When a channel leaves a bridge, a race condition existed where the
bridge_channel's pvt structure would be accessed after it was disposed of.
This patch prevents that by setting the pointer to the pvt to NULL prior
to disposing of it.
Note that this patch is a backport from Asterisk 10. This particular race
condition was fixed as part of the larger code rework that occurred for that
release.
The solution to this problem was pointed out by Gunnar Harms in ASTERISK-16640.
(closes issue ASTERISK-16640)
Reported by: thomas987
(closes issue ASTERISK-16835)
Reported by: saghul
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@379091 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When r378933 was merged into 1.8, it should have also escaped
remote_display, since it will have the same XML encoding problem when
the caller/callee roles are reversed.
(closes issue ABE-2902)
Reported by: Guenther Kelleter
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@379001 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r370252 for ASTERISK-18404, Asterisk's handling of RTP was modified to
better account for out of order RTP packets. This was accomplished by using the
RTP timestamp and sequence number to check for out of order packets. However,
when a SSRC change occurs, the timestamp and sequence number will no longer
have any relation to the previously received packets. The variables tracking
the timestamp and sequence number therefore have to be reset.
(closes issue ASTERISK-20906)
Reported by: Eelco Brolman
patches:
dtmf_on_hold.patch uploaded by Eelco Brolman (license #6442)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378967 65c4cc65-6c06-0410-ace0-fbb531ad65f3
XML encoding in chan_sip is accomplished by naively building the XML
directly from strings. While this usually works, it fails to take into
account escaping the reserved characters in XML.
This patch adds an 'ast_xml_escape' function, which works similarly to
'ast_uri_encode'. This is used to properly escape the local_display
attribute in XML formatted NOTIFY messages.
Several things to note:
* The Right Thing(TM) to do would probably be to replace the
ast_build_string stuff with building an ast_xml_doc. That's a much
bigger change, and out of scope for the original ticket, so I
refrained myself.
* It is with great sadness that I wrote my own ast_xml_escape
function. There's one in libxml2, but it's knee-deep in
libxml2-ness, and not easily used to one-off escape a
string.
* I only escaped the string we know is causing problems
(local_display). At least some of the other strings are
URI-encoded, which should be XML safe. Rather than figuring out
what's safe and escaping what's not, it would be much cleaner to
simply build an ast_xml_doc for the messages and let the XML
library do the XML escaping. Like I said, that's out of scope.
(closes issue ABE-2902)
Reported by: Guenther Kelleter
Tested by: Guenther Kelleter
Review: http://reviewboard.digium.internal/r/365/
........
Merged revision 378919 from https://origsvn.digium.com/svn/asterisk/be/branches/C.3-bier
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378933 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The erroneous end condition would never include the AST_RTP_CISCO_DTMF flag
in the debug output.
(closes issue ASTERISK-20772)
Reported by: Xavier Hienne
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378776 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When ringinuse=no queue members can receive more than one call if these
calls happen at nearly the same time.
* Fix so a queue member does not receive more than one call from a queue.
NOTE: This fix does not prevent multiple calls to a member if the member
is in more than one queue.
* Did some refactoring to eliminate some code redundancy.
(issue ASTERISK-16115)
Reported by: nik600
Patches:
jira_asterisk_16115_single_q_v1.8.patch (license #5621) patch uploaded by rmudgett
Modified
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378663 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Under some circumstances, libsrtp's srtp_create function deallocates memory that
it wasn't initially responsible for allocating. Because we weren't initially
aware of this behavior, this memory was still used in spite of being unallocated
during the course of the srtp_unprotect function. A while back I made a patch
which would set this value to NULL, but that exposed a possible condition where
we would then try to check a member of the struct which would cause a segfault.
In order to address these problems, ast_srtp_unprotect will now set an error value
when it ends without a valid SRTP session which will result in the caller of
srtp_unprotect observing this error and hanging up the relevant channel instead of
trying to keep using the invalid session address.
