This commit also reverts 2 previous attempts to fix this very rare race issue spanning back to 2009
62ce8538974f727778f1024d0ef9549e438704fe Patch from MOC
3a85348cdfd0fd7df63a2a150790722c2d294b36 FS-2302 mutex added around switch_xml_toxml()
The real problem was switch_xml_toxml_buf() was actually temporarily modifying the xml structure being searialized to make it appaer to be a root structure then serializing it and restoring the pointers. This caused a non-threadsafe operation when some other thread was scanning the same xml structure.
This patch removes the modification and instead passes a new arg to switch_xml_toxml_r indicating to treat the structure as if it were a root structure.
This bug has been present since the induction of xml into FS.
Conflicts:
src/switch_xml.c
If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.
This is CVE-2012-4929.
FS-6360 --resolve
Thanks-to: Brian West <brian@freeswitch.org>
Cisco 7925G seem to work only with the correct conference_id2 and
rtptimeout set, so add protocol 11 definition fields and set
conference_id2 correctly.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>
Cisco 7925g send access status message with just 8 byte of payload data.
Since we don't interpret the unknown 3rd field anyway, remove it. This
will prevent the first register to fail.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>
WiFi phones like the 7925g may take longer than just one second to
acknowledge the open receive message. Increase the timeout to 5 seconds.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites. In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
This was momentarily called force_send_silence_when_idle, but that was
non-obvious as you had to set that value to true to be able to not
send silence when idle. This name describes the purpose much better.
We were handling the "send silence but not comfort noise" case in both
silence_stream_file_read and switch_generate_sln_silence. This
changes the former to rely on the latter.
If set to true, this prevents us from overriding the value of
send_silence_when_idle. When that is unset or set to zero and SRTP is
engaged, we typically override the value because many devices can't
handle gaps in the SRTP stream.
This variable is mostly for testing whether particular devices can
handle this behavior. Use at your own risk.
In commit 55d01d3defed4bfdc74704dbea0da9548a97a979 we set
send_silence_when_idle to -1 rather than 400 when SRTP is engaged.
But this left no way to enable white noise silence when desired.
When SRTP is engaged we can't simply not send RTP because it breaks
too many devices. So we need to prevent send_silence_when_idle from
being unset or being set to zero. This change allows it to be set to
other values so as to feed white noise rather than all zeros into the
codec.
