Importing release summary for 1.8.3.1 release.

git-svn-id: https://origsvn.digium.com/svn/asterisk/tags/1.8.3.1@311004 65c4cc65-6c06-0410-ace0-fbb531ad65f3

.lastclean

@@ -0,0 +1,3 @@
+38
+
+

.version

@@ -0,0 +1 @@
+1.8.3.1

apps/app_queue.c

@@ -3558,7 +3558,6 @@ static struct callattempt *wait_for_answer(struct queue_ent *qe, struct callatte
 								ast_moh_stop(qe->chan);
 								ast_indicate(qe->chan, AST_CONTROL_RINGING);
 							}
-							ast_indicate(in, AST_CONTROL_RINGING);
 							break;
 						case AST_CONTROL_OFFHOOK:
 							/* Ignore going off hook */

asterisk-1.8.3.1-summary.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Release Summary - asterisk-1.8.3.1</title></head>
+<body>
+<h1 align="center"><a name="top">Release Summary</a></h1>
+<h3 align="center">asterisk-1.8.3.1</h3>
+<h3 align="center">Date: 2011-03-16</h3>
+<h3 align="center">&lt;asteriskteam@digium.com&gt;</h3>
+<hr/>
+<h2 align="center">Table of Contents</h2>
+<ol>
+   <li><a href="#summary">Summary</a></li>
+   <li><a href="#contributors">Contributors</a></li>
+   <li><a href="#commits">Other Changes</a></li>
+   <li><a href="#diffstat">Diffstat</a></li>
+</ol>
+<hr/>
+<a name="summary"><h2 align="center">Summary</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This release has been made to address one or more security vulnerabilities that have been identified.  A security advisory document has been published for each vulnerability that includes additional information.  Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p>
+<p>Security Advisories: <a href="http://downloads.asterisk.org/pub/security/AST-2011-003.html">AST-2011-003</a>, <a href="http://downloads.asterisk.org/pub/security/AST-2011-004.html">AST-2011-004</a></p>
+<p>The data in this summary reflects changes that have been made since the previous release, asterisk-1.8.3.</p>
+<hr/>
+<a name="contributors"><h2 align="center">Contributors</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release.  For coders, the number is how many of their patches (of any size) were committed into this release.  For testers, the number is the number of times their name was listed as assisting with testing a patch.  Finally, for reporters, the number is the number of issues that they reported that were closed by commits that went into this release.</p>
+<table width="100%" border="0">
+<tr>
+<td width="33%"><h3>Coders</h3></td>
+<td width="33%"><h3>Testers</h3></td>
+<td width="33%"><h3>Reporters</h3></td>
+</tr>
+<tr valign="top">
+<td>
+2 lmadsen<br/>
+1 twilson<br/>
+</td>
+<td>
+</td>
+<td>
+</td>
+</tr>
+</table>
+<hr/>
+<a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This is a list of all changes that went into this release that did not directly close an issue from the issue tracker.  The commits may have been marked as being related to an issue.  If that is the case, the issue numbers are listed here, as well.</p>
+<table width="100%" border="1">
+<tr><td><b>Revision</b></td><td><b>Author</b></td><td><b>Summary</b></td><td><b>Issues Referenced</b></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/1.8.3.1?view=revision&revision=310982">310982</a></td><td>lmadsen</td><td>Create Asterisk 1.8.3.1 from 1.8.3</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/1.8.3.1?view=revision&revision=310985">310985</a></td><td>twilson</td><td>AST-2011-003 and AST-2011-004</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/1.8.3.1?view=revision&revision=310987">310987</a></td><td>lmadsen</td><td>Update .version and ChangeLog.</td>
+<td></td></tr></table>
+<hr/>
+<a name="diffstat"><h2 align="center">Diffstat Results</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p>
+<pre>
+.version                    |    2
+ChangeLog                   |    8
+asterisk-1.8.3-summary.html |  536 ------------------------------------
+asterisk-1.8.3-summary.txt  |  653 --------------------------------------------
+main/manager.c              |   14
+main/tcptls.c               |    8
+6 files changed, 24 insertions(+), 1197 deletions(-)
+</pre><br/>
+<hr/>
+</body>
+</html>

