This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@403913 65c4cc65-6c06-0410-ace0-fbb531ad65f3
During dialplan execution in pbx_extension_helper(), the contexts global
read lock prevents link list corruption, but was released with a pointer
to the ast_exten and data later used in variable substitution. Instead,
this patch removes pbx_substitute_variables() and locates a copy of the
ast_exten data on the stack before releasing the lock, where ast_exten
could get free'd by another thread performing a module reload.
(issue AST-1179)
Reported by: Thomas Arimont
(issue AST-1246)
Reported by: Alexander Hömig
Review: https://reviewboard.asterisk.org/r/3055/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@403862 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch prevents an infinite loop overwriting memory when
a message is received into the unpacksms16() function, where
the length of the message is an odd number of bytes.
(closes issue ASTERISK-22590)
Reported by: Jan Juergens
Tested by: Jan Juergens
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@403853 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Prior to this patch, res_fax_spandsp was conservative with how it initialized
the spandsp T.38 context. It would only initialize it if the driver thought
the current state was a T.38 fax. While this works fine in nominal situations,
in certain off nominal situations, res_fax_spandsp can believe that a T.38
fax will not occur when in fact one has started. In particular, this was
discovered when res_fax would fall back to audio after timing out on a T.38
upgrade. The SIP channel driver would continue to retry the re-INVITE and -
if the remote end responded after res_fax timed out with a 200 OK - a T.38
frame would be delivered to the res_fax stack when it no longer expected it.
As it turns out, there does not appear to be any downside to always
initializing the T.38 context, other than the actual memory allocation.
Since that avoids this off nominal situation (and others which are equally
likely hard to predict), this is the safest way to avoid this problem.
Much thanks to Torrey as well for providing a scenario that reproduces this
issue.
(closes issue ASTERISK-21242)
Reported by: Ashley Winters
Tested by: Torrey Searle
patches:
always-init-t38.patch uploaded by awinters (License 6477)
A_PARTY.xml uploaded by tsearle (License 5334)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@403449 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When translating from one format to another it is possible
to inform the translation function that the source frame should
be freed. This was previously done immediately but shortly
afterwards the frame that was freed was accessed and used again.
This change moves code around a bit so that the frame is now
freed after it has been completely used.
(closes issue ASTERISK-22788)
Reported by: Corey Farrell
Patches:
translate-access-after-free-11up.patch uploaded by coreyfarrell (license 5909)
translate-access-after-free-1.8.patch uploaded by coreyfarrell (license 5909)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@403014 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk will sometimes core dump during caller id read on analog
channels due to a negative return value from the read() in
my_get_callerid that slips through as a negative length argument to
callerid_feed() if the errno returned by DAHDI is ELAST. This change
ensures that the negative return is treated properly even when it is
ELAST.
(closes issue ASTERISK-22746)
Reported by: Michael Walton
Patches:
chan_dahdi_cid_crash_fix.r401410.patch uploaded by Michael Walton (License 6502)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402708 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In the current app_queue code from 1.8 up to trunk the upper and lower
penalties can be set to 0 but the value is interpreted to be disabled
instead of actually setting limits. This is especially evident if min
and max limits are set to 0 and members with penalties of 0 and 1 are
in the queue since the member with penalty 1 will still receive calls.
This patch adjusts the special disabled value to be INT_MAX instead of
0.
(closes issue ASTERISK-20862)
Review: https://reviewboard.asterisk.org/r/2995/
Reported by: Schmooze Com
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402645 65c4cc65-6c06-0410-ace0-fbb531ad65f3
For outbound register requests the tag on the From line was
updated every 20 seconds prior to a successful registration
and also once for each registration renewal. That behavior
can possibly cause the registration to be denied because of
the different tag, and is not aligned with the intention of
RFC 3261 8.1.3.5 "... request constitutes a new transaction
and SHOULD have the same value of the Call-ID, To, and From
of the previous request...". This updates chan_sip to have
a field to keep the local tag in the registration structure
and use that tag for registration requests where the callid
is also unchanged.
(closes issue ASTERISK-12117)
Reported by: Pawel Pierscionek
Review: https://reviewboard.asterisk.org/r/2988/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402604 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The presentation indicator in a callerid (e.g. set by dialplan function
Set(CALLERID(name-pres)= ...)) is not checked when SIP Dialog Info Notifies
are generated during extension monitoring. Added a check to make sure the
name and/or number presentations on the callee (remote identity) are set to
allow. If they are restricted then "anonymous" is used instead.
