This reverts commit b29a41bb1b.
This commit is no longer needed now that proper infrastructure has been
added to allow signaling modules to generate and detect DTMF
The feature macros should only be used for I/O module features
and not for signaling module features
In `srtp_unprotect_rtcp()` we are not validating that the packet
length is as long as the minimum required. This would cause
`enc_octet_len` to underflow, which would cause us to try to decrypt
data past the end of the packet in memory -- a buffer over-read and
buffer overflow.
In `srtp_protect_rtcp()`, we were similarly not validating the packet
length. Here we were also polluting the address of the SRTCP
encrypted flag and index (the `trailer`), causing us to write one word
to a bogus memory address before getting to the encryption where we
would also overflow.
In this commit we add checks to appropriately validate the RTCP/SRTCP
packet lengths.
`srtp_unprotect_rtcp_aead()` (but not protect) did correctly validate
the packet length; this check would now be redundant as the check in
`srtcp_unprotect_rtcp()` will also run first, so it has been removed.
In the defined AEAD modes, SRTP packets must always be encrypted and
authenticated, but SRTCP packets may be only authenticated. It's
possible, therefore, for us to end up in `srtp_protect_aead()` without
the `sec_serv_conf` bit being set. We should just ignore this and
encrypt the RTP packet anyway.
What we are doing instead is encrypting the packet anyway, but setting
`enc_start` to NULL first. This causes `aad_len` to underflow which
will cause us to over-read in `cipher_set_aad()`.
If we could get past that, we would try to read and write memory
starting at 0x0 down in `cipher_encrypt()`.
This commit causes us to not check the `sec_serv_conf` bit and never
set `enc_start` to NULL in `srtp_protect_aead()`.
`srtp_unprotect_aead()` does not contain a similar error.
When computing the start address of the RTP data to encrypt or SRTP
data to decrypt (`enc_start`), we are using `hdr->cc` (the CSRC
count), which is untrusted data from the packet, and the length field
of an RTP header extension, which is also untrusted and unchecked data
from the packet.
This value then pollutes our calculation of how much data we'll be
encrypting or decrypting (`enc_octet_len`), possibly causing us to
underflow.
We'll then call `cipher_encrypt()` or `cipher_decrypt()` with these
two values, causing us to read from and write to arbitrary addresses
in memory.
(In the AEAD functions, we'd also pollute `aad_len`, which would cause
us to read undefined memory in `cipher_set_aad`.)
This commit adds checks to verify that the `enc_start` we calculate is
sane based on the actual packet length.
What we momentarily called log-uuid-chars is now better called
log-uuid-length. Setting log-uuid-length will specify a truncation
length for UUIDs displayed by setting log-uuid.
If log-uuid-short is set, or -S is passed to fs_cli, we only display
the first 8 hex digits of the UUID. The log-uuid-chars option may
instead be set to specify some other truncation length for the UUID.
POSIX says poll.h and signal.h should not be prefixed with sys/ (ie
poll.h instead of sys/poll.h)
limits.h also defines a TZNAME_MAX so we change name of the define for
spandsp.
This library is used only by mod_enum and is available on most
platforms. The version in our tree has many code quality problems
that are generating noise when doing static analysis. Suffice it to
say we want rid of it as our responsibility.
FS-353
I found a problem here but it may not completely match your expectations.
I reviewed the RFC 4028 and checked against the code and I discovered we should not be putting a Min-SE in any response at all besides a 422:
section 5:
The Min-SE header field MUST NOT be used in responses except for
those with a 422 response code. It indicates the minimum value of
the session interval that the server is willing to accept.
I corrected this problem and implemented the 422 response so if you request a value lower than the minimum specified for the profile.
If the value is equal or higher to the minimum, it will be reflected in the Session-Expires header in the response and no Min-SE will be present.
If we received an event without a content-type header we were
dereferencing a null pointer leading to a seg fault.
Reported-by: Ico <ico@voip-io.org>
ESL-90 --resolve
Now that all output should end in a newline, we don't need to play
tricks with getting certain escape codes out ahead of buffered output.
This updates what we tried to do in commit
991b83d23c.
This partially reverts commit
8056125077.
The issue is that sofia siptrace output doesn't end each line with a
newline. Instead it sends a separate newline afterward, which comes
in as a separate event body. With the new EL_REFRESH code in effect
the line is being cleared after the siptrace output has been written
but before that next newline comes in.
With our own refresh code this doesn't happen because of slight
differences in where the stdio buffers get flushed compared to where
the output of clear_line() ends up.
This is a bit of a clumsy workaround. But we'll fix it first, then
refactor.
Using the system libedit means that libedit will again make absolute
movements on certain kinds of terminals. Older versions of libedit
without EL_PROMPT_ESC miscalculate the length of the prompt.
Combined, this results in the cursor ending up in the wrong place.
We knew this was a possibility when we moved to system libedit, and
we're OK with it. We certainly lived without this fancy prompt
feature for a long time.
This change puts back in place detection of the terminal type when
EL_PROMPT_ESC isn't available. On these older versions of libedit,
we'll only enable the fancy features when we know that libedit will
only make relative movements and not tickle the bug.
This partially reverts commit:
b9b77bd615
Newer versions of libedit provide an EL_REFRESH mechanism for
redrawing the prompt. We had previously written our own code to
handle this. In theory handing this over to libedit should be better.
Unfortunately when using EL_REFRESH the output of sofia siptrace isn't
showing up. We're working on that, but for now we're just force own
our redrawing code to be used instead.
Anthony Minessale
Steve Underwood
Moises Silva
Michael Jerris
Chris Rienzo
jfigus
Travis Cross
Steve Underwood
Brian West
Peter Olsson
Jeff Lenk
William King
Natanael Copa
Dmitry Sobinov
Ico
Seven Du
Steve Underwood
Steve Underwood
wavecb