Simply establishing a TCP connection and never sending anything to the
configured HTTP port in http.conf will tie up a HTTP connection. Since
there is a maximum number of open HTTP sessions allowed at a time you can
block legitimate connections.
A similar problem exists if a HTTP request is started but never finished.
* Added http.conf session_inactivity timer option to close HTTP
connections that aren't doing anything. Defaults to 30000 ms.
* Removed the undocumented manager.conf block-sockets option. It
interferes with TCP/TLS inactivity timeouts.
* AMI and SIP TLS connections now have better authentication timeout
protection. Though I didn't remove the bizzare TLS timeout polling code
from chan_sip.
* chan_sip can now handle SSL certificate renegotiations in the middle of
a session. It couldn't do that before because the socket was non-blocking
and the SSL calls were not restarted as documented by the OpenSSL
documentation.
* Fixed an off nominal leak of the ssl struct in
handle_tcptls_connection() if the FILE stream failed to open and the SSL
certificate negotiations failed.
The patch creates a custom FILE stream handler to give the created FILE
streams inactivity timeout and timeout after a specific moment in time
capability. This approach eliminates the need for code using the FILE
stream to be redesigned to deal with the timeouts.
This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of
the SSL_read/SSL_write operations.
ASTERISK-23673 #close
Reported by: Richard Mudgett
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@415841 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Backport -r411687 and fix the fix because content_length is the length of
out plus the length of the file controlled by fd.
When a response has an out content length of 0, fwrite would be called to
write a buffer with no data in it. This resulted in the following classic
error message:
[Apr 3 11:49:17] ERROR[26421] http.c: fwrite() failed: Success
This patch makes it so that we only attempt to write the content of out if
the out string is non-zero.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@412922 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This adds the TCP_NODELAY option to accepted connections on the HTTP
server built into Asterisk. This option disables the Nagle algorithm
which controls queueing of outbound data and in some cases can cause
delays on receipt of response by the client due to how the Nagle
algorithm interacts with TCP delayed ACK. This option is already set on
all non-HTTP AMI connections and this change would cover standard HTTP
requests, manager HTTP connections, and ARI HTTP requests and
websockets in Asterisk 12+ along with any future use of the HTTP
server.
Review: https://reviewboard.asterisk.org/r/3466/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@412745 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch works around a problem with the HTTP body
being dropped from the response to a specific client
and under specific circumstances:
a) Client request comes from node.js user agent
"Shred" via use of swagger-client library.
b) Asterisk and Client are *not* on the same
host or TCP/IP stack
In testing this problem, it has been determined that
the write of the HTTP body is lost, even if the data
is written using low level write function. The only
solution found is to instruct the TCP stack with the
shutdown function to flush the last write and finish
the transmission. See review for more details.
ASTERISK-23548 #close
(closes issue ASTERISK-23548)
Reported by: Sam Galarneau
Review: https://reviewboard.asterisk.org/r/3402/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@411462 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
(closes issue ASTERISK-23340)
Reported by: Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. Manuel Sadosky, Buenos Aires, Argentina
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@410380 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch modifies parsing of cookies in Asterisk's http server by doing an
explicit comparison of the "Cookie" header instead of looking at the first
6 characters to determine if the header is a cookie header. This avoids
parsing "Cookie2" headers and overwriting the previously parsed "Cookie"
header.
Note that we probably should be appending the cookies in each "Cookie"
header to the parsed results; however, while clients can send multiple
cookie headers they never really do. While this patch doesn't improve
Asterisk's behavior in that regard, it shouldn't make it any worse either.
Note that the solution in this patch was pointed out on the issue by the
issue reporter, Stuart Henderson.
(closes issue ASTERISK-21789)
Reported by: Stuart Henderson
Tested by: mjordan, Stuart Henderson
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@394899 65c4cc65-6c06-0410-ace0-fbb531ad65f3
While looking at the security vulnerability in ASTERISK-20967, Walter noticed
a file descriptor leak and some other issues in off nominal code paths. This
patch corrects them.
Note that this patch is not related to the vulnerability in ASTERISK-20967,
but the patch was placed on that issue.
