asterisk

Commit Graph

Author	SHA1	Message	Date
Mark Michelson	dd4d4e40e5	res_pjsip_pubsub: Prevent sending NOTIFY on destroyed dialog. A certain situation can result in our attempting to send a NOTIFY on a destroyed dialog. Say we attempt to send a NOTIFY to a subscriber, but that subscriber has dropped off the network. We end up retransmitting that NOTIFY until the appropriate SIP timer says to destroy the NOTIFY transaction. When the pjsip evsub code is told that the transaction has been terminated, it responds in kind by alerting us that the subscription has been terminated, destroying the subscription, and then removing its reference to the dialog, thus destroying the dialog. The problem is that when we get told that the subscription is being terminated, we detect that we have not sent a terminating NOTIFY request, so we queue up such a NOTIFY to be sent out. By the time that queued NOTIFY gets sent, the dialog has been destroyed, so attempting to send that NOTIFY can result in a crash. The fix being introduced here is actually a reintroduction of something the pubsub code used to employ. We hold a reference to the dialog and wait to decrement our reference to the dialog until our subscription tree object is destroyed. This way, we can send messages on the dialog even if the PJSIP evsub code wants to terminate earlier than we would like. In doing this, some NULL checks for subscription tree dialogs have been removed since NULL dialogs are no longer actually possible. Change-Id: I013f43cddd9408bb2a31b77f5db87a7972bfe1e5	10 years ago
Mark Michelson	bda0a24206	res_pjsip_pubsub: Ensure dialog lock balance. When sending a NOTIFY, we lock the dialog and then unlock the dialog when finished. A recent change made it so that the subscription tree's dialog pointer will be set NULL when sending the final NOTIFY request out. This means that when we attempt to unlock the dialog, we pass a NULL pointer to pjsip_dlg_dec_lock(). The result is that the dialog remains locked after we think we have unlocked it. When a response to the NOTIFY arrives, the monitor thread attempts to lock the dialog, but it cannot because we never released the dialog lock. This results in Asterisk being unable to process incoming SIP traffic any longer. The fix in this patch is to use a local pointer to save off the pointer value of the subscription tree's dialog when locking and unlocking the dialog. This way, if the subscription tree's dialog pointer is NULLed out, the local pointer will still have point to the proper place and the dialog lock will be unlocked as we expect. Change-Id: I7ddb3eaed7276cceb9a65daca701c3d5e728e63a	10 years ago
Mark Michelson	7a22fc27fb	res_pjsip_pubsub: Prevent crashes on final NOTIFY. The SIP dialog is removed from the subscription tree when the final NOTIFY is sent. However, after the final NOTIFY is sent, the persistence update function still attempts to access the cseq from the dialog, resulting in a crash. This fix removes the subscription persistence at the same time that the dialog is removed from the subscription tree. This way, there is no attempt to update persistence when the subscription is being destroyed. Change-Id: Ibb46977a6cef9c51dc95f40f43446e3d11eed5bb	10 years ago
Mark Michelson	7fc9a998b1	res_pjsip_pubsub: Remove serializer when sending final NOTIFY. There have been crashes seen where a taskprocessor's listener is NULL unexpectedly. Looking at backtraces, the problem was specifically seen in PJSIP serializers. Subscriptions make the mistake of removing a serializer from a dialog during subscription tree destruction. Since subscription trees are reference-counted, guaranteeing the circumstances behind the destruction are not possible. This makes it so that the dialog serializer can be removed while not holding the dialog lock. This makes it possible for the distributor to get a pointer to the dialog serializer and have that serializer get freed out from under it. The fix for this is to remove the serializer from a subscription dialog when sending the final NOTIFY. This guarantees that the serializer is removed with the dialog lock held. By doing this, we guarantee that if the distributor gains access to the dialog's serializer, it will not be possible for the serializer to get freed by another thread. Change-Id: I21f5dac33529f65cec45679bdace60670800ff66	10 years ago
Mark Michelson	7a47ab77c1	res_pjsip_pubsub: Fix crash on destruction of empty subscription tree. If an old persistent subscription is recreated but then immediately destroyed because it is out of date, the subscription tree will have no leaf subscriptions on it. This was resulting in a crash when attempting to destroy the subscription tree. A simple NULL check fixes this problem. Change-Id: I85570b9e2bcc7260a3fe0ad85904b2a9bf36d2ac	10 years ago