(closes issue AST-1175)
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/2976/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402468 65c4cc65-6c06-0410-ace0-fbb531ad65f3
For awhile now, we've noticed continuous integration builds hanging on CentOS 6
64-bit build agents. After resolving a number of problems with symbols, strange
locks, and other shenanigans, the problem has persisted. In all cases, gdb
shows the Asterisk process stuck in loader.c on one of the infinite while loops
that calls dlclose repeatedly until success.
The documentation of dlclose states that it returns 0 on success; any other
value on error. It does not state that repeatedly calling it will eventually
clear those errors. Most likely, the repeated calls to dlclose was to force a
close by exhausting the references on the library; however, that will never
succeed if:
(a) There is some fundamental error at work in the loaded library that
precludes unloading it
(b) Some other loaded module is referencing a symbol in the currently loaded
module
This results in Asterisk sitting forever.
Since we have matching pairs of dlopen/dlclose, this patch opts to only call
dlclose once, and log out as an ERROR if dlclose fails to return success. If
nothing else, this might help to determine why on the CentOS 6 64-bit build agent
things are not closing successfully.
Review: https://reviewboard.asterisk.org/r/2970
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402287 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The new sound packages relate to issues: ASTERISK-22544, ASTERISK-22411, ASTERISK-21413, ASTERISK-20782
Modified sounds/Makefile for the new sound versions and to account for the new en_GB language set.
(issue ASTERISK-22659)
(closes issue ASTERISK-22659)
(closes issue ASTERISK-22411)
(closes issue ASTERISK-22544)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402224 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In order to use nested functions on some versions of GCC (e.g. GCC on OS X),
the -fnested-functions flag must be passed to the compiler. This patch adds
detection logic to ./configure to add the flag if necessary.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402192 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Debug messages aren't free. Even when the debug level is sufficiently low such
that the messages are never evaluated, there is a cost to having to parse
Asterisk logs that contain debug messages that (a) fail to convey sufficient
information or (b) occur so frequently as to be next to meaningless. Based on
having to stare at lots of DEBUG messages, this patch makes the following
changes:
* channel.c: When copying variables from a parent channel to a child channel,
specify the channels involved. Do not log anything for a variable that is not
inherited; the fact that it doesn't have an _ or __ already signifies that it
won't be inherited.
* pbx.c: Specify what function evaluation has occurred that created the result.
* translate.c: Bump up the translator path messages to 10. I've never once had
to use these debug messages, and for each format that is registered (on
startup) and unregistered (on shutdown) the entire f^2 matrix is logged out.
For short tests in the Asterisk Test Suite, this should make finding the
actual test much easier.
* xmldoc.c: The debug message that 'blah' is not found in the tree is expected.
Often, description elements - which are not required - are not provided.
This debug message adds no additional value, as it is not indicative of an
error or helpful in debugging which element did not contain a 'blah' element
as a child. If an element is supposed to contain a child element, then that
XML tree should have failed validation in the first place.
Review: https://reviewboard.asterisk.org/r/2966/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402150 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In function ast_rtp_instance_early _bridge_make_compatible the
use of instance 0/1 as arguments doesn't clearly communicate a
direction that the copying of payloads from the source channel
to the destination channel will occur, making it more probable
to have the arguments to ast_rtp_codecs_payloads_copy() put in
the reverse order. This patch renames the arguments with _dst
and _src suffixes and corrects the copy direction.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@402000 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This fixes a bug where a zero length callerid match adjacent to a no
match callerid extension entry would be deleted together, which then
resulted in hashtable references to free'd memory. A third state of
the matchcid value has been added to indicate match to any extension
which allows enforcing comparison of matchcid on/off without errors.
(closes issue AST-1235)
Reported by: Guenther Kelleter
Review: https://reviewboard.asterisk.org/r/2930/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401959 65c4cc65-6c06-0410-ace0-fbb531ad65f3
We've figured out how to resolve the problems this was causing in 12/trunk,
so this can go back in now.