(closes issue ASTERISK-20499)
Reported by: Tootai
Review: https://reviewboard.asterisk.org/r/2228/diff/#index_header
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378591 65c4cc65-6c06-0410-ace0-fbb531ad65f3
On a multihomed server when sending a NOTIFY message, we were not figuring out
which network should be used to contact the peer.
This patch fixes the problem by calling ast_sip_ouraddrfor() and then
build_via() so that our NOTIFY message contains the correct IP address.
Also, a debug message is being added to help follow the call-id changes that
occur. This was helpful for confirming that the IP address was set properly
since the call-id contains the IP address. It also will be helpful for
troubleshooting purposes when following a call in the debug logs.
(closes issue ASTERISK-20805)
Reported by: Bryan Hunt
Tested by: Bryan Hunt, Michael L. Young
Patches:
asterisk-20805-notify-ip-v2.diff uploaded by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/2255/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378554 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When the "h" extension is present within the context of the queue, all calls
are being reported COMPLETECALLER even when the agent is hanging up the call.
This patch checks to see if the agent hung-up or not instead of only relying on
checking if the queue (caller) channel hung-up or not. It would appear that
having the h extension in the mix, the pbx goes to the h extension,
"hanging-up" the queue channel and triggering the reporting of COMPLETECALLER.
(closes issue ASTERISK-20743)
Reported by: call
Tested by: call, Michael L. Young
Patches:
asterisk-20743-q-cmplt-caller.diff
uploaded by Michael L. Young (license 5026)
Review: https://reviewboard.asterisk.org/r/2256/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378514 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Made agent_cont_sleep() and agent_ack_sleep() stop waiting if the wrapup
time expires. agent_cont_sleep() had tried but returned the wrong value
to stop waiting.
* Made agent_ack_sleep() take a struct agent_pvt pointer instead of a void
pointer for better type safety.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378486 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Fix off-nominal path resource cleanup in agent_request().
* Create agent_pvt_destroy() to eliminate inlined versions in many places.
* Pull invariant code out of loop in add_agent().
* Remove redundant module user references in login_exec().
* Remove unused struct agent_pvt logincallerid[] member.
* Remove some redundant code in agent_request().
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378456 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This test event was missing from channel.c causing the dial_LS_options
test to fail intermittently because of a race condition where most code
paths emitted the test event but this one did not. The dial_LS_options
test should stop bouncing now.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378455 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When reading configuration data from an Asterisk .conf file or when pulling
data from an Asterisk RealTime backend, Asterisk was copying the data on the
stack for manipulation. Unfortunately, it is possible to read configuration
data or realtime data from some data source that provides a large blob of
characters. This could potentially cause a crash via a stack overflow.
This patch prevents large sets of data from being read from an ARA backend or
from an Asterisk conf file.
(issue ASTERISK-20658)
Reported by: wdoekes
Tested by: wdoekes, mmichelson
patches:
* issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674)
* issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378375 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The AMI redirect action can fail to redirect two channels that are bridged
together. There is a race between the AMI thread redirecting the two
channels and the bridge thread noticing that a channel is hungup from the
redirects.
* Made the bridge wait for both channels to be redirected before exiting.
* Made the AMI redirect check that all required headers are present before
proceeding with the redirection.
* Made the AMI redirect require that any supplied ExtraChannel exist
before proceeding. Previously the code fell back to a single channel
redirect operation.
(closes issue ASTERISK-18975)
Reported by: Ben Klang
(closes issue ASTERISK-19948)
Reported by: Brent Dalgleish
Patches:
jira_asterisk_19948_v11.patch (license #5621) patch uploaded by rmudgett
Tested by: rmudgett, Thomas Sevestre, Deepak Lohani, Kayode
Review: https://reviewboard.asterisk.org/r/2243/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378356 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk maintains an internal cache for devices in the event subsystem. The
device state cache holds the state of each device known to Asterisk, such that
consumers of device state information can query for the last known state for
a particular device, even if it is not part of an active call. The concept of
a device in Asterisk can include entities that do not have a physical
representation. One way that this occurred was when anonymous calls are allowed
in Asterisk. A device was automatically created and stored in the cache for
each anonymous call that occurred; this was possible in the SIP and IAX2
channel drivers and through channel drivers that utilized the
res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). These devices
are never removed from the system, allowing anonymous calls to potentially
exhaust a system's resources.