Mark Michelson	8def38f6a2	res_pjsip_pubsub: Solidify lifetime and ownership of objects. There have been crashes and general instability seen in the pubsub code, so this patch introduces three changes to increase the stability. First, the ownership model for subscriptions has been modified. Due to RLS, subscriptions are stored in memory as a tree structure. Prior to my patch, the PJSIP subscription was the owner of the subscription tree. When the PJSIP subscription told us that it was terminating, we started destroying the subscription tree along with all of the individual leaf subscriptions that belong to the tree. The problem with this model is that the two actors in play here, the PJSIP subscription and the individual leaf subscriptions, need to have joint ownership of the subscription tree. So now, the PJSIP subscription and the individual leaf subscriptions each have a reference to the subscription tree. This way, we will not actually free memory until no players are left that care. The PJSIP subscription is a bigger stakeholder, in that if the PJSIP subscription's reference to the subscription tree is removed, the subscription tree instructs the leaf subscriptions to shut down and drop their references to the subscription tree when possible. The individual leaf subscriptions, upon being told to shut down, can drop their stasis subscriptions or whatever they use to learn of new state, and then drop their reference to the subscription tree once they are ready to die. Second, the lifetime of a PJSIP subscription's reference to our subscription tree has been altered. As I learned from doing a deep dive, the PJSIP evsub code can tell Asterisk multiple times that the subscription has been terminated, and not all of these times are especially helpful. I have altered the message flow that we use for SIP subscriptions such that we will always drop the PJSIP subscription's reference to the subscription tree when we send the NOTIFY that terminates a SIP subscription. This also means that we will now queue NOTIFY requests to be sent after responding to incoming SUBSCRIBEs so that we can have predictable state changes from the PJSIP evsub code. Third, the synchronization of operations has been improved. PJSIP can call into our code from a serializer thread (e.g. upon receiving an incoming request) or from the monitor thread (e.g. when a subscription times out). Because of this, there is the possibility of competing threads stepping on each other. PJSIP attempts to do some synchronization on its own by always keeping the dialog lock held when it calls into us. However, since we end up pushing tasks into the serializer, the result was that serialized operations were not grabbing the dialog lock and could, as a result, step on something that was being attempted by a different thread. Now we ensure that serialized operations grab the dialog lock, then check for extenuating circumstances, then proceed with their operation if they can. Change-Id: Iff2990c40178dad9cc5f6a5c7f76932ec644b2e5	10 years ago
Mark Michelson	16afb39aec	res_pjsip_pubsub: Set the endpoint on SUBSCRIBE dialogs. When SUBSCRIBE dialogs were established, we never associated the endpoint that created the subscription with the dialog we end up creating. In most cases, this ended up not causing any problems. The actual bug that was observed was that when a device that was behind NAT established a subscription with Asterisk, Asterisk would end up sending in-dialog NOTIFY requests to the device's private IP addres instead of the public address of the NAT router. When Asterisk receives the initial SUBSCRIBE from the device, res_pjsip_nat rewrites the contact to the public address on which the SUBSCRIBE was received. This allows for the dialog to have its target address set to the proper public address. Asterisk then would send a 200 OK response to the SUBSCRIBE, then a NOTIFY with the initial subscription state. The device would then send a 200 OK response to Asterisk's NOTIFY. Here's where things went wrong. When the 200 OK arrived, res_pjsip_nat did not rewrite the address in the Contact header. Then, when the PJSIP dialog layer processed the 200 OK, PJSIP would perform a comparison between the IP address in the Contact header and its saved target address for the dialog. Since they differed, PJSIP would update the target dialog address to be the address in the Contact header. From this point, if Asterisk needed to send a NOTIFY to the device, the result was that the NOTIFY would be sent to the private address that the device placed in the Contact header. The reason why res_pjsip_nat did not rewrite the address when it received the 200 OK response was that it could not associate the incoming response with a configured endpoint. This is because on a response, the only way to associate the response to an endpoint is by finding the dialog that the response is associated with and then finding the endpoint that is associated with that dialog. We do not perform endpoint lookups on responses. res_pjsip_pubsub skipped the step of associating the endpoint with the dialog we created, so res_pjsip_nat could not find the associated endpoint and therefore couldn't rewrite the contact. This commit message is like 50x longer than the actual fix. ASTERISK 24981 #close Reported by Mark Michelson Change-Id: I2b963c58c063bae293e038406f7d044a8a5377cd	10 years ago
