Echo()'s description states that it echoes audio, video, and DTMF except for #
while it actually echoes any frame that it receives other than DTMF #. This
was causing frame storms in the test suite in some circumstances where Echo()
was attached to both ends of a pair of local channels and control frames
were being periodically generated. Echo()'s behavior and description have
been modifed so that it only echoes media and non-# DTMF frames.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360033 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fix AMI module reload deadlock regression from ASTERISK-18479 when it
tried to fix the race between calling an AMI action callback and
unregistering that action. Refixes ASTERISK-13784 broken by
ASTERISK-17785 change.
Locking the ao2 object guaranteed that there were no active callbacks that
mattered when ast_manager_unregister() was called. Unfortunately, this
causes the deadlock situation. The patch stops locking the ao2 object to
allow multiple threads to invoke the callback re-entrantly. There is no
way to guarantee a module unload will not crash because of an active
callback. The code attempts to minimize the chance with the registered
flag and the maximum 5 second delay before ast_manager_unregister()
returns.
The trunk version of the patch changes the API to fix the race condition
correctly to prevent the module code from unloading from memory while an
action callback is active.
* Don't hold the lock while calling the AMI action callback.
(closes issue ASTERISK-19487)
Reported by: Philippe Lindheimer
Review: https://reviewboard.asterisk.org/r/1818/
Review: https://reviewboard.asterisk.org/r/1820/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359979 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses a bug with chanspy on local channels which roughly 50% of the time
would create a situation where chanspy can latch onto a zombie channel, keeping the zombie
alive forever and causing the channel doing the spying to never be able to hang up.
(closes issue ASTERISK-19493)
Reported by: lvl
Review: https://reviewboard.asterisk.org/r/1819/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359892 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There exists a remotely exploitable stack buffer overflow in HTTP digest
authentication handling in Asterisk. The particular method in question
is only utilized by HTTP AMI. When parsing the digest information, the
length of the string is not checked when it is copied into temporary buffers
allocated on the stack.
This patch fixes this behavior by parsing out pre-defined key/value pairs
and avoiding unnecessary copies to the stack.
(closes issue ASTERISK-19542)
Reported by: Russell Bryant
Tested by: Matt Jordan
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359706 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Milliwatt is vulnerable to a remotely exploitable stack overrun when using
the 'o' option. This occurs due to the milliwatt_generate function not
accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of
samples it can put in the output buffer.
This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET
when determining the maximum number of samples allowed. Note that at no
point is remote code execution possible. The data that is written into the
buffer is the pre-defined Milliwatt data, and not custom data.
(closes issue ASTERISK-19541)
Reported by: Russell Bryant
Tested by: Matt Jordan
Patches:
milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)
Note that this patch was written by Russell, even though Matt uploaded it
........
Merged revisions 359645 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359656 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The connected line interception macros do not get executed when the
outgoing channel is initially created and that channel's caller-id is
implicitly imported into the incoming channel's connected line data. If
you are using the interception macros, you would expect that they get run
for every change to a channel's connected line information outside of
normal dialplan execution.
Review: https://reviewboard.asterisk.org/r/1817/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359609 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Initialize a struct sockaddr_in in try_transfer() so that the code isn't
(potentially) trying to read from it while uninitialized.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359558 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Ensure that status is set before it is used by resetting it during each loop
iteration. This could have resulted in incorrect results from this app.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359486 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Scan results indicated that this array could be used uninitialized. At a quick
look, it looks correct. In any case, initializing it is a Good Thing (tm).
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359457 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch ensures that the struct defined by AST_DECLARE_APP_ARGS() is always
fully initialized. I'm not sure if this fixes any real bugs, but it silences
a bunch of warnings from coverity, and is generally a good thing to do anyway.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359452 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Calling ast_indicate()/ast_indicate_data() with the channel lock held can
result in a deadlock with a local channel because of how local channels
need to avoid deadlock.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359451 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a change in time occurs, such that the timestamps associated with frames
being placed into an adaptive jitter buffer (implemented in jitterbuf.c)
are significantly different then the previously inserted frames, the jitter
buffer checks to see if it needs to be resynched to the new time frame. If
three consecutive packets break the threshold, the jitter buffer resynchs
itself to the new timestamps. This currently only occurs when history is
calculated, and hence only on JB_TYPE_VOICE frames.
JB_TYPE_CONTROL frames, on the other hand, are never passed to the history
calculations. Because of this, if the jump in time is greater then the
maximum allowed length of the jitter buffer, the JB_TYPE_CONTROL frames are
dropped and no resynchronization occurs. Alterntively, if the overfill
logic is not triggered, the JB_TYPE_CONTROL frame will be placed into the
buffer, but with a time reference that is not applicable. Subsequent
JB_TYPE_VOICE frames will quickly trigger the overflow logic until reads
from the jitter buffer reach the errant JB_TYPE_CONTROL frame.
