In r413586 (1.8) various casts were added to silence gcc 4.10 warnings.
Those fixes included things like:
-out += sprintf(out, "%%%02X", (unsigned char) *ptr);
+out += sprintf(out, "%%%02X", (unsigned) *ptr);
That works for low ascii characters, but for the high range that yields
e.g. FFFFFFC3 when C3 is expected.
This changeset:
- fixes those casts to use the 'hh' unsigned char modifier instead
- consistently uses %02x instead of %2.2x (or other non-standard usage)
- adds a few 'h' modifiers in various places
- fixes a 'replcaes' typo
- dev/urandon typo (in 13+ patch)
Review: https://reviewboard.asterisk.org/r/4263/
ASTERISK-24619 #close
Reported by: Stefan27 (on IRC)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429673 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch started with David Lee's patch at
https://reviewboard.asterisk.org/r/2826/ and includes a regression fix
introduced by the ASTERISK-22455 patch.
The initialization of a mutex's lock tracking structure was not protected
in a critical section. This is fine for any mutex that is explicitly
initialized, but a static mutex may have its lock tracking double
initialized if multiple threads attempt the first lock simultaneously.
* Added a global mutex to properly serialize initialization of the lock
tracking structure. The painful global lock can be mitigated by adding a
double checked lock flag as discussed on the original review request.
* Defer lock tracking initialization until first use.
* Don't be "helpful" and initialize an uninitialized lock when
DEBUG_THREADS is enabled. Debug code is not supposed to fix or change
normal code behavior. We don't need a lock initialization race that would
force a re-setup of lock tracking. Lock tracking already handles
initialization on first use.
* Properly handle allocation failures of the lock tracking structure.
* No need to initialize tracking data in __ast_pthread_mutex_destroy()
just to turn around and destroy it.
The regression introduced by ASTERISK-22455 is the result of manipulating
a pthread_mutex_t struct outside of the pthread library code. The
pthread_mutex_t struct seems to have a global linked list pointer member
that can get changed by other threads. Therefore, saving and restoring
the contents of a pthread_mutex_t struct is a bad thing.
Thanks to Thomas Airmont for finding this obscure regression.
* Don't overwrite the struct ast_lock_track.reentr_mutex member to restore
tracking data in __ast_cond_wait() and __ast_cond_timedwait(). The
pthread_mutex_t struct must be treated as a read-only opaque variable.
Miscellaneous other items fixed by this patch:
* Match ast_suspend_lock_info() with ast_restore_lock_info() in
__ast_cond_timedwait().
* Made some uninitialized lock sanity checks return EINVAL and try a
DO_THREAD_CRASH.
* Fix bad canlog initialization expressions.
ASTERISK-24614 #close
Reported by: Thomas Airmont
Review: https://reviewboard.asterisk.org/r/4247/
Review: https://reviewboard.asterisk.org/r/2826/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429539 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When shutting down Asterisk that has an active AMI connection, you get
several "failed to extend from %d to %d" messages because use of the
EVENT_FLAG_SHUTDOWN attempts to add all AMI permission strings to the
event.
* Created MAX_AUTH_PERM_STRING to use when creating stack based struct
ast_str variables used with the authority_to_str() and
user_authority_to_str() functions instead of a variety of magic numbers
that could be too small.
* Added a special check for EVENT_FLAG_SHUTDOWN to authority_to_str() so
it will not attempt to add all permission level strings.
Review: https://reviewboard.asterisk.org/r/4200/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428570 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.
ASTERISK-24469 #close
Reported by Matt Jordan
Patches:
ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)
AST-2014-012
........
Merged revisions 428402 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428417 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Under load it was possible for the bridging API, and thus ConfBridge, to get
channels that may have hung up stuck in it. This is because handling of state
transitions for a bridged channel within a bridge was not protected and simply
set the new state without regard to the existing state. If the existing state
had been hung up this would get overwritten.
This change adds locking to protect changing of the state and also
takes into consideration the existing state.