This patch changes the event cache subsystem and device state management to
no longer cache devices that are not associated with a physical entity.
(issue ASTERISK-20175)
Reported by: Russell Bryant, Leif Madsen, Joshua Colp
Tested by: kmoore
patches:
event-cachability-3.diff uploaded by jcolp (license 5000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378303 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk had several places where messages received over various network
transports may be copied in a single stack allocation. In the case of TCP,
since multiple packets in a stream may be concatenated together, this can
lead to large allocations that overflow the stack.
This patch modifies those portions of Asterisk using TCP to either
favor heap allocations or use an upper bound to ensure that the stack will not
overflow:
* For SIP, the allocation now has an upper limit
* For HTTP, the allocation is now a heap allocation instead of a stack
allocation
* For XMPP (in res_jabber), the allocation has been eliminated since it was
unnecesary.
Note that the HTTP portion of this issue was independently found by Brandon
Edwards of Exodus Intelligence.
(issue ASTERISK-20658)
Reported by: wdoekes, Brandon Edwards
Tested by: mmichelson, wdoekes
patches:
ASTERISK-20658_res_jabber.c.patch uploaded by mmichelson (license 5049)
issueA20658_http_postvars_use_malloc2.patch uploaded by wdoekes (license 5674)
issueA20658_limit_sip_packet_size3.patch uploaded by wdoekes (license 5674)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378269 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This ensures that Asterisk rejects encrypted media streams (RTP/SAVP
audio and video) that are missing cryptographic keys and ensures that
the incoming SDP is consistent with RFC4568 as far as having a crypto
attribute present for any SAVP streams.
Review: https://reviewboard.asterisk.org/r/2204/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378217 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The RTP engine public function that gets the available formats expects a
format_t to be returned; however when calling into an RTP instance's
callback to get the available formats, the callback returned an int.
This never was noticed in Asterisk because the two RTP engines included
do not provide an available_formats callback.
This introduces an API change, and the proposal for this change was brought
up on the Asterisk developers mailing list [1]. There was no public objection
to this change, so it is now being put in.
(closes AST-1054)
reported by Doug Bailey
[1] http://lists.digium.com/pipermail/asterisk-dev/2012-December/058058.html
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378147 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds hangup-related test events in order to support testing
of time-limited bridges. This aids in testing the S() and L() bridge
options.
(issue SWP-4713)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378119 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The chan_local module references were manually tied to the existence of
the ;1 and ;2 channel links.
* Made chan_local module references tied to the existence of the local_pvt
structure as well as automatically take care of the module references.
* Tweaked the wording of the local_fixup() failure warning message to make
sense.
Review: https://reviewboard.asterisk.org/r/2181/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378088 65c4cc65-6c06-0410-ace0-fbb531ad65f3
With the option ringinuse=no set, the patch committed for ASTERISK-16115
causes non-SIP queue members to never be called because the device state
is checked after a channel is created to determine if the member is busy.
These queue members always get the "Member %s is busy, cannot dial"
message.
Most channel drivers other than chan_sip use the default device state
handling. The default device-state state is considered in use or unknown
if the channel exists or not respectively.
(closes issue ASTERISK-20801)
Reported by: rmudgett
Patches:
jira_asterisk_16115_revert_r370418_v1.8.patch (license #5621) patch uploaded by rmudgett
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@378036 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk now includes Min-SE in outbound INVITEs when the value is not
90 (the default) and session timers are not disabled. This has the
effect of Asterisk following RFC4028 more closely with regard to 422
responses and preventing situations in which Asterisk would be forced
to temporarily accept a call to tear it down based on a Session-Expires
below the locally configured Min-SE.
(issue SWP-5051)
Review: https://reviewboard.asterisk.org/r/2222/
Reported-by: Kinsey Moore
Patch-by: Kinsey Moore
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377946 65c4cc65-6c06-0410-ace0-fbb531ad65f3
See CHANGES-* files in English extra 1.4.12 tarballs for new sound prompts added.