This patch allows JB_TYPE_CONTROL frames to resynch the jitter buffer. As
JB_TYPE_CONTROL frames are unlikely to occur in multiples, it perform the
resynchronization on any JB_TYPE_CONTROL frame that breaks the resynch
threshold.
Note that this only impacts chan_iax2, as other consumers of the adaptive
jitter buffer use the abstract jitter buffer API, which does not use
JB_TYPE_CONTROL frames.
Review: https://reviewboard.asterisk.org/r/1814/
(closes issue ASTERISK-18964)
Reported by: Kris Shaw
Tested by: Kris Shaw, Matt Jordan
Patches:
jitterbuffer-2012-2-26.diff uploaded by Kris Shaw (license 5722)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359356 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When connected line support was added, the wait_for_answer() variable
single changed its meaning slightly. Unfortunately, the places where
single was used did not necessarily get updated to reflect that change.
Also audio/video frames were sent to all forked calls when the endpoints
were never made compatible.
* Don't pass audio/video media frames when the channels have not been made
compatible.
* Added handling of AST_CONTROL_SRCCHANGE to app_dial.c.
* Fixed app_dial.c passing on AST_CONTROL_HOLD because that frame can also
pass a requested MOH class.
(closes issue ASTERISK-16901)
Reported by: Chris Gentle
(closes issue ASTERISK-17541)
Reported by: clint
Review: https://reviewboard.asterisk.org/r/1805/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359344 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch updates the NUMLOGLEVELS define in logger.h to 32, to match the fact
that logger.c implements 32 log levels (because of the custom log level stuff).
asterisk.c uses this define to size an array of levels per remote console.
This array is modified in ast_console_toggle_loglevel(), which is called by the
"logger set level" CLI command. While the documentation for the CLI command
doesn't make it terribly obvious, you can use this CLI command to toggle a
custom log level on a remote console, as well. However, doing so led to an
invalid array index in asterisk.c.
This array is read from any time a log message is written to a console. So,
all custom log level messages resulted in a bogus read if a remote console
was connected.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359259 65c4cc65-6c06-0410-ace0-fbb531ad65f3
These few places in the code used sizeof() on h_addr in struct hostent.
This is sizeof(char *). The correct way to get the size of this address is to
use h_length. This error would result in reads/writes of 8 bytes instead of 4
on 64-bit machines.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359211 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This didn't actually result in a bug anywhere, luckily. The only place
where the result of these memcpys was used is in app_dial, and the only
field that it read out of ast_call_feature was the first one, which is an
int, so these memcpys always copied just enough to avoid a problem.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359069 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch drastically simplifies the device state aggegation code.
The old method was not only overly complex, but also made it impossible
to return AST_DEVICE_INVALID from the aggregation code. The unit test
update is as a result of fixing that bug.
The SIP change stems from a bug introduced by removing a DNS lookup
for hostname-based SIP channels.
(closes issue ASTERISK-16702)
Review: https://reviewboard.asterisk.org/r/1808/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358943 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change restores functionality that was present in 1.4, when AEL macros
were implemented with the Macro dialplan application. Macros are fraught with
functionality issues, because they consume a large portion of the underlying
application stack. This limits the ability of AEL users to call many layers
of subroutines, an issue which Gosub does not have (originally tested to
100,000 levels deep). Therefore, starting in 1.6.0, AEL macros were
implemented with Gosub.
However, there were some implicit behaviors of Macro, which were not replicated
at the same time as with the transition to Gosub, one of which is documented in
the related issue. In particular, the "h" extension is designed to execute not
in the Macro context, but in the topmost calling context. Due to legacy issues
with a misapplied bugfix many years ago, when a macro exited in 1.4, it looks
in all calling contexts, bubbling up from the deepest level until it finds an
"h" extension.
Since AEL hides the complexity of the underlying dialplan logic from the AEL
programmer, it's reasonable to assume that this behavior should not change in
the transition from Asterisk 1.4 LTS to Asterisk 1.8 LTS, lest we break
working AEL configurations in the transition to Asterisk 1.8 LTS. This fix
is the result, which implements a search for the "h" extension in all calling
Gosub contexts.
Fixes ASTERISK-19336
Patch: 20120308__ael_bugfix_for_trunk__2.diff (License #5003) by Tilghman Lesher
(with slight modifications for 1.8)
Tested by: Johan Wilfer
Review: https://reviewboard.asterisk.org/r/1776/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358810 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Attempting to transfer with SIP to an address like 1XXXXX@ip.ad.re.ss:5061 would fail
because port would be cut from the host string and ignored. This simply keeps chan_sip
from cutting off the port number during these kinds of transfers.