asterisk-1.8.3.1-summary.txt

@@ -0,0 +1,95 @@
+                                Release Summary
+
+                                asterisk-1.8.3.1
+
+                                Date: 2011-03-16
+
+                           <asteriskteam@digium.com>
+
+     ----------------------------------------------------------------------
+
+                               Table of Contents
+
+    1. Summary
+    2. Contributors
+    3. Other Changes
+    4. Diffstat
+
+     ----------------------------------------------------------------------
+
+                                    Summary
+
+                                 [Back to Top]
+
+   This release has been made to address one or more security vulnerabilities
+   that have been identified. A security advisory document has been published
+   for each vulnerability that includes additional information. Users of
+   versions of Asterisk that are affected are strongly encouraged to review
+   the advisories and determine what action they should take to protect their
+   systems from these issues.
+
+   Security Advisories: AST-2011-003, AST-2011-004
+
+   The data in this summary reflects changes that have been made since the
+   previous release, asterisk-1.8.3.
+
+     ----------------------------------------------------------------------
+
+                                  Contributors
+
+                                 [Back to Top]
+
+   This table lists the people who have submitted code, those that have
+   tested patches, as well as those that reported issues on the issue tracker
+   that were resolved in this release. For coders, the number is how many of
+   their patches (of any size) were committed into this release. For testers,
+   the number is the number of times their name was listed as assisting with
+   testing a patch. Finally, for reporters, the number is the number of
+   issues that they reported that were closed by commits that went into this
+   release.
+
+     Coders                   Testers                  Reporters              
+   2 lmadsen                
+   1 twilson                
+
+     ----------------------------------------------------------------------
+
+                      Commits Not Associated with an Issue
+
+                                 [Back to Top]
+
+   This is a list of all changes that went into this release that did not
+   directly close an issue from the issue tracker. The commits may have been
+   marked as being related to an issue. If that is the case, the issue
+   numbers are listed here, as well.
+
+   +------------------------------------------------------------------------+
+   | Revision | Author  | Summary                       | Issues Referenced |
+   |----------+---------+-------------------------------+-------------------|
+   | 310982   | lmadsen | Create Asterisk 1.8.3.1 from  |                   |
+   |          |         | 1.8.3                         |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 310985   | twilson | AST-2011-003 and AST-2011-004 |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 310987   | lmadsen | Update .version and           |                   |
+   |          |         | ChangeLog.                    |                   |
+   +------------------------------------------------------------------------+
+
+     ----------------------------------------------------------------------
+
+                                Diffstat Results
+
+                                 [Back to Top]
+
+   This is a summary of the changes to the source code that went into this
+   release that was generated using the diffstat utility.
+
+ .version                    |    2
+ ChangeLog                   |    8
+ asterisk-1.8.3-summary.html |  536 ------------------------------------
+ asterisk-1.8.3-summary.txt  |  653 --------------------------------------------
+ main/manager.c              |   14
+ main/tcptls.c               |    8
+ 6 files changed, 24 insertions(+), 1197 deletions(-)
+
+     ----------------------------------------------------------------------

include/asterisk/res_fax.h

@@ -58,10 +58,8 @@ enum ast_fax_modems {
 
 /*! \brief current state of a fax session */
 enum ast_fax_state {
-	/*! reserved state */
-	AST_FAX_STATE_RESERVED = 0,
 	/*! uninitialized state */
-	AST_FAX_STATE_UNINITIALIZED,
+	AST_FAX_STATE_UNINITIALIZED = 0,
 	/*! initialized state */
 	AST_FAX_STATE_INITIALIZED,
 	/*! fax resources open state */
@@ -70,6 +68,10 @@ enum ast_fax_state {
 	AST_FAX_STATE_ACTIVE,
 	/*! fax session complete */
 	AST_FAX_STATE_COMPLETE,
+	/*! reserved state */
+	AST_FAX_STATE_RESERVED,
+	/*! inactive state */
+	AST_FAX_STATE_INACTIVE,
 };
 
