaun Ruffell, Matt Jordan, Tony Lewis
patches:
0001-res_timing_pthread-Reduce-probability-of-deadlocking.patch uploaded by sruffell (License 5417)
(closes issue ASTERISK-19754)
Reported by: Nikola Ciprich
(closes issue ASTERISK-20577)
Reported by: Kien Kennedy
(closes issue ASTERISK-17436)
Reported by: Henry Fernandes
(closes issue ASTERISK-17467)
Reported by: isrl
(closes issue ASTERISK-17458)
Reported by: isrl
Review: https://reviewboard.asterisk.org/r/2441/
........
Merged revisions 386109 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@386159 65c4cc65-6c06-0410-ace0-fbb531ad65f3
res_xmpp was not adding AST_EVENT_IE_CACHABLE to the event as each message came in,
then devstate_change_collector_cb() was unable to find AST_EVENT_IE_CACHABLE in the event,
so defaulted incorrectly to AST_DEVSTATE_NOT_CACHABLE.
(issue ASTERISK-20175)
(closes issue ASTERISK-21429)
(closes issue ASTERISK-21069)
(closes issue ASTERISK-21164)
Reported by: alecdavis
Tested by: alecdavis
alecdavis (license 585)
Review https://reviewboard.asterisk.org/r/2452/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@385938 65c4cc65-6c06-0410-ace0-fbb531ad65f3
res_jabber/res_xmpp were not adding AST_EVENT_IE_CACHABLE to the event as each message came in,
then devstate_change_collector_cb() was unable to find AST_EVENT_IE_CACHABLE in the event,
so defaulted incorrectly to AST_DEVSTATE_NOT_CACHABLE.
(issue ASTERISK-20175)
(closes issue ASTERISK-21429)
(closes issue ASTERISK-21069)
(closes issue ASTERISK-21164)
Reported by: alecdavis
Tested by: alecdavis
alecdavis (license 585)
Review https://reviewboard.asterisk.org/r/2452/
........
Merged revisions 385916 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@385917 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch calculates the timestamp for outbound RTP when we don't have timing
information. This uses the same approach in res_rtp_asterisk. Thanks to both
Pietro and Tzafrir for providing patches.
(closes issue ASTERISK-19883)
Reported by: Giacomo Trovato
Tested by: Pietro Bertera, Tzafrir Cohen
patches:
rtp-timestamp-1.8.patch uploaded by tzafrir (License 5035)
rtp-timestamp.patch uploaded by pbertera (License 5943)
........
Merged revisions 385636 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@385637 65c4cc65-6c06-0410-ace0-fbb531ad65f3
pjproject is what actually requires libuuid.
(closes issue ASTERISK-21125)
reported by Private Name
(Ed. note: Really? Private Name? I am rolling my eyes so hard right now.)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@385356 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When MALLOC_DEBUG is enabled with res_config_ldap, issues (munmap_chunk:
invalid pointer errors) can occur as the memory is being allocated with
Asterisk's wrappers around malloc/calloc/free/strdup, as opposed to the
LDAP library's wrappers.
This patch uses the LDAP library's wrappers where appropriate, so that
compiling with MALLOC_DEBUG doesn't cause more problems than it solves.
Note that the patch listed below was modified slightly for this commit
to account for some additional memory allocation/deallocations.
(closes issue ASTERISK-17386)
Reported by: John Covert
Tested by: Andrew Latham
patches:
issue18789-1.8-r316873.patch uploaded by seanbright (License 5060)
........
Merged revisions 385190 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@385199 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When res_rtp_asterisk.c was altered to avoid attempting to apply
unprotect algorithms to non-audio RTP packets, the test used was
incorrect. This caused the audio packets to not be decrypted and
resulted in loud white noise on the other endpoint (or both endpoints
depending on the call legs involved). The test now properly checks the
version field in the RTP header to ensure that RTP and RTCP are
decrypted while other types of packets are not.
(closes issue ASTERISK-21323)
Reported by: andrea
Tested by: Kinsey Moore, andrea, John Bigelow
Patches:
whitenoise_fix.diff uploaded by Kinsey Moore
........
Merged revisions 384048 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@384049 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The format attribute resource for H.264 video performs an unsafe read against a
media attribute when parsing the SDP. The value passed in with the format
attribute is not checked for its length when parsed into a fixed length buffer.