Matt Jordan	b5cfcfc427	contrib/scripts/autosupport: Update for Asterisk 13 This patch adds some minor tweaks for autosupport to update it for Asterisk 13. This includes: * Finally removing most references to Zaptel * Adding support for some additional 'core' commands, and fixing nomenclature that generally hasn't been used for some time * Adding some PJSIP/SIP commands to gather endpoints/peers and active channels Change-Id: Ic997b418cbd9313588b6608e50f47b0ce6f4f1f1 (cherry picked from commit `9fc9777fa3`)	10 years ago
Richard Mudgett	47a9452780	config.c: Fix off-nominal memory leak. Change-Id: I06e346e9a5c63cc5071e7eda537310c4b43bffe0	10 years ago
Richard Mudgett	728a2b7013	config.c: Fix potential memory corruption after [section](+). The memory corruption could happen if the [section](+) is the last section in the file with trailing comments. In this case process_text_line() has left *last_cat is set to newcat and newcat is destroyed. Change-Id: I0d1d999f553986f591becd000e7cc6ddfb978d93	10 years ago
Richard Mudgett	6c11fa2277	config.c: Fix #include after [section](+). An #include right after a [section](+) would associate any variable assignments before a new section in the #include with the wrong section. * Fix section association by setting the current section to the appended section. * Fix '+' and '!' section flag interaction corner case depending upon which flag came first. If the '!' came first then it would be ignored. If the '!' came after then it would affect the appended section. The '!' will now no longer be ignored. ASTERISK-25461 #close Reported by: Sean Pimental Change-Id: Ic9d3191c8758048e2cbce6432f854b32531731c3	10 years ago
Joshua Colp	a2677c141e	Merge "chan_pjsip: Fix crash on reINVITE before initial INVITE completes." into certified/13.1	10 years ago
Matt Jordan	0fe83cad51	res/res_rtp_asterisk: Fix assignment after ao2 decrement When we decide we will no longer schedule an RTCP write, we remove the reference to the RTP instance, then assign -1 to the stored scheduler ID in case something else comes along and wants to see if anything is scheduled. That scheduler ID is on the RTP instance. After `60a9172d7e` was merged to fix the regression introduced by `3cf0f29310`, this improper assignment on a potentially destroyed object started getting tripped on the build agents. Frankly, this should have been crashing a lot more often earlier. I can only assume that the timing was changed just enough by both changes to start actually hitting this problem. As it is, simply moving the assignment prior to the ao2 deference is sufficient to keep the RTP instance from being referenced when it is very, truly, aboslutely dead. (Note that it is still good practice to assign -1 to the scheduler ID when we know we won't be scheduling it again, as the ao2 deref may not always destroy the ao2 object.) ASTERISK-25449 Change-Id: Ie6d3cb4adc7b1a6c078b1c38c19fc84cf787cda7	10 years ago
Richard Mudgett	c4f63952fc	chan_pjsip: Fix crash on reINVITE before initial INVITE completes. Apparently some endpoints attempt to send a reINVITE before completing the initial INVITE transaction. In this case PJSIP responds appropriately to the reINVITE with a 491 INVITE request pending. Unfortunately chan_pjsip is using the initial INVITE transaction state to determine if an INVITE is the initial INVITE or a reINVITE. Since the initial INVITE transaction has not been confirmed yet chan_pjsip thinks the reINVITE is an initial INVITE and starts another PBX thread on the channel. The extra PBX thread ensures that hilarity ensues. * Fix checks for a reINVITE on incoming requests to look for the presence of a to-tag instead of the initial INVITE transaction state. * Made caller_id_incoming_request() determine what to do if there is a channel on the session or not. After a channel is created it is too late to just store the new party id on the session because the session's party id has already been copied to the channel's caller id. ASTERISK-25404 #close Reported by: Chet Stevens Change-Id: Ie78201c304a2b13226f3a4ce59908beecc2c68be	10 years ago