 /*! \brief fax session options */
@@ -186,8 +188,6 @@ struct ast_fax_session {
 	unsigned long frames_sent;
 	/*! the fax technology callbacks */
 	const struct ast_fax_tech *tech;
-	/*! the token used to reserve this session */
-	struct ast_fax_tech_token *token;
 	/*! private implementation pointer */
 	void *tech_pvt;
 	/*! fax state */
@@ -202,10 +202,6 @@ struct ast_fax_session {
 	struct ast_fax_debug_info *debug_info;
 	/*! used to take variable-sized frames in and output frames of an expected size to the fax stack */
 	struct ast_smoother *smoother;
-
-	/*! some flags to track the stat counters for this session */
-	unsigned int reserved:1;
-	unsigned int active:1;
 };
 
 /*! \brief used to register a FAX technology module with res_fax */
@@ -250,14 +246,6 @@ struct ast_fax_tech {
 	char * (* const cli_show_settings)(int);
 };
 
-/*! \brief used by res_fax to reserve a FAX session */
-struct ast_fax_tech_token {
-	/*! the fax technology callbacks */
-	const struct ast_fax_tech *tech;
-	/*! private implementation pointer */
-	void *tech_pvt;
-};
-
 /*! \brief register a fax technology */
 int ast_fax_tech_register(struct ast_fax_tech *tech);
 

main/features.c

@@ -4108,7 +4108,7 @@ int manage_parkinglot(struct ast_parkinglot *curlot, const struct pollfd *pfds,
 					continue;
 				}
 
-				if (!(pfds[y].revents & (POLLIN | POLLERR))) {
+				if (!(pfds[y].revents & (POLLIN | POLLERR | POLLPRI))) {
 					/* Next x */
 					continue;
 				}
@@ -4167,7 +4167,7 @@ std:			for (x = 0; x < AST_MAX_FDS; x++) {	/* mark fds for next round */
 						}
 						*new_pfds = tmp;
 						(*new_pfds)[*new_nfds].fd = chan->fds[x];
-						(*new_pfds)[*new_nfds].events = POLLIN | POLLERR;
+						(*new_pfds)[*new_nfds].events = POLLIN | POLLERR | POLLPRI;
 						(*new_pfds)[*new_nfds].revents = 0;
 						(*new_nfds)++;
 					}

main/manager.c

@@ -971,6 +971,7 @@ struct mansession {
 	struct ast_tcptls_session_instance *tcptls_session;
 	FILE *f;
 	int fd;
+	int write_error:1;
 	struct manager_custom_hook *hook;
 	ast_mutex_t lock;
 };
@@ -1844,6 +1845,7 @@ int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg)
  */
 static int send_string(struct mansession *s, char *string)
 {
+	int res;
 	/* It's a result from one of the hook's action invocation */
 	if (s->hook) {
 		/*
@@ -1852,11 +1854,13 @@ static int send_string(struct mansession *s, char *string)
 		 */
 		s->hook->helper(EVENT_FLAG_HOOKRESPONSE, "HookResponse", string);
 		return 0;
-	} else if (s->f) {
-		return ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout);
-	} else {
-		return ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout);
+	}	else if (s->f && (res = ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout))) {
+		s->write_error = 1;
+	} else if ((res = ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout))) {
+		s->write_error = 1;
 	}
+
+	return res;
 }
 
 /*!
@@ -4671,7 +4675,7 @@ static void *session_do(void *data)
 	ao2_unlock(session);
 	astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION);	/* welcome prompt */
 	for (;;) {
-		if ((res = do_message(&s)) < 0) {
+		if ((res = do_message(&s)) < 0 || s.write_error) {
 			break;
 		}
 	}
@@ -4787,7 +4791,7 @@ int __ast_manager_event_multichan(int category, const char *event, int chancount
 	struct ast_str *buf;
 	int i;
 
-	if (!sessions && AST_RWLIST_EMPTY(&manager_hooks)) {
+	if (!(sessions && ao2_container_count(sessions)) && AST_RWLIST_EMPTY(&manager_hooks)) {
 		return 0;
 	}
 	

main/tcptls.c

@@ -139,8 +139,12 @@ static void *handle_tcptls_connection(void *data)
 	* open a FILE * as appropriate.
 	*/
 	if (!tcptls_session->parent->tls_cfg) {
-		tcptls_session->f = fdopen(tcptls_session->fd, "w+");
-		setvbuf(tcptls_session->f, NULL, _IONBF, 0);
+		if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) {
+			if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
+				fclose(tcptls_session->f);
+				tcptls_session->f = NULL;
+			}
+		}
 	}
 #ifdef DO_SSL
 	else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {

