The important parts of the patch were already applied through other updates.
(closes issue ASTERISK-19445)
Reported by: Makoto Dei
Patches:
memset-memcpy-length.patch uploaded by Makoto Dei (license 5027)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361210 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This came up while fixing documentation generation for many other cases where
the argument separator was not being displayed properly. Now that it is
displayed properly, it shows up in the wrong place for Transfer since the '/'
is only required if Tech is present.
(related to issue ASTERISK-18168)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361040 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change prevents Asterisk from sending RTCP receiver reports during a
remote bridge since it is no longer receiving media and should not be
reporting anything.
(related to ASTERISK-19366)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360987 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The logger_thread() had an exit path that failed to release the logmsgs
list lock.
* Make logger_thread() exit path unlock the logmsgs list lock.
* Made ast_log() not queue any messages to the logmsgs list if the
close_logger_thread flag is set.
(issue ASTERISK-19463)
Reported by: Matt Jordan
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360933 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Prior to this patch, a connected line update was queued during
call pickup and then an answer frame was queued. The original
caller would presumably then have his connected line updated
and then the call would be answered.
In actuality, the answer frame was not how the call ended up
being answered. Rather, an odd section in app_dial that checks
if the called channel's state is up.
The result is that the order of the connected line update and
the answer were variable. In most cases, this wasn't actually
a bad thing. However, if the 'I' option was passed to dial, the
connected line update would be inhibited.
The fix is to queued the connected line after the answer frame is
queued. This way the race in app_dial is between two
conditions resulting in an answer. This way the connected line
update occurs after the answer every time.
(closes issue ASTERISK-19183)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
Mark Michelson
Patches:
ASTERISK-19183.patch uploaded by Mark Michelson (license 5049)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360884 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change makes use of connected party information in addition to caller ID in order
to populate local and remote XML elements in the dialog-info NOTIFYs.
(closes issue ASTERISK-16735)
Reported by: Maciej Krajewski
Tested by: Maciej Krajewski
Patches:
local_remote_hint2.diff uploaded by Mark Michelson (license 5049)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360862 65c4cc65-6c06-0410-ace0-fbb531ad65f3
I was getting confused during some testing why Asterisk was saying that
a subscription was being added when it was clearly being removed. This
fixes that confusion.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360625 65c4cc65-6c06-0410-ace0-fbb531ad65f3
While this does not fix the issue of the CLI being flooded by 'doing
dnsmgr_lookup' messages, increasing the verbosity level above 5 should help
minimize it.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360471 65c4cc65-6c06-0410-ace0-fbb531ad65f3
dial_list is a dynamically allocated array that is allocated at the beginning
of Page() based on how many devices will be dialed. This was never being freed.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360363 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This is needed to include the last fix to main/ast_expr2.y. The changes look
much bigger as this regeneration of the code was done with newer versions of
flex and bison.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360357 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fix a memory leak that is very unlikely to actually happen. If a malloc()
succeeded, but the following strdup() failed, the memory from the original
malloc() would be leaked.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360356 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Q.951 indicates that when the presentation indicator is "Number not
available due to interworking" for a number then the screening indicator
field should be "Network provided".
* Made ast_party_id_presentation() return AST_PRES_NUMBER_NOT_AVAILABLE
when the presentation is "Number not available due to interworking". This
fix makes Asterisk consistent and it also makes it consistent with earlier
branches as far as this presentation value is concerned.
* Made pri_to_ast_presentation() and ast_to_pri_presentation() conversions
handle the "Number not available due to interworking" case better in
sig_pri.c. This change is possible because the minimum required libpri
version (v1.4.11) has the necessary defines in libpri.h.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360309 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When Asterisk detects a hangup and cannot send a BYE due to a pending
INVITE, it sets the pendingbye flag and waits for the final response to that
INVITE. When the response is received, it transmits the BYE. If, however,
that INVITE request is a pending re-INVITE, it needs to first send a CANCEL
request to terminate the pending re-INVITE. In that circumstance, Asterisk
was, in some scenarios, clearing the pendingbye flag after processing the
CANCEL request and not checking for a pending BYE when receiving the final
487 response to the INVITE.