ASTERISK-24440 #close
Reported by: Ben Klang
Review: https://reviewboard.asterisk.org/r/4173/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428299 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When sending the USERNAME attribute in an RTP STUN
response, the implementation in append_attr_string
passed the actual length, instead of padding it up
to a multiple of four bytes as required by the RFC
3489. This change adds separate variables for the
string and padded attributed lengths, and performs
padding correctly.
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/4139/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427874 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If during the operation of adding an extension a priority is added but
fails it is possible for the extension to be freed but still exist in
the PBX core. If this occurs subsequent lookups may try to access the
extension and end up in freed memory.
This change removes the extension from the PBX core when the priority
addition fails and then frees the extension.
ASTERISK-24444 #close
Reported by: Leandro Dardini
Review: https://reviewboard.asterisk.org/r/4162/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427709 65c4cc65-6c06-0410-ace0-fbb531ad65f3
fn_wrapper only adds a reference to the format's module if the file
was able to be opened. If not this causes an unmatched
ast_module_unref in filestream_destructor. Move ast_module_ref to
get_stream.
ASTERISK-24492 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4149/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427464 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a config file is read, an unescaped semicolon signals comments which are
stripped from the value before it's stored. Escaped semicolons are then
unescaped and become part of the value. Both of these behaviors are normal
and expected. When the config is serialized either by 'dialplan save' or
AMI/UpdateConfig however, the now unescaped semicolons are written as-is.
If you actually reload the file just saved, the unescaped semicolons are
now treated as start of comments.
Since true comments are stripped on read, any semicolons in
ast_variable.value must have been escaped originally. This patch
re-escapes semicolons in ast_variable.values before they're written to
file either by 'dialplan save' or config/ast_config_text_file_save which
is called by AMI/UpdateConfig. I also fixed a few pre-existing formatting
issues nearby in pbx_config.c
Tested-by: George Joseph
ASTERISK-20127 #close
Review: https://reviewboard.asterisk.org/r/4132/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427328 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.
11+: Fix leak of ast_writestream recording_fs in
app_voicemail:leave_voicemail.
ASTERISK-24476 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4138/
........
Merged revisions 427023 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427024 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425986 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If SendMessage encounters an error (such as incorrect input provided to the
action), it will currently return -1. Actions should only return -1 if the
connection to the AMI client should be closed. In this case, SendMessage
causing the client to disconnect is inappropriate.
This patch causes the action to return 0, which simply causes the action to
fail.
Review: https://reviewboard.asterisk.org/r/4024
ASTERISK-24354 #close
Reported by: Peter Katzmann
patches:
sendMessage.patch uploaded by Peter Katzmann (License 5968)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424690 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Make astob2 REF_DEBUG output an invalid object line when an invalid ao2
object ref/unref is attempted. This is similar to the
constructor/destructor lines.
* Fixed refcounter.py to handle skewed objects that have
constructor/destructor states.
* Made refcounter.py highlight the invalid ao2 object refs by putting them
in their own section of the processed output file.
* Made refcounter.py highlight unreffing an object by more than one that
results in a negative ref count and the object being destroyed. The
abnormally destroyed object is reported in the invalid and finalized
object sections of the output.
Review: https://reviewboard.asterisk.org/r/3971/
........
Merged revisions 423349 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@423400 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If you call ast_category_insert with a match category that doesn't exist, the
list traverse runs out of 'next' categories and you get a SEGV. This patch
adds check for the end-of-list condition and changes the signature to return
an int for success/failure indication instead of a void.
The only consumer of this function is manager and it was also changed to use
the return value.
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3993/
........
Merged revisions 423276 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@423277 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This fixes a situation in Asterisk 1.8 and 11 where ast_channel_bridge
could cause a bouncing native bridge. In the case of the
dial_LS_options test, this was a remote RTP bridge which caused the
audio path to continually cycle between Asterisk and the remote
endpoints generating a large number of SIP messages and delaying the
test long enough to cause it to fail (checking timing was part of the
test). The root cause was that the code to decide whether to use native
bridging was expecting a time-remaining value of 0 to be the default
instead of the actual default value of -1. A value of 0 or negative
numbers could also be generated by preceding code in some
circumstances. Both issues are addressed in this patch.