main/udptl.c

@@ -218,38 +218,29 @@ static int decode_length(uint8_t *buf, unsigned int limit, unsigned int *len, un
 	}
 	*pvalue = (buf[*len] & 0x3F) << 14;
 	(*len)++;
-	/* Indicate we have a fragment */
+	/* We have a fragment.  Currently we don't process fragments. */
+	ast_debug(1, "UDPTL packet with length greater than 16K received, decoding will fail\n");
 	return 1;
 }
 /*- End of function --------------------------------------------------------*/
 
 static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len, const uint8_t **p_object, unsigned int *p_num_octets)
 {
-	unsigned int octet_cnt;
-	unsigned int octet_idx;
-	unsigned int i;
-	int length; /* a negative length indicates the limit has been reached in decode_length. */
-	const uint8_t **pbuf;
+	unsigned int octet_cnt = 0;
 
-	for (octet_idx = 0, *p_num_octets = 0; ; octet_idx += octet_cnt) {
-		octet_cnt = 0;
-		if ((length = decode_length(buf, limit, len, &octet_cnt)) < 0)
+	if (decode_length(buf, limit, len, &octet_cnt) != 0)
+		return -1;
+
+	if (octet_cnt > 0) {
+		/* Make sure the buffer contains at least the number of bits requested */
+		if ((*len + octet_cnt) > limit)
 			return -1;
-		if (octet_cnt > 0) {
-			*p_num_octets += octet_cnt;
 
-			pbuf = &p_object[octet_idx];
-			i = 0;
-			/* Make sure the buffer contains at least the number of bits requested */
-			if ((*len + octet_cnt) > limit)
-				return -1;
-
-			*pbuf = &buf[*len];
-			*len += octet_cnt;
-		}
-		if (length == 0)
-			break;
+		*p_num_octets = octet_cnt;
+		*p_object = &buf[*len];
+		*len += octet_cnt;
 	}
+
 	return 0;
 }
 /*- End of function --------------------------------------------------------*/
@@ -336,8 +327,8 @@ static int udptl_rx_packet(struct ast_udptl *s, uint8_t *buf, unsigned int len)
 	const uint8_t *data;
 	unsigned int ifp_len;
 	int repaired[16];
-	const uint8_t *bufs[16];
-	unsigned int lengths[16];
+	const uint8_t *bufs[ARRAY_LEN(s->f) - 1];
+	unsigned int lengths[ARRAY_LEN(s->f) - 1];
 	int span;
 	int entries;
 	int ifp_no;
@@ -367,13 +358,13 @@ static int udptl_rx_packet(struct ast_udptl *s, uint8_t *buf, unsigned int len)
 			do {
 				if ((stat2 = decode_length(buf, len, &ptr, &count)) < 0)
 					return -1;
-				for (i = 0; i < count; i++) {
+				for (i = 0; i < count && total_count + i < ARRAY_LEN(bufs); i++) {
 					if ((stat1 = decode_open_type(buf, len, &ptr, &bufs[total_count + i], &lengths[total_count + i])) != 0)
 						return -1;
 				}
-				total_count += count;
+				total_count += i;
 			}
-			while (stat2 > 0);
+			while (stat2 > 0 && total_count < ARRAY_LEN(bufs));
 			/* Step through in reverse order, so we go oldest to newest */
 			for (i = total_count; i > 0; i--) {
 				if (seq_no - i >= s->rx_seq_no) {
@@ -436,6 +427,9 @@ static int udptl_rx_packet(struct ast_udptl *s, uint8_t *buf, unsigned int len)
 		if (ptr + 1 > len)
 			return -1;
 		entries = buf[ptr++];
+		if (entries > MAX_FEC_ENTRIES) {
+			return -1;
+		}
 		s->rx[x].fec_entries = entries;
 
 		/* Decode the elements */

res/res_fax.c

@@ -638,6 +638,10 @@ const char *ast_fax_state_to_str(enum ast_fax_state state)
 		return "Active";
 	case AST_FAX_STATE_COMPLETE:
 		return "Complete";
+	case AST_FAX_STATE_RESERVED:
+		return "Reserved";
+	case AST_FAX_STATE_INACTIVE:
+		return "Inactive";
 	default:
 		ast_log(LOG_WARNING, "unhandled FAX state: %d\n", state);
 		return "Unknown";
@@ -678,16 +682,15 @@ static unsigned int fax_rate_str_to_int(const char *ratestr)
 	}
 }
 