This patch resolves the vulnerability by only reading as many characters from
the SDP value as will fit into the buffer.
(closes issue ASTERISK-20901)
Reported by: Ulf Harnhammar
patches:
h264_overflow_security_patch.diff uploaded by jrose (License 6182)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@383973 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Often, Asterisk may realize that a change in the source of an RTP stream is
about to occur and ask that the RTP engine reset it's lock on the current RTP
source. In certain scenarios, it may take awhile for the new remote system to
send RTP packets, while the old remote system may continue providing RTP during
that time period. This causes Asterisk to re-lock onto the old source, thereby
rejecting the new source when the old source stops sending RTP and the new
source begins.
This patch prevents that by having a constant secondary, 'secret' probation
mode enabled when an RTP source has been chosen. RTP packets from other sources
are always considered, but never chosen unless the current RTP source stops
sending RTP.
Review: https://reviewboard.asterisk.org/r/2364
(closes issue AST-1124)
Reported by: John Bigelow
Tested by: John Bigelow
(closes issue AST-1125)
Reported by: John Bigelow
Tested by: John Bigelow
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@382573 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If the end result of the ICE negotiation resulted in the path for media
changing it was possible for the strictrtp code to discard the RTP packets.
This change causes strictrtp to enter learning mode once again when the
ICE negotiation has completed successfully.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@382296 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When IPv6 support was added to FastAGI, the intent was to have the ability to
check all addresses resolved for a host since we might receive an IPv4 address
and an IPv6 address. The problem with the current code, is that, since we are
doing O_NONBLOCK, we get EINPROGRESS when calling ast_connect() but are ignoring
this instead of handling it. We break out of the loop and continue on. When we
later call ast_poll(), it succeeds but we never check if we have a connection or
not on the socket level. We then attempt to send data to the host address that
we think is setup and it fails. We then check the errno and see that we have
"connection refused" and then return with agi failed.
This patch does the following:
* Handles EINPROGRESS by creating the function handle_connection()
- ast_poll() was moved into this function
- This function checks the results of the connection on the socket level after
calling ast_poll()
* Continues to the next address if the above fails to create a connection
* Once all addresses resolved are tried and we still are unable to establish a
connection, then we return that the FastAGI call failed
(closes issue ASTERISK-21065)
Reported by: Jeremy Kister
Tested by: Jeremy Kister, Michael L. Young
Patches:
asterisk-21065_poll_correctly_v4.diff Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/2330/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@381893 65c4cc65-6c06-0410-ace0-fbb531ad65f3
An error existed in res_xmpp where it would attempt to delete attributes from
a node that itself was also deleted. Per the iksemel documentation, attributes
added using iks_insert are copied to the parent node's stack, and will be
reclaimed when that node is itself destroyed.
(closes issue ASTERISK-20982)
Reported by: marcelloceschia
patches:
delete-node-fix.diff uploaded by marcelloceschia (License 6036)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@381159 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Also adds proper dependency checking, and direct .a file targets. We don't
take advantage of this currently, but we will soon.
(issue ASTERISK-20815)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@380673 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The ICalendar module had a systemic memory leak on each fetch of data from
the ICalendar source. The previous fetched data was not being properly
disposed. This patch makes it so that before each fetch of data, we dispose
of the previously fetched data.
(closes issue ASTERISK-21012)
Reported by: Joel Vandal
Tested by: Joel Vandal
........
Merged revisions 380451 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@380452 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch fixes the problem, but the issue includes a test which is still
being considered for the automated test suite.
(issue ASTERISK-20919)
Reported by: NITESH BANSAL
Patches:
patch_ast_fax_spandsp.patch uploaded by NITESH BANSAL (license 6418)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@379949 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Again, since res_jabber/res_xmpp have duplicate APIs, their documentation ref
links have to specify which reference they're referring to. The various
documentation parsers can interpret the module attribute however they want
in order to construct the appropriate links.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@379228 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Since res_jabber/res_xmpp provide the same APIs (app/func/manager/etc.),
the XML documentation for each needs to call out which module is providing
the documentation. The module attribute has been added to the various XML
fragments for this purpose.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@379209 65c4cc65-6c06-0410-ace0-fbb531ad65f3