ASTERISK-24211 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/3987/
........
Merged revisions 423006 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@423010 65c4cc65-6c06-0410-ace0-fbb531ad65f3
ast_config_text_file_save() currently truncates include files as they
are processed. If a subsequent include file or the main config file has
a permissions error that prevents writing, earlier include files are left
truncated resulting in a frantic search for backups.
This patch causes ast_config_text_file_save to check for write access
on all files before it truncates any of them.
Will be applied 1.8 > trunk.
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3986/
........
Merged revisions 422900 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@422903 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Moving the test event raised when a file is played back (which occurred in
r421059) broke the ever loving snot out of the voicemail tests. This caused
duplicate test events to get raised, as app_voicemail and main/app were raising
events prior to call ast_streamfile. The voicemail tests did not enjoy getting
multiple events.
Since raising the playback event in ast_streamfile is far more useful to the
vast majority of tests, this patch keeps the call there and simply removes the
extraneous calls that duplicated the event.
........
Merged revisions 421125 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@421164 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r399267, the verbose2magic stuff was edited. This time it results
in magic characters in the log files for multiline messages.
In trunk (and 13) this was fixed by the "stripping" of those
characters from multiline messages (in r414798).
This is a backport of that fix to 11. That fix is altered to actually
strip the characters and not replace them with blanks.
Review: https://reviewboard.asterisk.org/r/3901/
Review: https://reviewboard.asterisk.org/r/3902/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@420897 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If the space left in a stringfield is between 0 and
(alignof(ast_string_field_allocation)-1) adding new data would cause
memory corruption, because we would assume enough space (unsigned
underrun).
Thanks Arnd Schmitter for reporting and finding out the cause!
ASTERISK-23508 #close
Reported by: Arnd Schmitter
Tested by: Arnd Schmitter, JoshE
Review: https://reviewboard.asterisk.org/r/3898/
........
Merged revisions 420680 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@420715 65c4cc65-6c06-0410-ace0-fbb531ad65f3
ASTERISK-23818 (lua contexts being overwritten by contexts of the same name in
pbx_config) surfaced because pbx_lua, having the AST_MODFLAG_GLOBAL_SYMBOLS
set, was always force loaded before pbx_config. Since I couldn't find any
reason for pbx_lua to export it's symbols to the rest of Asterisk, I simply
changed the flag to AST_MODFLAG_DEFAULT. Problem solved. What I didn't
realize was that the symbols need to be exported not because Asterisk needs
them but because any external Lua modules like luasql.mysql need the base
Lua language APIs exported (ASTERISK-17279).
Back to ASTERISK-23818... It looks like there's an issue in pbx.c where
context_merge was only merging includes, switches and ignore patterns if
the context was already existing AND has extensions, or if the context was
brand new. If pbx_lua is loaded before pbx_config, the context will exist
BUT pbx_lua, being implemented as a switch, will never place extensions in
it, just the switch statement. The result is that when pbx_config loads,
it never merges the switch statement created by pbx_lua into the final
context.
This patch sets pbx_lua's modflag back to AST_MODFLAG_GLOBAL_SYMBOLS and adds
an "else if" in context_merge that catches the case where an existing context
has includes, switchs or ingore patterns but no actual extensions.
ASTERISK-23818 #close
Reported by: Dennis Guse
Reported by: Timo Teräs
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3891/
........
Merged revisions 420146 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@420147 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Using DYNAMIC_FEATURES with a Gosub application as the mapped application
does not work. It does not work because Gosub just pushes the current
dialplan context, exten, and priority onto a stack and sets the specified
Gosub location. Gosub does not have a dialplan execution loop to run
dialplan like Macro.