-static void fax_session_release(struct ast_fax_session *s)
+static void fax_session_release(struct ast_fax_session *s, struct ast_fax_tech_token *token)
 {
-	if (s->token) {
-		s->tech->release_token(s->token);
-		s->token = NULL;
+	if (token) {
+		s->tech->release_token(token);
 	}
 
-	if (s->reserved) {
+	if (s->state == AST_FAX_STATE_RESERVED) {
 		ast_atomic_fetchadd_int(&faxregistry.reserved_sessions, -1);
-		s->reserved = 0;
+		s->state = AST_FAX_STATE_INACTIVE;
 	}
 }
 
@@ -697,7 +700,7 @@ static void destroy_session(void *session)
 	struct ast_fax_session *s = session;
 
 	if (s->tech) {
-		fax_session_release(s);
+		fax_session_release(s, NULL);
 		if (s->tech_pvt) {
 			s->tech->destroy_session(s);
 		}
@@ -717,16 +720,15 @@ static void destroy_session(void *session)
 		ast_smoother_free(s->smoother);
 	}
 
-	if (s->active) {
+	if (s->state != AST_FAX_STATE_INACTIVE) {
 		ast_atomic_fetchadd_int(&faxregistry.active_sessions, -1);
-		s->active = 0;
 	}
 
 	ast_free(s->channame);
 	ast_free(s->chan_uniqueid);
 }
 
-static struct ast_fax_session *fax_session_reserve(struct ast_fax_session_details *details)
+static struct ast_fax_session *fax_session_reserve(struct ast_fax_session_details *details, struct ast_fax_tech_token **token)
 {
 	struct ast_fax_session *s;
 	struct fax_module *faxmod;
@@ -736,7 +738,7 @@ static struct ast_fax_session *fax_session_reserve(struct ast_fax_session_detail
 		return NULL;
 	}
 
-	s->state = AST_FAX_STATE_RESERVED;
+	s->state = AST_FAX_STATE_INACTIVE;
 
 	/* locate a FAX technology module that can handle said requirements
 	 * Note: the requirements have not yet been finalized as T.38
@@ -764,19 +766,19 @@ static struct ast_fax_session *fax_session_reserve(struct ast_fax_session_detail
 		return s;
 	}
 
-	if (!(s->token = s->tech->reserve_session(s))) {
+	if (!(*token = s->tech->reserve_session(s))) {
 		ao2_ref(s, -1);
 		return NULL;
 	}
 
-	s->reserved = 1;
+	s->state = AST_FAX_STATE_RESERVED;
 	ast_atomic_fetchadd_int(&faxregistry.reserved_sessions, 1);
 
 	return s;
 }
 
 /*! \brief create a FAX session */
-static struct ast_fax_session *fax_session_new(struct ast_fax_session_details *details, struct ast_channel *chan, struct ast_fax_session *reserved)
+static struct ast_fax_session *fax_session_new(struct ast_fax_session_details *details, struct ast_channel *chan, struct ast_fax_session *reserved, struct ast_fax_tech_token *token)
 {
 	struct ast_fax_session *s = NULL;
 	struct fax_module *faxmod;
@@ -786,9 +788,9 @@ static struct ast_fax_session *fax_session_new(struct ast_fax_session_details *d
 		s = reserved;
 		ao2_ref(reserved, +1);
 
-		if (s->reserved) {
+		if (s->state == AST_FAX_STATE_RESERVED) {
 			ast_atomic_fetchadd_int(&faxregistry.reserved_sessions, -1);
-			s->reserved = 0;
+			s->state = AST_FAX_STATE_UNINITIALIZED;
 		}
 	}
 
@@ -796,18 +798,19 @@ static struct ast_fax_session *fax_session_new(struct ast_fax_session_details *d
 		return NULL;
 	}
 