Matt Jordan	d61da57428	Fix improper usage of scheduler exposed by `5c713fdf18` When `5c713fdf18` was merged, it allowed for scheduled items to have an ID of '0' returned. While this was valid per the documentation for the API, it was apparently never returned previously. As a result, several users of the scheduler API viewed the result as being invalid, causing them to reschedule already scheduled items or otherwise fail in interesting ways. This patch corrects the users such that they view '0' as valid, and a returned ID of -1 as being invalid. Note that the failing HEP RTCP tests now pass with this patch. These tests failed due to a duplicate scheduling of the RTCP transmissions. ASTERISK-25449 #close Change-Id: I019a9aa8b6997584f66876331675981ac9e07e39	10 years ago
Richard Mudgett	5d12653d2a	res_sorcery_memory_cache.c: Fix deadlock with scheduler. A deadlock can happen when a sorcery object is being expired from the memory cache when at the same time another object is being placed into the memory cache. There are a couple other variations on this theme that could cause the deadlock. Basically if an object is being expired from the sorcery memory cache at the same time as another thread tries to update the next object expiration timer the deadlock can happen. * Add a deadlock avoidance loop in expire_objects_from_cache() to check if someone is trying to remove the scheduler callback from the scheduler. ASTERISK-25441 #close Change-Id: Iec7b0bdb81a72b39477727b1535b2539ad0cf4dc	10 years ago
Richard Mudgett	b35b9a9e32	res_sorcery_memory_cache.c: Replace inline code with function. Make sorcery_memory_cache_close() call remove_all_from_cache() instead of partially inlining it. ASTERISK-25441 Change-Id: I1aa6cb425b1a4307096f3f914d17af8ec179a74c	10 years ago
Richard Mudgett	9ec52447bd	res_sorcery_memory_cache.c: Shutdown in a less crash potential order. Basically you should shutdown in the opposite order of how you setup since later setup pieces likely depend on earlier setup pieces. e.g., Registering your external API with the rest of the system should be the last thing setup and the first thing unregistered during shutdown. Change-Id: I5715765b723100c8d3c2642e9e72cc7ad5ad115e	10 years ago
Richard Mudgett	110927bacc	res_sorcery_memory_cache.c: Misc tweaks. Change-Id: I8cd32dffbb4f33bb0c39518d6e4c991e73573160	10 years ago
Richard Mudgett	14ac763ab3	res_sorcery_memory_cache.c: Made use OBJ_SEARCH_MASK. Change-Id: Ibca6574dc3c213b29cc93486e01ccd51f5caa46c	10 years ago
Matthew Jordan	39fe210fd9	res/res_pjsip_dlg_options: Add a module to handle in-dialog OPTIONS requests This patch adds a new session supplement that handles in-dialog OPTIONS requests. Said OPTIONS requests are sent a 200 OK, as an endpoint lookup for the OPTIONS request would already have been done by the time the session supplement receives the inbound request. ASTERISK-24862 #close Reported by: yaron nahum patches: res_pjsip_dlg_options.c submitted by yaron nahum (License 6676) Change-Id: Iefc901a7c5c88d9d4b853188f85092d9eb7b6ada	10 years ago
Richard Mudgett	00be2f6b4f	app_queue.c: Force COLP update if outgoing channel name changed. * When a call is answered and the outgoing channel name has changed then force a connected line update because the channel is no longer the same. The channel was masqueraded into by another channel. This is usually because of a call pickup. Note: Forwarded calls are handled in a controlled manner so the original channel name is replaced with the forwarded channel. ASTERISK-25423 #close Reported by: John Hardin Change-Id: Ie275ea9e99c092ad369db23e0feb08c44498c172	10 years ago
Richard Mudgett	bd43638622	app_queue.c: Factor out a connected line update routine. Replace inlined code with update_connected_line_from_peer(). ASTERISK-25423 Reported by: John Hardin Change-Id: I33bbd033596fcb0208d41d8970369b4e87b806f3	10 years ago
Richard Mudgett	f5a935f9d1	app_dial.c: Make 'A' option pass COLP updates. While the 'A' option is playing the announcement file allow the caller and peer to exchange COLP update frames. ASTERISK-25423 Reported by: John Hardin Change-Id: Iac6cf89b56d26452c6bb88e9363622bbf23895f9	10 years ago
Richard Mudgett	91f754cb89	app_dial.c: Force COLP update if outgoing channel name changed. * When a call is answered and the outgoing channel name has changed then force a connected line update because the channel is no longer the same. The channel was masqueraded into by another channel. This is usually because of a call pickup. Note: Forwarded calls are handled in a controlled manner so the original channel name is replaced with the forwarded channel. ASTERISK-25423 Reported by: John Hardin Change-Id: I2e01f7a698fbbc8c26344a59c2be40c6cd98b00c	10 years ago
Richard Mudgett	9792b21720	app_dial.c: Factor out a connected line update routine. Replace inlined code with update_connected_line_from_peer(). ASTERISK-25423 Reported by: John Hardin Change-Id: Ia14f18def417645cd7fb453e1bdac682630a5091	10 years ago
