ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
result in a buffer overrun when called from chan_sip or func_cdr. This patch
adds a maximum bytes written to the field by using ast_copy_string instead.
ASTERISK-26897 #close
patches:
0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
by Corey Farrell (license #5909)
Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
If DESTDIR is set, don't call ldconfig. Assume that DESTDIR is used to
create a binary archive. The ldconfig call should be delegated to the
archive postinst script. This fixes the case where fakeroot wraps 'make
install' causing $EUID to be 0 even though it doesn't have permission to
call ldconfig.
The previous logic in configure.ac to detect and correct libdir
has been removed as it was not completely accurate. CentOS 64-bit
users should again specifiy --libdir=/usr/lib64 when configuring
to prevent install to /usr/lib.
Updated Makefile:check-old-libdir to check for orphans in
lib64 when installing to lib as well as orphans in lib when installing
to lib64.
Updated Makefile and main/Makefile uninstall targets to remove the
orphans using the new logic.
ASTERISK-26705
Change-Id: I51739d4a03e60bff38be719b8d2ead0007afdd51
The ao2_global_obj_release() function holds an exclusive lock on the
global object while it is being dereferenced. Any destructors that
run during this time that call ao2_global_obj_ref() will deadlock
because a read lock is required.
Instead, we make the global object inaccessible inside of the write
lock and only dereference it once we have released the lock. This
allows the affected destructors to fail gracefully.
While this doesn't completely solve the referenced issue (the error
message about not being able to create an IQ continues to be shown)
it does solve the backtrace spew that accompanied it.
ASTERISK-21009 #close
Reported by: Marcello Ceschia
Change-Id: Idf40ae136b5070dba22cb576ea8414fbc9939385
The CDR code previously did not allow the user field to be set
from the 'h' extension in the dialplan. This change removes that
limitation and allows it to be set.
ASTERISK-26818
Change-Id: I0fed8a79b5e408bac4e30542b8f33a61c5ed9aa6
We aren't validating that the URI we just parsed is a SIP/SIPS one before
trying to access the user, host, and port members of a possibly uninitialized
structure.
Also update the MessageSend documentation to indicate what 'from' formats are
accepted.
ASTERISK-26484 #close
Reported by: Vinod Dharashive
Change-Id: I476b5cc5f18a7713d0ee945374f2a1c164857d30
Fixed a bug in function "ast_audiohook_write_frame" that checked the
variable other_factory_samples and only flushed the factories, so they
would be in sync, when other_factory_samples > 0. When there is not any
rtp incoming the variable other_factory_samples will be 0, and although
the result of "our_factory_ms - other_factory_ms" may be very large,
this led to the record file not syncing.
ASTERISK-26875 #close
Reported-by: Aaron An
Tested-by: Aaron An
Change-Id: Ia4d890fb8fc1636a7188502bab35f555685aea22
POSIX does not require getprotobyname() to be thread safe and some
implementations use static memory which causes issues when multiple
threads are used.
Further, our usage of it today is just to ultimately get IPPROTO_TCP
for calls to setsockopt(). So instead we just use IPPROTO_TCP directly.
Change-Id: I2e14e58674808f7ce99b2f5e900d0f90d0d8da48
Dereferencing struct ast_autochan.chan without first calling
ast_autochan_channel_lock() is unsafe because the pointer could change at
any time due to a masquerade. Unfortunately, ast_autochan_channel_lock()
itself uses struct ast_autochan.chan unsafely and can result in a deadlock
if the original channel happens to get destroyed after a masquerade in
addition to the pointer getting changed.
The problem is more likely to happen with v11 and earlier because
masquerades are used to optimize out local channels on those versions.
However, it could still happen on newer versions if the channel is
executing a dialplan application when the channel is transferred or
redirected. In this situation a masquerade still must be used.
* Added a lock to struct ast_autochan to safely be able to use
ast_autochan.chan while trying to get the channel lock in
ast_autochan_channel_lock(). The locking order is the channel lock then
the autochan lock. Locking in the other direction requires deadlock
avoidance.
* Fix unsafe ast_autochan.chan usages in app_mixmonitor.c.
* Fix unsafe ast_autochan.chan usages in app_chanspy.c.
* app_chanspy.c: Removed unused autochan parameter from next_channel().
ASTERISK-26867
Change-Id: Id29dd22bc0f369b44e23ca423d2f3657187cc592
Forgetting to indicate an exten is a pattern can cause a crash if the
"pattern" has a character set range. e.g., "9999[3-5]" The crash is due
to a buffer overwrite because the '-' exten eye-candy wasn't removed as
expected and overran the allocated space.