(closes issue ASTERISK-20967)
Reported by: wdoekes
patches:
issueA20967_file_leak_and_unused_wkspace.patch uploaded by wdoekes (License 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@384118 65c4cc65-6c06-0410-ace0-fbb531ad65f3
AST-2012-014, fixed in January of this year, contained a fix for Asterisk's
HTTP server for a remotely-triggered crash. While the fix put in place fixed
the possibility for the crash to be triggered, a denial of service vector still
exists with that solution if an attacker sends one or more HTTP POST requests
with very large Content-Length values. This patch resolves this by capping
the Content-Length at 1024 bytes. Any attempt to send an HTTP POST with
Content-Length greater than this cap will not result in any memory allocation.
The POST will be responded to with an HTTP 413 "Request Entity Too Large"
response.
This issue was reported by Christoph Hebeisen of TELUS Security Labs
(closes issue ASTERISK-20967)
Reported by: Christoph Hebeisen
patches:
AST-2013-002-1.8.diff uploaded by mmichelson (License 5049)
AST-2013-002-10.diff uploaded by mmichelson (License 5049)
AST-2013-002-11.diff uploaded by mmichelson (License 5049)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@383976 65c4cc65-6c06-0410-ace0-fbb531ad65f3
AMI, HTTP, and chan_sip all support TLS in some way, but none of them
support all the options that Asterisk's TLS core is capable of
interpreting. This prevents consumers of the TLS/SSL layer from setting
TLS/SSL options that they do not support.
This also gets tlsverifyclient closer to a working state by requesting
the client certificate when tlsverifyclient is set. Currently, there is
no consumer of main/tcptls.c in Asterisk that supports this feature and
so it can not be properly tested.
Review: https://reviewboard.asterisk.org/r/2370/
Reported-by: John Bigelow
Patch-by: Kinsey Moore
(closes issue AST-1093)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@383165 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk had several places where messages received over various network
transports may be copied in a single stack allocation. In the case of TCP,
since multiple packets in a stream may be concatenated together, this can
lead to large allocations that overflow the stack.
This patch modifies those portions of Asterisk using TCP to either
favor heap allocations or use an upper bound to ensure that the stack will not
overflow:
* For SIP, the allocation now has an upper limit
* For HTTP, the allocation is now a heap allocation instead of a stack
allocation
* For XMPP (in res_jabber), the allocation has been eliminated since it was
unnecesary.
Note that the HTTP portion of this issue was independently found by Brandon
Edwards of Exodus Intelligence.
(issue ASTERISK-20658)
Reported by: wdoekes, Brandon Edwards
Tested by: mmichelson, wdoekes
patches:
ASTERISK-20658_res_jabber.c.patch uploaded by mmichelson (license 5049)
issueA20658_http_postvars_use_malloc2.patch uploaded by wdoekes (license 5674)
issueA20658_limit_sip_packet_size3.patch uploaded by wdoekes (license 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378269 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This replaces all calls to alloca() with ast_alloca() which calls gcc's
__builtin_alloca() to avoid BSD semantics and removes all NULL checks
on memory allocated via ast_alloca() and ast_strdupa().
(closes issue ASTERISK-20125)
Review: https://reviewboard.asterisk.org/r/2032/
Patch-by: Walter Doekes (wdoekes)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@370642 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When unlinking itself from the registered HTTP URIs, res_http_post could
inadvertently free all URIs registered with the HTTP server. This patch
modifies the unregister method to only free the URI that is actually
being unregistered, as opposed to all of them.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361803 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Removes references to tlsbindport from http.conf.sample and manager.conf.sample
* Properly bind to port specified in tlsbindaddr, using the default port if specified.
* On a reload, properly close socket if the service has been disabled.
A note has been added to UPGRADE.txt to indicate how ports must be set for TLS.
(closes issue ASTERISK-16959)
reported by Olaf Holthausen
(closes issue ASTERISK-19201)
reported by Chris Mylonas
(closes issue ASTERISK-19204)
reported by Chris Mylonas
Review: https://reviewboard.asterisk.org/r/1709
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353770 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When calculating the 'A2' portion of our digest for verification, we need the
HTTP method that is currently in use. Unfortunately our mapping function was
incorrect, resulting in invalid hashes being generated and, in turn, failures
in authentication.
(closes issue #18598)
Reported by: ksn
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@316919 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
................
r314620 | mnicholson | 2011-04-21 13:22:19 -0500 (Thu, 21 Apr 2011) | 20 lines
Merged revisions 314607 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r314607 | mnicholson | 2011-04-21 13:19:21 -0500 (Thu, 21 Apr 2011) | 14 lines
Added limits to the number of unauthenticated sessions TCP based protocols are allowed to have open simultaneously. Also added timeouts for unauthenticated sessions where it made sense to do so.