Mark Michelson	7a4581a41b	Do not swallow frames on channels leaving bridges. When leaving a bridge, indications on a channel could be swallowed by the internal indication logic because it appears that the channel is on its way to be hung up anyway. One such situation where this is detrimental is when channels on hold are redirected out of a bridge. The AST_CONTROL_UNHOLD indication from the bridging code is swallowed, leaving the channel in question to still appear to be on hold. The fix here is to modify the logic inside ast_indicate_data() to not drop the indication if the channel is simply leaving a bridge. This way, channels on hold redirected out of a bridge revert to their expected "in use" state after the redirection. ASTERISK-25418 #close Reported by Mark Michelson Change-Id: If6115204dfa0551c050974ee138fabd15f978949	10 years ago
Richard Mudgett	86eee104be	app_page.c: Fix crash when forwarding with a predial handler. Page uses the async method of dialing with the dial API. When a call gets forwarded there is no calling channel available. If the predial handler was set then the calling channel could not be put into auto-service for the forwarded call because it doesn't exist. A crash is the result. * Moved the callee predial parameter string processing to before the string is passed to the dial API rather than having the dial API do it. There are a few benefits do doing this. The first is the predial parameter string processing doesn't need to be done for each channel called by the dial API. The second is in async mode and the forwarded channel is to have the predial handler executed on it then the non-existent calling channel does not need to be present to process the predial parameter string. * Don't start auto-service on a non-existent calling channel to execute the predial handler when the dial API is in async mode and forwarding a call. ASTERISK-25384 #close Reported by: Chet Stevens Change-Id: If53892b286d29f6cf955e2545b03dcffa2610981	10 years ago
Mark Michelson	deccd2ef3c	Resolve race conditions involving Stasis bridges. This resolves two observed race conditions. First, a bit of background on what the Stasis application does: 1a Creates a stasis_app_control structure. This structure is linked into a global container and can be looked up using a channel's unique ID. 2a Puts the channel in an event loop. The event loop can exit either because the stasis_app_control structure has been marked done, or because of some other factor, such as a hangup. In the event loop, the stasis_app_control determines if any specific ARI commands need to be run on the channel and will run them from this thread. 3a Checks if the channel is bridged. If the channel is bridged, then ast_bridge_depart() is called since channels that are added to Stasis bridges are always imparted as departable. 4a Unlink the stasis_app_control from the container. When an ARI command is received by Asterisk, the following occurs 1b A thread is spawned to handle the HTTP request 2b The stasis_app_control(s) that corresponds to the channel(s) in the request is/are retrieved. If the stasis_app_control cannot be retrieved, then it is assumed that the channel in question has exited the Stasis app or perhaps was never in Stasis in the first place. 3b A command is queued onto the stasis_app_control, and the channel's event loop thread is signaled to run the command. 4b While most ARI commands do nothing further, some, such as adding or removing channels from a bridge, will block until the command they issued has been completed by the channel's event loop. The first race condition that is solved by this patch involves a crash that can occur due to faulty detection of the channel's bridged status in step 3a. What can happen is that in step 2a, the event loop may run the ast_bridge_impart() function to asynchronously place the channel into a bridge, then immediately exit the event loop because the channel has hung up. In step 3a, we would detect that the channel was not bridged and would not call ast_bridge_depart(). The reason that the channel did not appear to be bridged was that the depart_thread that is spawned by ast_bridge_impart() had not yet started. That is the thread where the channel is marked as being bridged. Since we did not call ast_bridge_depart(), the Stasis application would exit, and then the channel would be destroyed Then the depart_thread would start up and try to manipulate the destroyed channel, causing a crash. The fix for this is to switch from using ast_channel_is_bridged() to checking the NULLity of ast_channel_internal_bridge_channel() to determine if ast_bridge_depart() needs to be called. The channel's internal bridge_channel is set when ast_bridge_impart() is called and is NULLed by the call to ast_bridge_depart(). If the channel's internal bridge_channel is non-NULL, then the channel must have been imparted into the bridge and needs to be departed, even if the actual bridging operation has not yet started. By departing the channel when necessary, the thread that is running the Stasis application will block until the bridge gives