This patch ensures that if the pendingbye flag is set, it is honored
regardless of the nature of the INVITE request currently in flight.
(closes issue ASTERISK-19365)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
Patches:
bugASTERISK-19365_2012_03_08.patch uploaded by mjordan (license 6283)
Review: https://reviewboard.asterisk.org/r/1807
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360086 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Echo()'s description states that it echoes audio, video, and DTMF except for #
while it actually echoes any frame that it receives other than DTMF #. This
was causing frame storms in the test suite in some circumstances where Echo()
was attached to both ends of a pair of local channels and control frames
were being periodically generated. Echo()'s behavior and description have
been modifed so that it only echoes media and non-# DTMF frames.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360033 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fix AMI module reload deadlock regression from ASTERISK-18479 when it
tried to fix the race between calling an AMI action callback and
unregistering that action. Refixes ASTERISK-13784 broken by
ASTERISK-17785 change.
Locking the ao2 object guaranteed that there were no active callbacks that
mattered when ast_manager_unregister() was called. Unfortunately, this
causes the deadlock situation. The patch stops locking the ao2 object to
allow multiple threads to invoke the callback re-entrantly. There is no
way to guarantee a module unload will not crash because of an active
callback. The code attempts to minimize the chance with the registered
flag and the maximum 5 second delay before ast_manager_unregister()
returns.
The trunk version of the patch changes the API to fix the race condition
correctly to prevent the module code from unloading from memory while an
action callback is active.
* Don't hold the lock while calling the AMI action callback.
(closes issue ASTERISK-19487)
Reported by: Philippe Lindheimer
Review: https://reviewboard.asterisk.org/r/1818/
Review: https://reviewboard.asterisk.org/r/1820/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359979 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch addresses a bug with chanspy on local channels which roughly 50% of the time
would create a situation where chanspy can latch onto a zombie channel, keeping the zombie
alive forever and causing the channel doing the spying to never be able to hang up.
(closes issue ASTERISK-19493)
Reported by: lvl
Review: https://reviewboard.asterisk.org/r/1819/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359892 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There exists a remotely exploitable stack buffer overflow in HTTP digest
authentication handling in Asterisk. The particular method in question
is only utilized by HTTP AMI. When parsing the digest information, the
length of the string is not checked when it is copied into temporary buffers
allocated on the stack.
This patch fixes this behavior by parsing out pre-defined key/value pairs
and avoiding unnecessary copies to the stack.
(closes issue ASTERISK-19542)
Reported by: Russell Bryant
Tested by: Matt Jordan
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359706 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Milliwatt is vulnerable to a remotely exploitable stack overrun when using
the 'o' option. This occurs due to the milliwatt_generate function not
accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of
samples it can put in the output buffer.
This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET
when determining the maximum number of samples allowed. Note that at no
point is remote code execution possible. The data that is written into the
buffer is the pre-defined Milliwatt data, and not custom data.
(closes issue ASTERISK-19541)
Reported by: Russell Bryant
Tested by: Matt Jordan
Patches:
milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)
Note that this patch was written by Russell, even though Matt uploaded it
........
Merged revisions 359645 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359656 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The connected line interception macros do not get executed when the
outgoing channel is initially created and that channel's caller-id is
implicitly imported into the incoming channel's connected line data. If
you are using the interception macros, you would expect that they get run
for every change to a channel's connected line information outside of
normal dialplan execution.
Review: https://reviewboard.asterisk.org/r/1817/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359609 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Initialize a struct sockaddr_in in try_transfer() so that the code isn't
(potentially) trying to read from it while uninitialized.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359558 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Ensure that status is set before it is used by resetting it during each loop
iteration. This could have resulted in incorrect results from this app.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359486 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Scan results indicated that this array could be used uninitialized. At a quick
look, it looks correct. In any case, initializing it is a Good Thing (tm).