* Made the DYNAMIC_FEATURES application mapping feature call
ast_app_exec_macro() and ast_app_exec_sub() for the Macro and Gosub
applications respectively.
* Backported ast_app_exec_macro() and ast_app_exec_sub() from v11 to
execute dialplan routines from the DYNAMIC_FEATURES application mapping
feature.
NOTE: This issue does not affect v12+ because it already does what this
patch implements.
AST-1391 #close
Reported by: Guenther Kelleter
Review: https://reviewboard.asterisk.org/r/3844/
........
Merged revisions 419630 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@419631 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When the PresenceState action is executed, the nominal path fails to include
the ActionID in the successful response. This patch adds a call to
astman_start_ack, which guarantees that an ActionID (if provided) will be
sent back to the AMI client.
Review: https://reviewboard.asterisk.org/r/3776/
ASTERISK-23985 #close
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@418713 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A loop in ast_careful_fwrite exists that will continually attempt to write to
a file stream, even in the presence of EAGAIN/EINTR errors. However, if a
connection that uses ast_careful_fwrite closes suddenly, ast_careful_fwrite's
call to fflush may return EAGAIN/EINTER along with EOF. A subsequent call to
fflush will return EOF but not clear errno, resulting in an infinite loop.
This patch clears errno after it is detected and handled the loop, such that
any subsequent call to fflush will not get erroneously stuck.
Review: https://reviewboard.asterisk.org/r/3704
#ASTERISK-23984 #close
Reported by: Steve Davies
patches:
fflush_loop_fix uploaded by one47 (License 5012)
........
Merged revisions 417797 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@417798 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change fixes up DTLS support in res_rtp_asterisk so it can accept and provide
a SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after ICE negotiation
completes. Configuration options to chan_sip have also been added to allow behavior
to be tweaked (such as forcing the AVP type media transports in SDP).
ASTERISK-22961 #close
Reported by: Jay Jideliov
Review: https://reviewboard.asterisk.org/r/3679/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@417677 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When using FEC, with span=3 and entries=4 Asterisk will attempt to repair
the packet with sequence number 5, as it will see that packet -4 is
missing. The result is Asterisk sending garbage packets that can kill a
fax.
This patch adds a check to see if the sequence number is valid before
checking if the packet is missing.
Review: https://reviewboard.asterisk.org/r/3657/
#ASTERISK-23908 #close
Reported by: Torrey Searle
patches:
udptl_fec.patch uploaded by Torrey Searle (License 5334)
........
Merged revisions 417318 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@417320 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Simply establishing a TCP connection and never sending anything to the
configured HTTP port in http.conf will tie up a HTTP connection. Since
there is a maximum number of open HTTP sessions allowed at a time you can
block legitimate connections.
A similar problem exists if a HTTP request is started but never finished.
* Added http.conf session_inactivity timer option to close HTTP
connections that aren't doing anything. Defaults to 30000 ms.
* Removed the undocumented manager.conf block-sockets option. It
interferes with TCP/TLS inactivity timeouts.
* AMI and SIP TLS connections now have better authentication timeout
protection. Though I didn't remove the bizzare TLS timeout polling code
from chan_sip.
* chan_sip can now handle SSL certificate renegotiations in the middle of
a session. It couldn't do that before because the socket was non-blocking
and the SSL calls were not restarted as documented by the OpenSSL
documentation.
* Fixed an off nominal leak of the ssl struct in
handle_tcptls_connection() if the FILE stream failed to open and the SSL
certificate negotiations failed.
The patch creates a custom FILE stream handler to give the created FILE
streams inactivity timeout and timeout after a specific moment in time
capability. This approach eliminates the need for code using the FILE
stream to be redesigned to deal with the timeouts.
This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of
the SSL_read/SSL_write operations.
ASTERISK-23673 #close
Reported by: Richard Mudgett
........
Merged revisions 415841 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@415854 65c4cc65-6c06-0410-ace0-fbb531ad65f3