We were leaking memory when break_on_match was set or when we received
back SWITCH_STATUS_BREAK from a callee as we were failing to free
field_expanded_alloc.
If pattern is null we're setting it to a non-null value, so this
branch will always be taken.
Use `git diff -w` or `git log -p -w` to see what's going on in this
commit.
I found a problem here but it may not completely match your expectations.
I reviewed the RFC 4028 and checked against the code and I discovered we should not be putting a Min-SE in any response at all besides a 422:
section 5:
The Min-SE header field MUST NOT be used in responses except for
those with a 422 response code. It indicates the minimum value of
the session interval that the server is willing to accept.
I corrected this problem and implemented the 422 response so if you request a value lower than the minimum specified for the profile.
If the value is equal or higher to the minimum, it will be reflected in the Session-Expires header in the response and no Min-SE will be present.
Prior to this commit, if anything at all went wrong in
switch_ivr_phrase_macro_event() we would generate a warning like this:
[WARNING] switch_ivr_play_say.c:348 Macro [macro_name]: 'pattern_name' did not match any patterns
This is clearly misleading. The natural thing to do on seeing that
message is to verify that the language files are there, and that the
pattern really does exist in that macro. But none of that was usually
the problem. The message would be generated if the language wasn't
found, or if the channel had gone away, for example.
With this commit, we verify that we actually tried looking for the
pattern before displaying the warning about the pattern not matching.
For years we've been generating spurious messages like:
[WARNING] switch_ivr_play_say.c:348 Macro [voicemail_ack]: 'saved' did not match any patterns
This would happen when the caller hangs up during the playback of
certain prompts in the voicemail system where we weren't checking the
return value of vm_macro_get(). Looking closely at the log, it's
clear we were calling down into switch_ivr_phrase_macro() long after
the channel was gone.
The message above is also misleading -- switch_ivr_phrase_macro()
would have been able to find that pattern just fine, but it never
actually looked because the channel was gone. We'll clean up that
message in a follow on commit.
If we received an event without a content-type header we were
dereferencing a null pointer leading to a seg fault.
Reported-by: Ico <ico@voip-io.org>
ESL-90 --resolve
This commit also reverts 2 previous attempts to fix this very rare race issue spanning back to 2009
62ce853897 Patch from MOC
3a85348cdf FS-2302 mutex added around switch_xml_toxml()
The real problem was switch_xml_toxml_buf() was actually temporarily modifying the xml structure being searialized to make it appaer to be a root structure then serializing it and restoring the pointers. This caused a non-threadsafe operation when some other thread was scanning the same xml structure.
This patch removes the modification and instead passes a new arg to switch_xml_toxml_r indicating to treat the structure as if it were a root structure.
This bug has been present since the induction of xml into FS.
Conflicts:
src/switch_xml.c
If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.
This is CVE-2012-4929.
FS-6360 --resolve
Thanks-to: Brian West <brian@freeswitch.org>
Travis Cross
Seven Du
Anthony Minessale
Chris Rienzo
Raymond Chandler
Nathan Neulinger
Brian West
Michael Jerris
Ico
Ken Rice