the okay that the depart_thread has exited. The second race condition that is solved by this patch involves a leak of HTTP handler threads. The problem was that step 2b would successfully retrieve a stasis_app_control structure. Then step 2a would exit the channel from the event loop due to a hangup. Steps 3a and 4a would execute, and then finally steps 3b and 4b would. The problem is that at step 4b, when attempting to add a channel to a bridge, the thread would block forever since the channel would never execute the queued command since it was finished with the event loop. This meant that the HTTP handling thread would be leaked, along with any references that thread may have owned (in my case, I was seeing bridges leaked). The fix for this is to hone in better on when the channel has exited the event loop. The stasis_app_control structure has an is_done field that is now set at each point where the channel may exit the event loop. If step 2b retrieves a valid stasis_app_control structure but the control is marked as done, then the attempted operation exits immediately since there will be nothing to service the attempted command. ASTERISK-25091 #close Reported by Ilya Trikoz Change-Id: If66265b73b4c9f8f58599124d777fedc54576628	10 years ago
Matt Jordan	37059e6242	Merge "app_record: RECORDED_FILE variable not being populated" into certified/13.1	10 years ago
Kevin Harwell	43e6804b0c	app_record: RECORDED_FILE variable not being populated The RECORDED_FILE variable is empty unless a '%d' is specified in the filename. This patch makes it so the variable is always set to the filename. ASTERISK-25410 #close Change-Id: I4ec826d8eb582ae2ad184e717be8668b74d37653	10 years ago
Joshua Colp	ca401c6842	pbx: Update device and presence state when changing a hint extension. When changing a hint extension without removing the hint first the device state and presence state is not updated. This causes the state of the hint to be that of the previous extension and not the current one. This state is kept until a state change occurs as a result of something (presence state change, device state change). This change updates the hint with the current device and presence state of the new extension when it is changed. Any state callbacks which may have been added before the hint extension is changed are also informed of the new device and presence state if either have changed. ASTERISK-25394 #close Change-Id: If268f1110290e502c73dd289c9e7e7b27bc8432f	10 years ago
Mark Michelson	20702e0cf2	res_pjsip_pubsub: Eliminate race during initial NOTIFY. There is a slim chance of a race condition occurring where two threads can both attempt to manipulate the same area. Thread A can be handling an incoming initial SUBSCRIBE request. Thread A lets the specific subscription handler know that the subscription has been established. At this point, Thread B may detect a state change on the subscribed resource and queue up a notification task on Thread C, the subscription serializer thread. Now Thread A attempts to generate the initial NOTIFY request to send to the subscriber at the same time that Thread C attempts to generate a state change NOTIFY request to send to the subscriber. The result is that Threads A and C can step on the same memory area, resulting in a crash. The crash has been observed as happening when attempting to allocate more space to hold the body for the NOTIFY. The solution presented here is to queue the subscription establishment and initial NOTIFY generation onto the subscription serializer thread (Thread C in the above scenario). This way, there is no way that a state change notification can occur before the initial NOTIFY is sent, and if there is a quick succession of NOTIFYs, we can guarantee that the two NOTIFY requests will be sent in succession. Change-Id: I5a89a77b5f2717928c54d6efb9955e5f6f5cf815	10 years ago
Mark Michelson	3ef74244a4	scheduler: Use queue for allocating sched IDs. It has been observed that on long-running busy systems, a scheduler context can eventually hit INT_MAX for its assigned IDs and end up overflowing into a very low negative number. When this occurs, this can result in odd behaviors, because a negative return is interpreted by callers as being a failure. However, the item actually was successfully scheduled. The result may be that a freed item remains in the scheduler, resulting in a crash at some point in the future. The scheduler can overflow because every time that an item is added to the scheduler, a counter is bumped and that counter's current value is assigned as the new item's ID. This patch introduces a new method for assigning scheduler IDs. Instead of assigning from a counter, a queue of available IDs is maintained. When assigning a new ID, an ID is pulled from the queue. When a scheduler item is released, its ID is pushed back onto the queue. This way, IDs may be reused when they become available, and the growth of ID numbers is directly related to concurrent activity within a scheduler context rather than the uptime of the system. Change-Id: I532708eef8f669d823457d7fefdad9a6078b99b2	10 years ago