(issue ASTERISK-22467)
Reported by: Corey Farrell
Patches:
clicompat-r2.patch uploaded by coreyfarrell (license 5909)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401914 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Final set of patches in a series of memory leak/cleanup patches by Corey Farrell
(closes issue ASTERISK-22467)
Reported by: Corey Farrell
Patches:
main-utils-1.8.patch uploaded by coreyfarrell (license 5909)
main-utils-11.patch uploaded by coreyfarrell (license 5909)
main-utils-12up.patch uploaded by coreyfarrell (license 5909)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401829 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Also covers ast_app_parse_timelen-fail-zero-length.patch, but the patch was
replaced with one of my own.
(issue ASTERISK-22467)
Reported by: Corey Farrell
Patches:
chan_dahdi-cleanup_push.patch uploaded by coreyfarrell (license 5909)
clicompat-r2.patch uploaded by coreyfarrell (license 5909)
codecs-ilbc-doCPLC.patch uploaded by coreyfarrell (license 5909)
data-cleanup-test-registration.patch uploaded by coreyfarrell (license 5909)
main-asterisk-kill-listener.patch uploaded by coreyfarrell (license 5909)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401704 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Extra CDR records are written if a filtered CDR value is empty because the
filter is not checked.
(closes issue ASTERISK-22272)
Reported by: Jordi Llull Chavarria
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401577 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This corrects a situation in which a media line was not parsed properly
and resulted in a crash.
(closes issue ASTERISK-21190)
Reported by: adomjan
Patches:
chan_mgcp.c-sscnaf_fix uploaded by adomjan (License 5448)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401537 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If preferred codecs included any non-audio format the code would
mistakenly add the audio format, even if it was not a joint capability
with the remote side.
(closes issue ASTERISK-21131)
Reported by: nbougues
Patches:
patch_unsupported_codec_1.8.patch uploaded by nbougues (license 6470)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401497 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r400089, a patch was put in to correct erroneous RTCP statistic resets.
Unfortunately, ast_rtp_read can be called on an RTP instance that does not
have RTCP information. This patch prevents that crash by only resetting
the statistics if we do actually have an RTCP instance.
(issue AST-1174)
(closes issue ASTERISK-22667)
Reported by: John Bigelow
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401445 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Transferring an analog call using flashhooks generated an unable to get
index WARNING message when the transfer is completed.
* Removed unnecessary analog subchannel shell games when transferring a
call using flashhooks.
Thanks to Tzafrir Cohen for mentioning this in a comment on issue
ASTERISK-22720.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401378 65c4cc65-6c06-0410-ace0-fbb531ad65f3
isn't installed
Include the appropriate declarations when not using termcap, but term+curses
and [n]curses do not exist.
(closes issue ASTERISK-22351)
Reported by: A. Iglesias
Patches:
issueA22351_libedit_internal_without_ncurses_dev.patch uploaded by wdoekes (license 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401325 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r378303 the AST_FLAG_DISABLE_DEVSTATE_CACHE flag was added that tells
the devstate system to not cache states for non-real devices. However,
when optimizing away channels (ast_do_masquerade), that flag wasn't
copied.
In my case, using Local devices as queue members created a situation
where the endpoint was considered in use, but the state change of the
device being available again was ignored (not cached). The endpoint
channel was optimized into the (previously) Local channel, but kept
the do-not-cache flag. The end result being that the queue member
apparently stayed in use forever.
(closes issue ASTERISK-22718)
Reported by: Walter Doekes
Review: https://reviewboard.asterisk.org/r/2925/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401178 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Drop an error log message to debug level 1 since distributed device
state functions correctly when receiving this message and it spams the
logs.
(closes issue ASTERISK-22410)
Reported by: abelbeck
Patches:
asterisk-1.8-res_jabber-log-nonpubsub-error-to-debug.patch uploaded by abelbeck (License 5903)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401119 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When using realtime queues, queues have to be fetched from the database
every now and then to see if any info has been changed or to see if the
queue has been removed. When fetching info for an individual queue, the
pruning of other queues is unnecessarily costly.
Review: https://reviewboard.asterisk.org/r/2907/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@401049 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a 200 OK for an initial INVITE is received, we were doing
the right thing by ACKing and sending an immediate BYE. However,
we also were doing the wrong thing and queuing an answer frame,
thus causing the call to be answered. This would cause the call
to be hung up by the channel thread, thus resulting in a second
BYE being sent out.
