This commit also reverts 2 previous attempts to fix this very rare race issue spanning back to 2009
62ce8538974f727778f1024d0ef9549e438704fe Patch from MOC
3a85348cdfd0fd7df63a2a150790722c2d294b36 FS-2302 mutex added around switch_xml_toxml()
The real problem was switch_xml_toxml_buf() was actually temporarily modifying the xml structure being searialized to make it appaer to be a root structure then serializing it and restoring the pointers. This caused a non-threadsafe operation when some other thread was scanning the same xml structure.
This patch removes the modification and instead passes a new arg to switch_xml_toxml_r indicating to treat the structure as if it were a root structure.
This bug has been present since the induction of xml into FS.
Conflicts:
src/switch_xml.c
If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.
This is CVE-2012-4929.
FS-6360 --resolve
Thanks-to: Brian West <brian@freeswitch.org>
Cisco 7925G seem to work only with the correct conference_id2 and
rtptimeout set, so add protocol 11 definition fields and set
conference_id2 correctly.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>
Cisco 7925g send access status message with just 8 byte of payload data.
Since we don't interpret the unknown 3rd field anyway, remove it. This
will prevent the first register to fail.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>
WiFi phones like the 7925g may take longer than just one second to
acknowledge the open receive message. Increase the timeout to 5 seconds.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Nathan Neulinger <nneul@neulinger.org>
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites. In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
This was momentarily called force_send_silence_when_idle, but that was
non-obvious as you had to set that value to true to be able to not
send silence when idle. This name describes the purpose much better.
We were handling the "send silence but not comfort noise" case in both
silence_stream_file_read and switch_generate_sln_silence. This
changes the former to rely on the latter.