The buffer overwrite is fixed two ways in this patch.
1) Fix ext_strncpy() to distinguish between pattern and non-pattern
extens. Now '-' characters are removed when they are eye-candy and not
when they are part of a pattern character set. Since the function is
private to pbx.c, the return value now returns the number of bytes written
to the destination buffer instead of the strlen() of the final buffer so
the callers that care don't need to add one.
2) Fix callers to ext_strncpy() to supply the correct available buffer
size of the destination buffer.
ASTERISK-26668
Change-Id: I555d97411140e47e0522684062d174fbe32aa84a
This patch demotes the ERROR message that is displayed when a
nonexistent item is removed from the Stasis cache. The genesis of this
demotion is due to chan_sip's realtime peers and their interaction with
Asterisk's core ast_endpoint code, but ostensibly it could happen from
other channel drivers as well.
Since Mark Michelson already did an excellent job of explaining on this
issue, it is quoted here for posterity:
"Internally, when a realtime peer is retrieved, Asterisk creates an
ast_endpoint structure. When that peer is destroyed, the ast_endpoint is
destroyed as well. Part of the destruction of the ast_endpoint involves
clearing the Stasis cache of all information about that endpoint. The
problem here is that the act of creating the ast_endpoint is not enough
to actually put any information in the Stasis cache. Instead, something
has to happen, such as a state change, in order for the Stasis cache to
have any information about that endpoint. When a device registers,
chan_sip creates an ast_endpoint structure, processes the REGISTER, and
then destroys the ast_endpoint. When the ast_endpoint is destroyed,
there is nothing to destroy in the Stasis cache, so an error message is
emitted. When you use rtcachefriends, ast_endpoint structures persist
for the lifetime of the module and so you do not see this error
message."
ASTERISK-25237 #close
Change-Id: I53cebc6b4a897a1ab9564182b75c177780feff70
* manager.c:manager_state_cb() Fix potential use of uninitialized hint[]
if a hint does not exist for the requested extension. Ran into this when
developing a testsuite test. The AMI event ExtensionStatus came out with
the hint header value containing garbage. The AMI event PresenceStatus
also had the same issue.
* manager.c:action_extensionstate() no need to completely initialize the
hint[]. Only initialize the first element.
* pbx.c:ast_add_hint() Remove unnecessary assignment.
* chan_sip.c: Eliminate an unneeded hint[] local variable. We only care
about the return value of ast_get_hint() there.
Change-Id: Ia9a8786f01f93f1f917200f0a50bead0319af97b
... and clean them both up on uninstall.
We've fixed the issue where 'make install' was installing to
/usr/lib on 64-bit systems that use /usr/lib64. Now we need
to clean up the remnants in /usr/lib.
* 'make install' now prints a warning if DESTDIR/ASTLIBDIR
contains 'lib64' and libasterisk* shared libraries or modules
are also found in DESTDIR/ASTLIBDIR with 'lib64' transformed
to 'lib'.
* 'make uninstall' ALWAYS cleans up both DESTDIR/ASTLIBDIR and
DESTDIR/ASTLIBDIR with 'lib64' transformed to 'lib'.
ASTERISK-26705
Change-Id: I6edddeb3c07a51e7c7ba7cac3c05e4bf3ec3f01f
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory. To make matters worse, options were being passed
to ldconfig on both Linux and FreeBSD that actually prevented
the rebuild of the cache.
* Fedora has a /usr/share/config.site that automatically tells
autoconf to use /usr/lib64 but CentOS does not. This logic was
copied to configure.ac and modified so systems like Ubuntu,
which still use /usr/lib for 64-bit systems, aren't affected.
Now that we have them in the correct directory...
In order for the system loader to find libasteriskssl and
libasteriskpj, one of 3 things has to happen...
- The linker cache must be rebuilt including the directory
where the libasterisk* libraries were installed. Only root
can rebuild the cache. This was busted.
- We have to link the asterisk binary with an rpath pointing
to the directrory where the libasterisk* libraries were
installed. This makes things very complicated and will happen
over the collective dead bodies of everyone who's had to
package a distribution with an rpath.
- Finally, you can start asterisk with LD_LIBRARY_PATH set to the
directrory where the libasterisk* libraries were installed.
There are no other options. So...
* The invokation of ldconfig has been moved from main/Makefile
to ASTTOPDIR/Makefile, the options have been removed, and
DESTDIR/ASTLIBDIR appended. If you aren't root, you will be
warned after the "Asterisk Installation Compete" banner that
you must re-run 'make install' as root, manually run
'ldconfig DESTDIR/ASTLIBDIR' as root, or run asterisk with
LD_LIBRARY_PATH.