-	s->active = 1;
 	ast_atomic_fetchadd_int(&faxregistry.active_sessions, 1);
 	s->state = AST_FAX_STATE_UNINITIALIZED;
 
 	if (details->option.debug && (details->caps & AST_FAX_TECH_AUDIO)) {
 		if (!(s->debug_info = ast_calloc(1, sizeof(*(s->debug_info))))) {
+			fax_session_release(s, token);
 			ao2_ref(s, -1);
 			return NULL;
 		}
 		if (!(s->debug_info->dsp = ast_dsp_new())) {
 			ast_free(s->debug_info);
 			s->debug_info = NULL;
+			fax_session_release(s, token);
 			ao2_ref(s, -1);
 			return NULL;
 		}
@@ -815,11 +818,13 @@ static struct ast_fax_session *fax_session_new(struct ast_fax_session_details *d
 	}	
 
 	if (!(s->channame = ast_strdup(chan->name))) {
+		fax_session_release(s, token);
 		ao2_ref(s, -1);
 		return NULL;
 	}
 
 	if (!(s->chan_uniqueid = ast_strdup(chan->uniqueid))) {
+		fax_session_release(s, token);
 		ao2_ref(s, -1);
 		return NULL;
 	}
@@ -830,7 +835,7 @@ static struct ast_fax_session *fax_session_new(struct ast_fax_session_details *d
 
 	details->id = s->id = ast_atomic_fetchadd_int(&faxregistry.nextsessionname, 1);
 
-	if (!s->tech) {
+	if (!token) {
 		/* locate a FAX technology module that can handle said requirements */
 		AST_RWLIST_RDLOCK(&faxmodules);
 		AST_RWLIST_TRAVERSE(&faxmodules, faxmod, list) {
@@ -851,7 +856,7 @@ static struct ast_fax_session *fax_session_new(struct ast_fax_session_details *d
 		}
 	}
 
-	if (!(s->tech_pvt = s->tech->new_session(s, s->token))) {
+	if (!(s->tech_pvt = s->tech->new_session(s, token))) {
 		ast_log(LOG_ERROR, "FAX session failed to initialize.\n");
 		ao2_ref(s, -1);
 		return NULL;
@@ -1116,7 +1121,7 @@ static struct ast_control_t38_parameters our_t38_parameters = {
 };
 
 /*! \brief this is the generic FAX session handling function */
-static int generic_fax_exec(struct ast_channel *chan, struct ast_fax_session_details *details, struct ast_fax_session *reserved)
+static int generic_fax_exec(struct ast_channel *chan, struct ast_fax_session_details *details, struct ast_fax_session *reserved, struct ast_fax_tech_token *token)
 {
 	int ms;
 	int timeout = RES_FAX_TIMEOUT;
@@ -1134,7 +1139,7 @@ static int generic_fax_exec(struct ast_channel *chan, struct ast_fax_session_det
 	chancount = 1;
 
 	/* create the FAX session */
-	if (!(fax = fax_session_new(details, chan, reserved))) {
+	if (!(fax = fax_session_new(details, chan, reserved, token))) {
 		ast_log(LOG_ERROR, "Can't create a FAX session, FAX attempt failed.\n");
 		report_fax_status(chan, details, "No Available Resource");
 		return -1;
@@ -1533,6 +1538,7 @@ static int receivefax_exec(struct ast_channel *chan, const char *data)
 	int channel_alive;
 	struct ast_fax_session_details *details;
 	struct ast_fax_session *s;
+	struct ast_fax_tech_token *token = NULL;
 	struct ast_fax_document *doc;
 	AST_DECLARE_APP_ARGS(args,
 		AST_APP_ARG(filename);
@@ -1676,7 +1682,7 @@ static int receivefax_exec(struct ast_channel *chan, const char *data)
 		details->option.allow_audio = AST_FAX_OPTFLAG_TRUE;
 	}
 