(closes ASTERISK-20328)
Reported by: Matt Jordan
(closes AST-755)
Reported by: John Bigelow
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377922 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A recent memory leak fix in main/cli.c causes an ast_cli_entry's command
field to be freed and NULLed if ast_cli_register() fails. res_clialiases
was ignoring the return value of ast_cli_register() and was then passing
the NULL command off to a a hash function. This resulted in a crash.
The fix is not to ignore the erroneous return value. If ast_cli_register()
fails, then we do not continue trying to process the current alias.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377840 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Made ast_unregister_indication_country() unlink the found tone zone
before selecting a new default_tone_zone to make it impossible to select
the tone zone being unregistered again.
* Ringcadence is no longer parsed twice in store_config_tone_zone().
* Cleanup CLI commands and destroy default_tone_zone on exit.
(issue ASTERISK-20649)
Reported by: Corey Farrell
Patches:
indications-cleanup-all.patch (license #5909) patch uploaded by Corey Farrell
Modified
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377740 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When using res_fax_digium, the T.38 CED tone was not being provided
properly which would cause some incoming faxes to fail. This was not an
issue with res_fax_spandsp since it does not strictly honor the
send_ced flag and sends the CED tone whenever receiving a T.38 fax.
(closes issue FAX-343)
Reported-by: Benjamin Tietz
Patch-by: Kinsey Moore
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377655 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Ensure that a call is immediately torn down if a Session-Expires value
received in a 200 OK is less than the local Min-SE. This also prevents
Asterisk from allowing calls with Session-Expires below the
RFC4028-mandated minimum (90s).
(closes issue ASTERISK-20653)
Review: https://reviewboard.asterisk.org/r/2237/
Patch-by: Kinsey Moore
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377623 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fix code to send in both rx and tx open stream messages correct codecs. Found that on phase 0/1 phones wrong codecs cause to no audio in some situations.
(issue ASTERISK-20183)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377591 65c4cc65-6c06-0410-ace0-fbb531ad65f3
no matter what the background color is.
Dark blue on a black background is unreadable, as is yellow on a
light background. This patch turns on the bright attribute for
colors when on a dark background and turns *off* the bright
attribute when the -W command line option is used (indicating a
_light_ background). This ensures that text is readable in both
cases.
Patch by: tilghman
Review: https://reviewboard.asterisk.org/r/2224
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377509 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Using the contrib sippeers.sql script to create the sippeers MySQL table
would result in being unable to place calls if you set the disallow value
to all.
(closes issue ASTERISK-20756)
Reported by: Andre Luis
Patches:
sippeers.patch patch uploaded by Andre Luis
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377431 65c4cc65-6c06-0410-ace0-fbb531ad65f3
During the TLS re-work in chan_sip some TLS specific code was moved
into a separate function. This function operates on a copy of the
incoming SIP request. This copy was never deinitialized causing a
memory leak for each request processed.
This function is now given a SIP request structure which it can use
to copy the incoming request into. This reduces the amount of memory
allocations done since the internal allocated components are reused
between packets and also ensures the SIP request structure is
deinitialized when the TLS connection is torn down.
(closes issue ASTERISK-20763)
Reported by: deti
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377257 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When srtp_create fails, the session may be dealloced or just not alloced. At
the same time though, the session pointer might not be set to NULL in this
process and attempting to srtp_dealloc it again will cause a segfault. This
patch checks for failure of srtp_create and sets the session pointer to NULL
if it fails.
(closes issue ASTERISK-20499)
Reported by: tootai
Review: https://reviewboard.asterisk.org/r/2228/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377256 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Convert atexits list to a mutex instead of a rd/wr lock. The lock is
only write locked.
* Move CLI verbose Asterisk ending message to where AMI message is output
in really_quit() to avoid further surprises about using stuff already
shutdown.
(issue ASTERISK-20649)
Reported by: Corey Farrell
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@377165 65c4cc65-6c06-0410-ace0-fbb531ad65f3
