Backport upstream alignment fix to correct bus error on platforms
that require strict memory alignment such as SPARC
FS-8783 #resolve
From upstream:
commit 4d8430a504137509f23b5a19f8a06b6df0f651cc
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date: Fri Nov 7 00:13:10 2014 +0100
While setting the IV for AES ICM the nonce is simply typecast from
a void * to a v128_t *. This breaches alignment requirements for
v128_t objects on platforms that require it.
Instead make a copy of the nonce to assure proper alignment.
Sofia will unpredictably close a tls transport during call setup. This
occurs when the epoll event loop wakes up the socket reader and SSL_read
returns an error because there is no packet on the socket. Normally
sofia will read the last error using SSL_get_error and return
SSL_ERROR_WANT_READ. Sofia gracefully handles this error and the
transport stays open. Sometimes, however, the worker thread will call
SSL_shutdown for a different transport, which can write an error to the
internal openssl error queue. If that error is not read off the queue,
the next time that SSL_get_error is called, it will read that unrelated
error.
The documentation for SSL_shutdown explains that there are three
possible results -1, 0 and 1 with, oddly, 1 indicating success. The -1
result code occurs when there is no handshake callback registered on the
connection. It can return 0 when there is still work to be done. The
documentation suggest that it is insufficient to call it just once. This
is why I added the do {} while () construct.
Although just the fix to SSL_shutdown was enough to resolve my issue, I
a also audited other calls to SSL_* functions and found a few other
cases where an error may be generated, but was not handled.
Misc code style fixes as well:
* Use static functions everywhere, no need to pollute the global namespace
* Rework some function names and variables to use lower case
Use the new parameter immediate-forwarding-numbers to configure
immediate forwarding logic that emulates hunt groups
The parameter syntax is:
[<span-name>:]<number>
Multiple elements can be specified separated by commas
If the <span-name> is specified, the span will be checked for
availability, if available, its number will be selected for
forwarding, otherwise next number will be checked
Forwarding is enabled as soon as a channel is answered and its
disabled when the channel is hung up
* Add error handing in mod_freetdm for ftdm trace failures
* Allow freetdm signaling modules to specify a destroy function
* Added conditional forwarding to the freetdm gsm module
Just specify the conditional-forwarding-number gsm parameter in freetdm.conf.xml
* Added new 'gsm call' freetdm command for raw GSM calls which can be
used to enable/disabling network features (e.g call *93) without
having to resort to use a full originate that requires routing the
call somewhere when answered
* Miscelaneous cleanup of piggy coding style left over by one of the
previous authors -_-
* commit '54be6fc57369a71685aaad59f4605b29194cc8f2':
ESL-111 Fix esl/python/Makefile to create install directory This need when using make install DESTDIR=...
configure.ac: honor NetBSD and SmartOS in search for system lua
src/switch_utf8.c: remove switch_u8_vprintf and switch_u8_printf
replace u_int32_t with C99 standard uint32_t, and also the same for
8,16,64 bit
The new C compiler breaks a lot of things. snprintf and timespec now exist, and redefining causes an error.
Many more things are warnings, so warnings-as-errors will fail - remove it from some projects for now.
V8: don't pass VS version to build batch file.
mod_sofia: Config has too-long if/elseif chain. Break this up to avoid "parser stack overflow; program too complex".
Add mod_conference.h to project and dir to includes.
add var=val member lookup usable wherver member_id is valid in api commands
add bgimg to layouts with api command or config for global setting
fix bug with overlap layouts combined with odd sized layers
improve switch_img_fit to take a modifier for fit, streach or both at once
* commit '81190c6d89aa7bedbda041c8a8519081856effff':
FS-7644. Fix build on VS2013/Win by creating and forcing nf (nofork) to true.
FS-7644. Remove non-existent projects.