Mark Michelson	8826e6c416	res_pjsip: Copy default_from_user to avoid crash. The default_from_user retrieval function was pulling the default_from_user from the global configuration struct in an unsafe way. If using a database as a backend configuration store, the global configuration struct is short-lived, so grabbing a pointer from it results in referencing freed memory. The fix here is to copy the default_from_user value out of the global configuration struct. Thanks go to John Hardin for discovering this problem and proposing the patch on which this fix is based. ASTERISK-25390 #close Reported by Mark Michelson Change-Id: I6b96067a495c1259da768f4012d44e03e7c6148c	10 years ago
George Joseph	943d5c0c99	res_pjsip: Validate that contact uris start with sip: or sips: Currently we use pjsip_parse_hdr to validate contact uris but it appears that it allows uris without a scheme if there's a port supplied. I.E myexample.com will fail but myexample.com:5060 will pass even though it has no scheme. This causes SEGVs later on whenever the uri is used. To prevent this, permanent_contact_validate has been updated to check that the scheme is either 'sip' or 'sips'. 2 uses of possibly-null endpoint have also been fixed in create_out_of_dialog_request. ASTERISK-24999 Change-Id: Ifc17d16a4923e1045d37fe51e43bbe29fa556ca2 Reported-by: Brad Latus (cherry picked from commit `75666ad7c6`)	10 years ago
Jonathan Rose	7b5bcbeebe	ParkAndAnnounce: Add variable inheritance In Asterisk 11, the announcer channel would receive channel variables from the channel being parked by means of normal channel inheritance. This functionality was lost during the big res_parking project in Asterisk 12. This patch restores that functionality. ASTERISK-25369 #close Review: https://gerrit.asterisk.org/#/c/1180/ Change-Id: Ie47e618330114ad2ea91e2edcef1cb6f341eed6e	10 years ago
Joshua Colp	0901a82adb	taskprocessor: Fix race condition between unreferencing and finding. When unreferencing a taskprocessor its reference count is checked to determine if it should be unlinked from the taskprocessors container and its listener shut down. In between the time when the reference count is checked and unlinking it is possible for another thread to jump in, find it, and get a reference to it. If the thread then uses the taskprocessor it may find that it is not in the state it expects. This change locks the taskprocessors container during almost the entire unreference operation to ensure that any other thread which may attempt to find the taskprocessor has to wait. ASTERISK-25295 Change-Id: Icb842db82fe1cf238da55df92e95938a4419377c (cherry picked from commit `a676ba2aad`)	10 years ago
Matt Jordan	5b06b6f1d3	Merge "res_pjsip: Change default from user value." into certified/13.1	10 years ago
Mark Michelson	500856b4f0	res_pjsip: Change default from user value. When Asterisk sends an outbound SIP request, if there is no direct reason to place a specific value for the username in the From header, Asterisk would generate a UUID. For example, this would happen when sending outbound OPTIONS requests when qualifying or when sending outbound INVITE requests when originating (if no explicit caller ID were provided). The issue is that some SIP providers reject these sorts of requests with a "Name too long" error response. This patch aims to fix this by changing the default outbound username in From headers to "asterisk". This value can be overridden by changing the default_from_user option in the global options if desired. ASTERISK-25377 #close Reported by Mark Michelson Change-Id: I6a4d34a56ff73ff4f661b0075aeba5461b7f3190	10 years ago
Jonathan Rose	42c40b59b6	Message.c: Clear message channel frames on cleanup The message channel is a special channel that doesn't actually process frames. However, certain actions can cause frames to be placed in the channel's read queue including the Hangup application which is called on the channel after each message is processed. Since the channel will continually be reused for many messages, it's necessary to flush these frames at some point. ASTERISK-25083 #close Reported by: Jonathan Rose Change-Id: Idf18df73ccd8c220be38743335b5c79c2a4c0d0f (cherry picked from commit `02c5130589`)	10 years ago
Mark Michelson	a1e1d8e815	res_pjsip: Fix contact refleak on stateful responses. When sending a stateful response, creation of the transaction can fail, most commonly because we are trying to create a transaction from a retransmitted request. When creation of the transaction fails, we end up leaking a reference to a contact that was bumped when the response was created. This patch adds the missing deref and fixes the reference leak. Change-Id: I2f97ad512aeb1b17e87ca29ae0abacb4d6395f07	10 years ago
