The pool cache gets in the way of finding use after free errors of memory
pool contents. Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.
* Added the "cache_pools" option to pjproject.conf. Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the pool
contents are used after free and who freed it.
To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.
Sample pjproject.conf setting:
[startup]
cache_pools=no
* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.
ASTERISK-27704
Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828
The transferrer's session channel was destroyed by the transferrer's
serializer thread in a race condition with the transfer target's
serializer thread during an attended transfer. The transfer target's
serializer was attempting to clean up a deferred end status on behalf of
the transferrer's channel when it should have passed the action to the
transferrer's serializer. When the transfer target's serializer lost the
race then both threads wind up trying to end the transferrer's session.
* Push the ast_sip_session_end_if_deferred() call onto the transferrer's
serializer to avoid a race condition that results in a crash. The
session_end() function that could be called by
ast_sip_session_end_if_deferred() really must be executed by the
transferrer's serializer to avoid this kind of crash.
ASTERISK-27568
Change-Id: Iacda724e7cb24d7520e49b2fd7e504aa398d7238
Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed. This way the features will always
be available if res_pjsip is loaded.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d
pjsip_distributor:
authenticate() creates a tdata and uses it to send a challenge or
failure response. When pjsip_endpt_send_response2() succeeds, it
automatically decrements the tdata ref count but when it fails, it
doesn't. Since we weren't checking for a return status, we weren't
decrementing the count ourselves on error and were therefore leaking
tdatas.
res_pjsip_session:
session_reinvite_on_rx_request wasn't decrementing the ref count
if an error happened while sending a 491 response.
pre_session_setup wasn't decrementing the ref count if
while sending an error after a pjsip_inv_verify_request failure.
res_pjsip:
ast_sip_send_response wasn't decrementing the ref count on error.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: Iab33a6c7b6fba96148ed465b690ba8534ac961bf
When receiving a SUBSCRIBE request the Accept headers from it are
stored locally. This operation has a fixed limit of 32 Accept headers
but this limit was not enforced. As a result it was possible for
memory outside of the allocated space to get written to resulting
in a crash.
This change enforces the limit so only 32 Accept headers are
processed.
ASTERISK-27640
Reported By: Sandro Gauci
Change-Id: I99a814b10b554b13a6021ccf41111e5bc95e7301
If the ICE role is not set right away, we might have a role conflict
that stays undetected and ICE finishing with successful tests and no
candidate nominated. This was introduced by ASTERISK-27088.
To avoid this, we set the role as soon as before but only if the ICE
state permits it: still checking and not yet nominating candidates or
completed.
ASTERISK-27646
Change-Id: I5dbc69ad63cacbb067922850fbb113d479bd729c
* Prefer strcasecmp() over stricmp()
* Use a list with no lock since we never actually lock
* Minor cleanups to error messages
Change-Id: I8446f44795ee8f3072e1c1f9193c6912dfc0c42b
There is a dedicated slot in the pjsip_sip_uri for the 'user'
parameter, so use that instead of adding to the list of generic URI
parameters.
Change-Id: I0a0ce8a60ecee27489735bf56fd707719d8c2ed6
res_pjsip_endpoint_identifier_user.c:
* Fix copy/paste error in find_endpoint(). We were using a constant
"anonymous" string instead of the passed in endpoint_name when checking
the transport domain for an endpoint match.
* Eliminate RAII_VAR in find_endpoint().
* Remove always true check in find_transport_state_in_use().
* Remove useless CMD_STOP in find_transport_state_in_use().
res_pjsip_endpoint_identifier_anonymous.c:
* Eliminate RAII_VAR in anonymous_identify().
* Remove always true check in find_transport_state_in_use().
* Remove useless CMD_STOP in find_transport_state_in_use().
Change-Id: I86924c31db5bd225ca0c1219c761b668c6f91189
In an earlier release, inbound registrations on a reliable transport
were pruned on Asterisk restart since the TCP connection would have
been torn down and become unusable when Asterisk stopped. This same
process is now also applied to inbound subscriptions.
Also fixed issues in res_pjsip_registrar where it wasn't handling the
monitoring correctly when multiple registrations came in over the same
transport.
To accomplish this, the pjsip_transport_event feature needed to
be refactored to allow multiple monitors (multiple subcriptions or
registrations from the same endpoint) to exist on the same transport.
Since this changed the API, any external modules that may have used the
transport monitor feature (highly unlikey) will need to be changed.
ASTERISK-27612
Reported by: Ross Beer
Change-Id: Iee87cf4eb9b7b2b93d5739a72af52d6ca8fbbe36
The functionality of this module was already moved to
res_pjsip_registrar, mark it deprecated and add message to CHANGES.
Change-Id: I90c7d52c7e15e85fde3389d5eaccb05b97848813
pjproject does not have a function to reverse pjsip_inv_usage_init.
This means we need to ignore any calls to the functions once shutdown is
final.
ASTERISK-27571 #close
Change-Id: Ia550fcba563e2328f03162d79fb185f16b7c9b9d
We did this for TCP transports already but I'm not sure why we
didn't do it for TLS transports.
ASTERISK_27474 #not_final_fix
Change-Id: I5b1ef4b882f7b859e718236686b7898751dbb262
If any component of ast_config_AST_RECORDING_DIR is a symbolic link we
would incorrectly assume the ARI user was trying to escape the recording
path. Create additional check to check the recording directory's
realpath, only deny access if both do not match.
This is needed by the testsuite when run by 'run-local'.
Change-Id: I9145e841865edadcb5f75cead3471ad06bbb56c0
The type=identify endpoint identification method can match by IP address
and by SIP header. However, the SIP header matching has limited
usefulness because you cannot specify the SIP header matching priority
relative to the IP address matching. All the matching happens at the same
priority and the order of evaluating the identify sections is
indeterminate. e.g., If you had two type=identify sections where one
matches by IP address for endpoint alice and the other matches by SIP
header for endpoint bob then you couldn't predict which endpoint is
matched when a request comes in that matches both.
* Extract the SIP header matching criteria into its own "header" endpoint
identification method so the user can specify the relative priority of the
SIP header and the IP address matching criteria in the global
endpoint_identifier_order option. The "ip" endpoint identification method
now only matches by IP address.
ASTERISK-27491
Change-Id: I9df142a575b7e1e3471b7cda5d3ea156cef08095