FS-7644. Add switch_core_video.c and switch_vidderbuffer.c to VS2013 FreeSwitchCore.2013.vcxproj
FS-7644. Change 2013.vcxproj references to 2013
Ephemeral ECDH (ECDHE) was supported already. This patch adds Ephemeral
DH (DHE). To enable it, add DH parameters into the private-key file of
your server (agent.pem). For example via:
openssl dhparam -out dh.pem 2048
FS-7561 #resolve
FS-7338: remove libsilk from tree, use system lib instead
FS-7338: change to always use system liblua
FS-7338: remove libbroadvoice from tree, use system lib instead
FS-7338: remove libilbc from tree, use system lib instead
FS-7338: remove libs using system libs from bootstrap
FS-7338: remove libg722_1 from tree, use system lib instead
FS-7338: remove mod_celt, it has be superseded by mod_opus
FS-7338: remove libcodec2 from tree, use system lib instead
FS-7338: remove libopus from tree, use system lib instead
FS-7338: remove libsoundtouch build from tree, use system lib instead
FS-7338: remove flite build from tree, use system lib instead
FS-7338: remove openldap build from tree, use system lib instead
FS-7338: remove libmongoc build from tree, use system lib instead
FS-7338: remove mod_mongo deps that are no longer actually required
FS-7338: remove some dup demo modules and don't include demo code in packages
* commit 'e062f5e3c8355a6b5cb0d12ddb99300e95b38193':
If the span has been already fully stopped and ftdm is not running, return success from the span stop function.
Revert the build change to freetdm since it broke the build of that
modules on CentOS. Once a working change is finished, then it'll be
committed against FS-7122.
FS-7142 #resolve
The file 'libs/sofia-sip/s2check/exit77.c' was moved in order to
silence the warning and to keep the build working. There might be a
build problem that results from this file move, but after serveral
build tests I have not found one. The contents of the file are
specifically for the make check target, so I believe it would be
highly unlikely to cause problems with any production feature.
FS-7122 #resolve
Latest automake will detect then warn if the Makefile uses source
files that are in subdirectories, but the subdirs option is not
set. In the FreeSWITCH build system the current expected behavior is
to expect the subdirs option to be enabled.
FS-7122 #resolve
[apr] Backport APR_RING_FOREACH and APR_RING_FOREACH_SAFE macros to APR for unimrcp compatibility.
[unimrcp] configure.gnu - need full path, not relative path for library paths
[unimrcp] added uni_revision.h - couldn't get it to autogenerate from build
[mod_unimrcp] add better logging and error checking on module load. Currently dumps core on MRCPv1 TTS attempt
[mod_unimrcp] don't configure MRCPv1 session with a connection agent- causes crash
Patched-By: Florian Richter
Check for digits received on sangoma isdn stack to avoid delaying
moving to the ring state if all digits are received at once in
overlap dialing mode
ADTRAN Total Access devices do not support sending the rport parameter in
the Via header. This allows us to detect the device and force rport when
using the "safe" parameter, enabling the device to be used behind NAT.
FS-6823 #resolve
With this commit, passing -Q to fs_cli will cause fs_cli to not load
or save the command history file (~/.fs_cli_history). This can be
useful e.g. on read-only systems.
This can also be set in the fs_cli configuration file with the option
`no-history-file`.
Windows has a 64 descriptor limit in WSAWaitForMultipleEvents system call.
Implemented some custom login in su_wait to work around this limitation.
Changed SU_WAIT_MAX from 64 to 0x7fffffff, like on other plaftorms.
In some cases where `redisplay()` is called immediately after a
command is run (e.g. `log ...`) we often get a prompt, junk output,
and a second prompt. This is due to a (known) race.
We believe we're falling afoul of this code in `el_deletestr`:
if (el->el_line.cursor < &el->el_line.buffer[n])
return;
Basing the length of text to delete off of the cursor position
resolves the issue of junk text, but the real solution is to eliminate
the race conditions, which will also resolve the sometimes duplicated
prompt.
FS-6764 #resolve
Thanks-to: Nathan Neulinger <nneul@neulinger.org>
When zero was passed for the size to `sub_alloc`, we were passing this
size on to `malloc` or `calloc`, which is unusual enough that static
analyzers warn about this (POSIX says that either NULL or a pointer
will be returned).
We'll instead just return NULL right away.
usleep is deprecated and disabled in glibc 2.12 unless requested. Use
nanosleep instead if available.