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359457 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch ensures that the struct defined by AST_DECLARE_APP_ARGS() is always
fully initialized. I'm not sure if this fixes any real bugs, but it silences
a bunch of warnings from coverity, and is generally a good thing to do anyway.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359452 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Calling ast_indicate()/ast_indicate_data() with the channel lock held can
result in a deadlock with a local channel because of how local channels
need to avoid deadlock.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359451 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a change in time occurs, such that the timestamps associated with frames
being placed into an adaptive jitter buffer (implemented in jitterbuf.c)
are significantly different then the previously inserted frames, the jitter
buffer checks to see if it needs to be resynched to the new time frame. If
three consecutive packets break the threshold, the jitter buffer resynchs
itself to the new timestamps. This currently only occurs when history is
calculated, and hence only on JB_TYPE_VOICE frames.
JB_TYPE_CONTROL frames, on the other hand, are never passed to the history
calculations. Because of this, if the jump in time is greater then the
maximum allowed length of the jitter buffer, the JB_TYPE_CONTROL frames are
dropped and no resynchronization occurs. Alterntively, if the overfill
logic is not triggered, the JB_TYPE_CONTROL frame will be placed into the
buffer, but with a time reference that is not applicable. Subsequent
JB_TYPE_VOICE frames will quickly trigger the overflow logic until reads
from the jitter buffer reach the errant JB_TYPE_CONTROL frame.
This patch allows JB_TYPE_CONTROL frames to resynch the jitter buffer. As
JB_TYPE_CONTROL frames are unlikely to occur in multiples, it perform the
resynchronization on any JB_TYPE_CONTROL frame that breaks the resynch
threshold.
Note that this only impacts chan_iax2, as other consumers of the adaptive
jitter buffer use the abstract jitter buffer API, which does not use
JB_TYPE_CONTROL frames.
Review: https://reviewboard.asterisk.org/r/1814/
(closes issue ASTERISK-18964)
Reported by: Kris Shaw
Tested by: Kris Shaw, Matt Jordan
Patches:
jitterbuffer-2012-2-26.diff uploaded by Kris Shaw (license 5722)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359356 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When connected line support was added, the wait_for_answer() variable
single changed its meaning slightly. Unfortunately, the places where
single was used did not necessarily get updated to reflect that change.
Also audio/video frames were sent to all forked calls when the endpoints
were never made compatible.
* Don't pass audio/video media frames when the channels have not been made
compatible.
* Added handling of AST_CONTROL_SRCCHANGE to app_dial.c.
* Fixed app_dial.c passing on AST_CONTROL_HOLD because that frame can also
pass a requested MOH class.
(closes issue ASTERISK-16901)
Reported by: Chris Gentle
(closes issue ASTERISK-17541)
Reported by: clint
Review: https://reviewboard.asterisk.org/r/1805/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359344 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch updates the NUMLOGLEVELS define in logger.h to 32, to match the fact
that logger.c implements 32 log levels (because of the custom log level stuff).
asterisk.c uses this define to size an array of levels per remote console.
This array is modified in ast_console_toggle_loglevel(), which is called by the
"logger set level" CLI command. While the documentation for the CLI command
doesn't make it terribly obvious, you can use this CLI command to toggle a
custom log level on a remote console, as well. However, doing so led to an
invalid array index in asterisk.c.
This array is read from any time a log message is written to a console. So,
all custom log level messages resulted in a bogus read if a remote console
was connected.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359259 65c4cc65-6c06-0410-ace0-fbb531ad65f3
These few places in the code used sizeof() on h_addr in struct hostent.
This is sizeof(char *). The correct way to get the size of this address is to
use h_length. This error would result in reads/writes of 8 bytes instead of 4
on 64-bit machines.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359211 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This didn't actually result in a bug anywhere, luckily. The only place
where the result of these memcpys was used is in app_dial, and the only
field that it read out of ast_call_feature was the first one, which is an
int, so these memcpys always copied just enough to avoid a problem.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359069 65c4cc65-6c06-0410-ace0-fbb531ad65f3