-	if (!(s = fax_session_reserve(details))) {
+	if (!(s = fax_session_reserve(details, &token))) {
 		ast_atomic_fetchadd_int(&faxregistry.fax_failures, 1);
 		ast_string_field_set(details, resultstr, "error reserving fax session");
 		set_channel_variables(chan, details);
@@ -1692,6 +1698,7 @@ static int receivefax_exec(struct ast_channel *chan, const char *data)
 			ast_string_field_set(details, resultstr, "error answering channel");
 			set_channel_variables(chan, details);
 			ast_log(LOG_WARNING, "Channel '%s' failed answer attempt.\n", chan->name);
+			fax_session_release(s, token);
 			ao2_ref(s, -1);
 			ao2_ref(details, -1);
 			return -1;
@@ -1703,6 +1710,7 @@ static int receivefax_exec(struct ast_channel *chan, const char *data)
 		ast_string_field_set(details, error, "T38_NEG_ERROR");
 		ast_string_field_set(details, resultstr, "error negotiating T.38");
 		set_channel_variables(chan, details);
+		fax_session_release(s, token);
 		ao2_ref(s, -1);
 		ao2_ref(details, -1);
 		return -1;
@@ -1714,6 +1722,7 @@ static int receivefax_exec(struct ast_channel *chan, const char *data)
 			ast_string_field_set(details, error, "T38_NEG_ERROR");
 			ast_string_field_set(details, resultstr, "error negotiating T.38");
 			set_channel_variables(chan, details);
+			fax_session_release(s, token);
 			ao2_ref(s, -1);
 			ao2_ref(details, -1);
 			ast_log(LOG_ERROR, "error initializing channel '%s' in T.38 mode\n", chan->name);
@@ -1723,7 +1732,7 @@ static int receivefax_exec(struct ast_channel *chan, const char *data)
 		details->option.send_ced = 1;
 	}
 
-	if ((channel_alive = generic_fax_exec(chan, details, s)) < 0) {
+	if ((channel_alive = generic_fax_exec(chan, details, s, token)) < 0) {
 		ast_atomic_fetchadd_int(&faxregistry.fax_failures, 1);
 	}
 
@@ -2000,6 +2009,7 @@ static int sendfax_exec(struct ast_channel *chan, const char *data)
 	int channel_alive, file_count;
 	struct ast_fax_session_details *details;
 	struct ast_fax_session *s;
+	struct ast_fax_tech_token *token = NULL;
 	struct ast_fax_document *doc;
 	AST_DECLARE_APP_ARGS(args,
 		AST_APP_ARG(filenames);
@@ -2167,7 +2177,7 @@ static int sendfax_exec(struct ast_channel *chan, const char *data)
 		details->option.request_t38 = AST_FAX_OPTFLAG_TRUE;
 	}
 
-	if (!(s = fax_session_reserve(details))) {
+	if (!(s = fax_session_reserve(details, &token))) {
 		ast_atomic_fetchadd_int(&faxregistry.fax_failures, 1);
 		ast_string_field_set(details, resultstr, "error reserving fax session");
 		set_channel_variables(chan, details);
@@ -2183,6 +2193,7 @@ static int sendfax_exec(struct ast_channel *chan, const char *data)
 			ast_string_field_set(details, resultstr, "error answering channel");
 			set_channel_variables(chan, details);
 			ast_log(LOG_WARNING, "Channel '%s' failed answer attempt.\n", chan->name);
+			fax_session_release(s, token);
 			ao2_ref(s, -1);
 			ao2_ref(details, -1);
 			return -1;
@@ -2194,6 +2205,7 @@ static int sendfax_exec(struct ast_channel *chan, const char *data)
 		ast_string_field_set(details, error, "T38_NEG_ERROR");
 		ast_string_field_set(details, resultstr, "error negotiating T.38");
 		set_channel_variables(chan, details);
+		fax_session_release(s, token);
 		ao2_ref(s, -1);
 		ao2_ref(details, -1);
 		return -1;
@@ -2205,6 +2217,7 @@ static int sendfax_exec(struct ast_channel *chan, const char *data)
 			ast_string_field_set(details, error, "T38_NEG_ERROR");
 			ast_string_field_set(details, resultstr, "error negotiating T.38");
 			set_channel_variables(chan, details);
+			fax_session_release(s, token);
 			ao2_ref(s, -1);
 			ao2_ref(details, -1);
 			ast_log(LOG_ERROR, "error initializing channel '%s' in T.38 mode\n", chan->name);
@@ -2214,7 +2227,7 @@ static int sendfax_exec(struct ast_channel *chan, const char *data)
 		details->option.send_cng = 1;
 	}
 
-	if ((channel_alive = generic_fax_exec(chan, details, s)) < 0) {
+	if ((channel_alive = generic_fax_exec(chan, details, s, token)) < 0) {
 		ast_atomic_fetchadd_int(&faxregistry.fax_failures, 1);
 	}