ASTERISK-26705
Change-Id: I2a64b7c33a7d3e9bde20f47e3d3ab771977af982
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory.
This change does the minimally invasive thing and executes
ldconfig so that the libraries in the lib directory are found
and their location cached. By doing so Asterisk starts up fine.
If DESTDIR is specified, however, the old logic is executed as
the install process may not have permission to alter the ldconfig
cache.
ASTERISK-26705
Change-Id: If4eca46ac510c6fea5568256280ffdb3888d7bb4
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory.
This change does the minimally invasive thing and executes
ldconfig so that the libraries in the lib directory are found
and their location cached. By doing so Asterisk starts up fine.
ASTERISK-26705
Change-Id: I6d30b6427e9d5e69470e11327c7ff203fa7da519
OpenSSL 1.1 requires no explicit initialization. The hacks in the
library are not needed. They also happen to fail running Asterisk.
ASTERISK-26109 #close
Change-Id: I3b3efd5d80234a4c45a8ee58dcfe25b15d9ad100
OpenSSL 1.1 introduced TLS_client_method() and deprecated the previous
version-specific methods (such as TLSv1_client_method(). Other than
being simpler to use and more correct (gain support for TLS newer that
TLS1, in our case), the older ones produce a deprecation warning that
fails the build in dev-mode.
ASTERISK-26109 #close
Change-Id: I257b1c8afd09dcb0d96cda3a41cb9f7a15d0ba07
Use OPENSSL_VERSION_NUMBER instead of OPENSSL_API_COMPAT to detect
the openssl 1.1 API.
ASTERISK-26109 #close
Change-Id: I4e448f55ef516aedf6ad154037c35577a421a458
* app_minivm: Use built-in completion facilities to complete optional
arguments.
* app_voicemail: Use built-in completion facilities to complete
optional arguments.
* app_confbridge: Add missing colons after 'Usage' text.
* chan_alsa: Use built-in completion facilities to complete optional
arguments.
* chan_sip: Use built-in completion facilities to complete optional
arguments. Add completions for 'load' for 'sip show user', 'sip show
peer', and 'sip qualify peer.'
* chan_skinny: Correct and extend completions for 'skinny reset' and
'skinny show line.'
* func_odbc: Correct completions for 'odbc read' and 'odbc write'
* main/asterisk: Correct and extend completions for 'core show file
version.'
* main/astmm: Use built-in completion facilities to complete arguments
for 'memory' commands.
* main/bridge: Correct completions for 'bridge kick.'
* main/ccss: Use built-in completion facilities to complete arguments
for 'cc cancel' command.
* main/cli: Add 'all' completion for 'channel request hangup.' Correct
completions for 'core set debug channel.' Correct completions for 'core
show calls.'
* main/pbx_app: Remove redundant completions for 'core show
applications.'
* main/pbx_hangup_handler: Remove unused completions for 'core show
hanguphandlers all.'
* res_sorcery_memory_cache: Add completion for 'reload' argument of
'sorcery memory cache stale' and properly implement.
Change-Id: Iee58c7392f6fec34ad9d596109117af87697bbca
The ast_waitfor_nandfds operation will manipulate the flags
of channels passed in. This was previously done without
the channel lock being held. This could result in incorrect
values existing for the flags if another thread manipulated
the flags at the same time.
This change locks the channel during flag manipulation.
ASTERISK-26788
Change-Id: I2c5c8edec17c9bdad4a93291576838cb552ca5ed
In Asterisk 11, if the 'Originate' AMI command failed to connect the provided
Channel while in extension mode, a 'failed' extension would be looked up and
run. This was, I believe, unintentionally removed in 51b6c49. This patch
restores that behavior.
This also adds an enum for the various 'synchronous' modes in an attempt to
make them meaningful.
ASTERISK-26115 #close
Reported by: Nasir Iqbal
Change-Id: I8afbd06725e99610e02adb529137d4800c05345d
We shouldn't unlock the channel after starting a snapshot staging because
another thread may interfere and do its own snapshot staging.
* app_dial.c:dial_exec_full() made hold the channel lock while setting up
the outgoing channel staging. Made hold the channel lock after the called
party answers while updating the caller channel staging.
* chan_sip.c:sip_new() completed the channel staging on off-nominal exit.
Also we need to use ast_hangup() instead of ast_channel_unref() at that
location.
* channel.c:__ast_channel_alloc_ap() added a comment about not needing to
complete the channel snapshot staging on off-nominal exit paths.