In this fix, I also have set the hangupcause to be correct since
the initial BYE being sent by Asterisk had an unknown hangup
cause. I have changed to using "Bearer capabilty not available"
since the call was hung up due to an SDP offer/answer error.
(closes issue ASTERISK-22621)
reported by Kinsey Moore
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400970 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Remember the swgain setting from CLI "dahdi set swgain" command so the
CLI "dahdi show channel" output will reflect the current setting.
* Updated CLI "dahdi set hwgain" and "dahdi set swgain" documentation.
(issue ASTERISK-22429)
Reported by: Jaco Kroon
Patches:
jira_asterisk_22429_v1.8_v2.patch (license #5621) patch uploaded by rmudgett
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400907 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Bumping the SDP version number can cause interoperability problems
since receivers of the responses will expect that a 200 SDP will
be identical to a previous 183 SDP.
(closes issue ASTERISK-21204)
reported by NITESH BANSAL
Patches:
dont-increment-session-version-in-2xx-after-183.patch uploaded by NITESH BANSAL (License #6418)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400906 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When running configure, libiodbc2 development headers will fulfill the
requirement for ODBC development headers, but will not function
properly. This adds a warning when libiodbc2 development headers are
detected instead of unixodbc development headers.
(closes issue ASTERISK-22459)
Reported by: Patrick Maille
Tested by: Walter Doekes
Patches:
issueA22459_warn_when_using_iodbc.patch uploaded by Walter Doekes (License 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400767 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The AST_CONFIG dialplan function defined in func_config.c allocates its
config file list entries using ast_malloc. List entry allocations
destined for use with Asterisk's linked list API must be ast_calloc()d
or otherwise initialized so that list pointers are set to NULL. These
uses of ast_malloc have been replaced by ast_calloc to prevent
dereferencing of uninitialized pointer values when traversing the list.
(closes issue ASTERISK-22483)
Reported by: Brian Scott
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400694 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Commit r62462 added two extra fields for logging "the original position the
caller entered the queue at, and the amount of time the caller was waiting in
the queue." But when r75969 was merged from 1.4 into trunk (r75977), these two
fields disappeared. Those two extra fields were not logged in 1.4 and when the
patch was merged, those fields went away.
Therefore, this is a regression and was caught by the reporter because he was
reading the awesome "Asterisk: The Definitive Guide" book.
(closes issue ASTERISK-22197)
Reported by: Dalius M.
Tested by: Dalius M.
Patches:
asterisk-22197-q-log-exitwithkey.diff
uploaded by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/2901/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400622 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This fixes a bug where the SSRC field on multicast RTP can be stuck at
0 which can cause problems for endpoints trying to make sense of
incoming streams.
(closes issue ASTERISK-22567)
Reported by: Simone Camporeale
Patches:
22567_res_mulitcast_ssrc.patch uploaded by Simone Camporeale (License 6536)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400393 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The member reg in the peercnt structure is an unsigned char and peercnt_modify()
is expecting an unsigned char argument which gets assigned to peercnt->reg.
This patch fixes that by casting the integer argument being passed to
peercnt_modify to unsigned char.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400314 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This adds a global option in chan_sip to allow it to continue
attempting registration if a 403 is received, clearing the cached nonce
and treating it as a non-fatal response. Normally, this would cause
registration attempts to that endpoint to stop.
(closes issue ASTERISK-17138)
Review: https://reviewboard.asterisk.org/r/2874/
Reported by: Rudi
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400137 65c4cc65-6c06-0410-ace0-fbb531ad65f3
RTCP's calculation of the number of lost packets in an RTP stream is based on
that stream's sequence number count, the number of received packets, and how
many packets we expect to receive. When the SSRC for an RTP stream changes,
there can - and almost always will be - a large jump in the next packet's
timestamp and sequence number. If we don't reset the number of received
packets, sequence number count, and other metrics used by RTCP, the next RR/SR
report will use the previous SSRC's values to calculate the lost packet count
for the new SSRC - resulting in a very large number of lost packets.
This patch modifies res_rtp_asterisk such that, if it detects a SSRC change, it
will reset the various values used by the RTCP calculations. From the
perspective of RTCP, this appears as a new media stream - which is what it is.
Review: https://reviewboard.asterisk.org/r/2886/
(closes issue AST-1174)
Reported by: Thomas Arimont
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@400089 65c4cc65-6c06-0410-ace0-fbb531ad65f3