Unrelated, the manager interface now properly checks if the user has the "system" privilege before executing shell commands via the Originate action.
AST-2011-005
AST-2011-006
(closes issue #18787)
Reported by: kobaz
(related to issue #18996)
Reported by: tzafrir
........
................
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@314628 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This adds a generic API for accommodating IPv6 and IPv4 addresses
within Asterisk. While many files have been updated to make use of the
API, chan_sip and the RTP code are the files which actually support
IPv6 addresses at the time of this commit. The way has been paved for
easier upgrading for other files in the near future, though.
Big thanks go to Simon Perrault, Marc Blanchet, and Jean-Philippe Dionne
for their hard work on this.
(closes issue #17565)
Reported by: russell
Patches:
asteriskv6-test-report.pdf uploaded by russell (license 2)
Review: https://reviewboard.asterisk.org/r/743
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@274783 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If there is a problem with a firmware file, Polycom phones will close the
connection. We were continuing to send the file anyway. There should be no
reason to continue sending a file if there is an error writing it.
(closes issue #16682)
Reported by: lmadsen
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@270692 65c4cc65-6c06-0410-ace0-fbb531ad65f3
ast_tls_read_conf() is a new api call for handling SSL/TLS options across all conf files. Before this change, SSL/TLS options were not consistent. http.conf and manager.conf required the 'ssl' prefix while sip.conf used options with the 'tls' prefix. While the options had different names in different conf files, they all did the exact same thing. Now, instead of mixing 'ssl' or 'tls' prefixes to do the same thing depending on what conf file you're in, all SSL/TLS options use the 'tls' prefix. For example. 'sslenable' in http.conf and manager.conf is now 'tlsenable' which matches what already existed in sip.conf. Since this has the potential to break backwards compatibility, previous options containing the 'ssl' prefix still work, but they are no longer documented in the sample.conf files. The change is noted in the CHANGES file though.
Review: http://reviewboard.digium.com/r/237/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@191028 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Adds option to specify a private key .pem file when configuring TLS or SSL in AMI, HTTP, and SIP. Before this, the certificate file was used for both the public and private key. It is possible for this file to hold both, but most configurations allow for a separate private key file to be specified. Clarified in .conf files how these options are to be used. The current conf files do not explain how the private key is handled at all, so without knowledge of Asterisk's TLS implementation, it would be hard to know for sure what was going on or how to set it up.
Review: http://reviewboard.digium.com/r/234/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@190545 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1) rename 'struct server_args' to 'struct ast_tcptls_session_args', to follow coding guidelines
2) make ast_make_file_from_fd() static and rename it to something that indicates what it really is for (again coding guidelines)
3) rename address variables inside 'struct ast_tcptls_session_args' to be more descriptive (dare i say it... coding guidelines)
4) change ast_tcptls_client_start() to use the new 'remote_address' field of the session args for the destination of the connection, and use the 'local_address' field to bind() the socket to the proper source address, if one is supplied
5) in chan_sip, ensure that we pass in the PP address we are bound to when creating outbound (client) connections, so that our connections will appear from the correct address
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@151101 65c4cc65-6c06-0410-ace0-fbb531ad65f3
when a file is invalid from when a file is missing. This is most important when
we have two configuration files. Consider the following example:
Old system:
sip.conf users.conf Old result New result
======== ========== ========== ==========
Missing Missing SIP doesn't load SIP doesn't load
Missing OK SIP doesn't load SIP doesn't load
Missing Invalid SIP doesn't load SIP doesn't load
OK Missing SIP loads SIP loads
OK OK SIP loads SIP loads
OK Invalid SIP loads incompletely SIP doesn't load
Invalid Missing SIP doesn't load SIP doesn't load
Invalid OK SIP doesn't load SIP doesn't load
Invalid Invalid SIP doesn't load SIP doesn't load
So in the case when users.conf doesn't load because there's a typo that
disrupts the syntax, we may only partially load users, instead of failing with
an error, which may cause some calls not to get processed. Worse yet, the old
system would do this with no indication that anything was even wrong.
(closes issue #10690)
Reported by: dtyoo
Patches:
20080716__bug10690.diff.txt uploaded by Corydon76 (license 14)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@142992 65c4cc65-6c06-0410-ace0-fbb531ad65f3
ago (does not affect 1.4), where you would pass
a pointer to the end of a character array, and
ast_uri_decode would do no good.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@133651 65c4cc65-6c06-0410-ace0-fbb531ad65f3