* rtp_engine.c:ast_rtp_instance_set_stats_vars() made hold the channel
locks while staging the channels for the stats channel variables.
Change-Id: Iefb6336893163f6447bad65568722ad5d5d8212a
When performing an SRV lookup using the ast_srv_lookup function it
did not properly handle the situation where 0 records are returned.
If this happened it would wrongly assume that at least one record
was present.
This change fixes the code so it will exit early if an error occurs
or if 0 records are returned.
ASTERISK-26772
patches:
srv_lookup.patch submitted by nappsoft (license 6822)
Change-Id: I09b19081c74e0ad11c12bf54a257243b1bcb2351
If an audiohook is placed on a channel that does not require transcoding,
muting that hook will cause the underlying frames to be muted as well.
The original patch is from David Woolley but I have modified slightly.
ASTERISK-21094 #close
Reported by: David Woolley
Patches:
ASTERISK-21094-Patch-1.8-1.txt (license #5737) patch uploaded
by David Woolley
Change-Id: Ib2b68c6283e227cbeb5fa478b2d0f625dae338ed
Using the timerfd timing module can cause channel freezing, lingering, or
deadlock issues. The problem is because this is the only timing module
that uses an associated alert-pipe. When the alert-pipe becomes
unbalanced with respect to the number of frames in the read queue bad
things can happen. If the alert-pipe has fewer alerts queued than the
read queue then nothing might wake up the thread to handle received frames
from the channel driver. For local channels this is the only way to wake
up the thread to handle received frames. Being unbalanced in the other
direction is less of an issue as it will cause unnecessary reads into the
channel driver.
ASTERISK-26716 is an example of this deadlock which was indirectly fixed
by the change that found the need for this patch.
* In channel.c:__ast_queue_frame(): Adding frame lists to the read queue
did not add the same number of alerts to the alert-pipe. Correspondingly,
when there is an exceptionally long queue event, any removed frames did
not also remove the corresponding number of alerts from the alert-pipe.
ASTERISK-26632 #close
Change-Id: Ia98137c5bf6e9d6d202ce0eb36441851875863f6
A dialplan intercept routine is equivalent to an interrupt routine. As
such, the routine must be done quickly and you do not have access to the
media stream. These restrictions are necessary because the media stream
is the responsibility of some other code and interfering with or delaying
that processing is bad. A possible future dialplan processing
architecture change may allow the interception routine to run in a
different thread from the main thread handling the media and remove the
execution time restriction.
* Made res_agi.c:run_agi() running an AGI in an interception routine run
in DeadAGI mode. No touchy channel frames.
ASTERISK-25951
ASTERISK-26343
ASTERISK-26716
Change-Id: I638f147ca7a7f2590d7194a8ef4090eb191e4e43
There are several issues with deferring frames that are caused by the
refactoring.
1) The code deferring frames mishandles adding a deferred frame to the
deferred queue. As a result the deferred queue can only be one frame
long.
2) Deferrable frames can come directly from the channel driver as well as
the read queue. These frames need to be added to the deferred queue.
3) Whoever is deferring frames is really only doing the __ast_read() to
collect deferred frames and doesn't care about the returned frames except
to detect a hangup event. When frame deferral is completed we must make
the normal frame processing see the hangup as a frame anyway. As such,
there is no need to have varying hangup frame deferral methods. We also
need to be aware of the AST_SOFTHANGUP_ASYNCGOTO hangup that isn't real.
That fake hangup is to cause the PBX thread to break out of loops to go
execute a new dialplan location.
4) To properly deal with deferrable frames from the channel driver as
pointed out by (2) above, means that it is possible to process a dialplan
interception routine while frames are deferred because of the
AST_CONTROL_READ_ACTION control frame. Deferring frames is not
implemented as a re-entrant operation so you could have the unsupported
case of two sections of code thinking they have control of the media
stream.
A worse problem is because of the bad implementation of the AMI PlayDTMF
action. It can cause two threads to be deferring frames on the same
channel at the same time. (ASTERISK_25940)
* Rather than fix all these problems simply revert the API refactoring as
there is going to be only autoservice and safe_sleep deferring frames
anyway.
ASTERISK-26343
ASTERISK-26716 #close
Change-Id: I45069c779aa3a35b6c863f65245a6df2c7865496
Corey Farrell
George Joseph
Walter Doekes
Sean Bright
Joshua Colp
Alexander Traud
zuul
Sebastian Gutierrez
Aaron An
Richard Mudgett
Matt Jordan
Daniel Journo
Joshua Elson
Tzafrir Cohen