(closes issue ASTERISK-19321)
Reported by: Federico Alves
Review: https://reviewboard.asterisk.org/r/1790/diff/#index_header
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358643 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Without detecting these types, cel_odbc blows up when the character
set for the table is utf8. This also wraps cdr_adaptive_odbc's use of
those types in the HAVE_ODBC_WCHAR #ifdef seen in other parts of the
code.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358435 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Fix referencing the wrong variable in chan_dahdi.c:my_set_cadence().
Thanks to Sean Bright for compiling with -Wshadow and finding this bug.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358377 65c4cc65-6c06-0410-ace0-fbb531ad65f3
SS7 is a trunk protocol and should clear a failed call as soon as
possible.
* Made SS7 hangup a call immediately if it has not connected yet for
INCOMPLETE/BUSY/CONGESTION causes. Otherwise, play an appropriate inband
tone.
(closes issue ASTERISK-19372)
Reported by: Igor Nikolaev
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358278 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Outgoing SS7 calls fail to detect incoming DTMF so any bridged channel
that requires out-of-band DTMF will not work.
* Added sig_ss7_open_media() calls at appropriate places in sig_ss7.c.
The new call converts conditionaled out unconverted code and shows that
the code really did something useful.
* Improved some chan_dahdi DTMF debug messages to help track DTMF
handling.
(closes issue ASTERISK-19312)
Reported by: Igor Nikolaev
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358260 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The process_output function in manager.c attempted to call fclose and close immediately
afterwards. Since fclose implies close, this resulted in a potential double free on file
descriptors. This patch changes that behavior and also adds error checking to fclose and
close depending on which was deemed necessary. Also error messages. Thanks to Rosen
Iliev for pointing out the location of the problem.
(closes issue ASTERISK-18453)
Reported By: Jaco Kroon
Review: https://reviewboard.asterisk.org/r/1793/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358214 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk was not setting pendinginvite in the upper half of
handle_request_invite such that the 4xx was retransmitted repeatedly even
though an ack was received for every retransmission.
(closes issue ASTERISK-19303)
Reported by: Jon Tsiros
Patches:
fix-19303.patch uploaded by Jeremiah Gowdy (license 6358)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358115 65c4cc65-6c06-0410-ace0-fbb531ad65f3
All of these were pretty obviously unused. Some were unused because
the code that used them was #if 0'd. In those cases, I just commented
out the unused-but-set variables.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@358029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change fixes case-sensitivity for device-specific subscriptions such that
the technology identifier is case-insensitive while the remainder of the device
string is still case-sensitive. This should also preserve the original case of
the device string as passed in to the event system. CCSS is the only feature
affected as it is the only consumer of device-specific event subscriptions.
The second part of this patch addresses similar case-sensitivity issues within
CCSS itself that prevented it from functioning correctly after the fix to the
events system.
This adds a unit test to verify that the event system works as expected.
(closes issue ASTERISK-19422)
Review: https://reviewboard.asterisk.org/r/1780/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@357940 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The check if an ISDN call is bridged before it could be placed on hold is
not necessary and is overly restrictive. The check was originally done to
prevent problems with call transfers in case a user tried to transfer a
call connected to an application to another call connected to an
application. The ISDN transfer code has not required this restriction for
quite some time because ECT could transfer any two active calls to each
other.
* Remove ISDN hold restriction for calls connected to applications.
* Made ast_waitfordigit_full() ignore AST_CONTROL_HOLD and
AST_CONTROL_UNHOLD instead of generating a warning message.
(closes issue ASTERISK-19388)
Reported by: Birger Harzenetter
Tested by: rmudgett
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@357894 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This takes two actions.
1. Move the reading of the alertpipe in __ast_read() to immediately before the
removal of frames from the readq. This means we won't do something silly like
read from the alertpipe, then ignore the fact that there's a frame to get from
the readq since channel's fdno is the AST_TIMING_FD.
2. When ast_settimeout() sets the rate to 0 and the timingfunc to NULL, if the
channel's fdno is the AST_TIMING_FD, then set the fdno to -1. This is because
if the rate is 0 and the timingfunc is NULL, it means that the channel's timing
fd is being invalidated, so any pending reads should not occur.
This may actually solve more issues than the referenced one below, but it's not
known at this time for sure.
(closes issue ASTERISK-19223)
reported by Frank-Michael Wittig
Review: https://reviewboard.asterisk.org/r/1779
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@357761 65c4cc65-6c06-0410-ace0-fbb531ad65f3