This fixes the following compiler warning:
./src/zrtp_iface_scheduler.c: In function 'zrtp_sleep':
./src/zrtp_iface_scheduler.c:96:2: warning: implicit declaration of
function 'usleep' [-Wimplicit-function-declaration]
usleep(msec*1000);
^
These two files should only be built when OpenSSL is not enabled. See
the configure script of the original sources and Makefile from upstream.
(RNG_EXTRA_OBJS)
Fixes a -Wimplicit-function-declaration warning.
Currently only enabled in the analog e&m module but any
signaling module can easily take advantage of it with a small
modification to the signaling module to set span->sig_release_guard_time_ms
This removes our in-tree version of portaudio-19 and migrates
mod_portaudio and mod_portaudio_stream to use the system version of
the library. Our detection of the system library relies on
pkg-config.
This reverts commit b29a41bb1b.
This commit is no longer needed now that proper infrastructure has been
added to allow signaling modules to generate and detect DTMF
The feature macros should only be used for I/O module features
and not for signaling module features
In `srtp_unprotect_rtcp()` we are not validating that the packet
length is as long as the minimum required. This would cause
`enc_octet_len` to underflow, which would cause us to try to decrypt
data past the end of the packet in memory -- a buffer over-read and
buffer overflow.
In `srtp_protect_rtcp()`, we were similarly not validating the packet
length. Here we were also polluting the address of the SRTCP
encrypted flag and index (the `trailer`), causing us to write one word
to a bogus memory address before getting to the encryption where we
would also overflow.
In this commit we add checks to appropriately validate the RTCP/SRTCP
packet lengths.
`srtp_unprotect_rtcp_aead()` (but not protect) did correctly validate
the packet length; this check would now be redundant as the check in
`srtcp_unprotect_rtcp()` will also run first, so it has been removed.
In the defined AEAD modes, SRTP packets must always be encrypted and
authenticated, but SRTCP packets may be only authenticated. It's
possible, therefore, for us to end up in `srtp_protect_aead()` without
the `sec_serv_conf` bit being set. We should just ignore this and
encrypt the RTP packet anyway.
What we are doing instead is encrypting the packet anyway, but setting
`enc_start` to NULL first. This causes `aad_len` to underflow which
will cause us to over-read in `cipher_set_aad()`.
If we could get past that, we would try to read and write memory
starting at 0x0 down in `cipher_encrypt()`.
This commit causes us to not check the `sec_serv_conf` bit and never
set `enc_start` to NULL in `srtp_protect_aead()`.
`srtp_unprotect_aead()` does not contain a similar error.
When computing the start address of the RTP data to encrypt or SRTP
data to decrypt (`enc_start`), we are using `hdr->cc` (the CSRC
count), which is untrusted data from the packet, and the length field
of an RTP header extension, which is also untrusted and unchecked data
from the packet.
This value then pollutes our calculation of how much data we'll be
encrypting or decrypting (`enc_octet_len`), possibly causing us to
underflow.
We'll then call `cipher_encrypt()` or `cipher_decrypt()` with these
two values, causing us to read from and write to arbitrary addresses
in memory.
(In the AEAD functions, we'd also pollute `aad_len`, which would cause
us to read undefined memory in `cipher_set_aad`.)
This commit adds checks to verify that the `enc_start` we calculate is
sane based on the actual packet length.
Anthony Minessale
Markus von Arx
Spencer Thomason
William King
Alexandr Dubovikov
Michael Jerris
Steve Underwood
Moishe Grunstein
Ethan Atkins
Davide Colombo
Ken Rice
Moises Silva
Artur Kraev
matteo brancaleoni
Stanislav Sinyagin
Anthony Minessale II
Michael Giagnocavo
Vladimir
andywang1988
Brian West
Jeff Lenk
Alexander Traud
Artur Zaprzała
Jun Wang
Peter Olsson
Artur Zaprzała
Moises Silva
Dušan Dragić
Dave Kompel
Brian West
Chris Rienzo
matteo brancaleoni
Richard Neese
Travis Cross
Daniel Weber
Stefano Picerno
Peter Wu
jfigus