Joshua Colp	9f5e1c0e56	pbx: Fix crash when issuing "core show hints" with long pattern match. When issuing the "core show hints" CLI command a combination of both the hint extension and context is created. This uses a fixed size buffer expecting that the extension will not exceed maximum extension length. When the extension is actually a pattern match this constraint does not hold true, and the extension may exceed the maximum extension length. In this case extra characters are written past the end of the fixed size buffer. This change makes it so the construction of the combined hint extension and context can not exceed the size of the buffer. ASTERISK-25367 #close Change-Id: Idfa1b95d0d4dc38e675be7c1de8900b3f981f499	10 years ago
Richard Mudgett	1c89230e2a	PJSIP XML, XPIDF: Fix buffer size overwrite memory corruption error. When res_pjsip body generator modules were generating XML or XPIDF response bodies, there was a chance that the generated body would be the exact size of the supplied buffer. Adding the nul string terminator would then write beyond the end of the buffer and potentially corrupt memory. * Fix MALLOC_DEBUG high fence violations caused by adding a nul string terminator on the end of a buffer for XML or XPIDF response bodies. * Made calls to pj_xml_print() safer if the XML prolog is requested. Due to a bug in pjproject, the return value could be -1 _or_ AST_PJSIP_XML_PROLOG_LEN if the supplied buffer is not large enough. * Updated the doxygen comment of AST_PJSIP_XML_PROLOG_LEN to describe the return value of pj_xml_print() when the supplied buffer is not large enough. ASTERISK-25168 Reported by: Carl Fortin Change-Id: Id70e1d373a6a2b2bd9e678b5cbc5e55b308981de	10 years ago
Mark Michelson	2f2c35e91d	res_pjsip_pubsub: re-re-fix persistent subscription storage. A recent change to res_pjsip_pubsub switched to using pjsip_msg_print as a means of writing an appropriate packet to persistent storage. While this partially solved the issue, it had its own problems. pjsip_msg_print will always add a Content-Length header to the message it prints. Frequent restarts of Asterisk can result in persistent subscriptions being written with five or more Content-Length headers. In addition, sometimes some apparent corruption of individual headers could be seen. This aims to fix the problem by not running a parsed message through an interpreter but rather by taking the raw message and saving it. The logic for what to save is going to be different depending on whether a SUBSCRIBE was received from the wire or if it was pulled from persistence. When receiving a packet from the wire, when using a streaming transport, the rdata->pkt_info.packet may contain multiple SIP messages or fragments. However, the rdata->msg_info.msg_buf will always contain the current SIP message to be processed. When pulling from persistence, though, the rdata->msg_info.msg_buf will be NULL since no transport actually handled the packet. However, since we know that we will always ever pull one SIP message from persistence, we are free to save directly from rdata->pkt_info.packet instead. ASTERISK-25365 #close Reported by Mark Michelson Change-Id: I33153b10d0b4dc8e3801aaaee2f48173b867855b	10 years ago
Mark Michelson	88ee3b3ef2	Fix deadlock on presence state changes. A deadlock was observed where three threads were competing for different locks: * One thread held the hints lock and was attempting to lock a specific hint. * One thread was holding the specific hint's lock and was attempting to lock the contexts lock * One thread was holding the contexts lock and attempting to lock the hints lock. Clearly the second thread was doing the wrong thing here. The fix for this is to make sure that the hint's lock is not held on presence state changes. Something similar is already done (and commented about) for device state changes. ASTERISK-25362 #close Reported by Mark Michelson Change-Id: I15ec2416b92978a4c0c08273b2d46cb21aff97e2	10 years ago
Matt Jordan	9121de6e9b	Merge "res_pjsip_sdp_rtp: Fix multiple keepalive scheduled items." into certified/13.1	10 years ago
Joshua Colp	8842637d8f	res_pjsip_sdp_rtp: Fix multiple keepalive scheduled items. The keepalive support in res_pjsip_sdp_rtp currently assumes that a stream will only be negotiated once. This is false. If the stream is replaced and later added back it can be negotiated again causing multiple keepalive scheduled items to exist. This change explicitly deletes the existing keepalive scheduled item before adding the new one. The res_pjsip_sdp_rtp module also does not stop RTP keepalives or timeout timer if the stream has been replaced. This change adds a callback to the session media interface to allow a media stream to be stopped without the resources being destroyed. This allows the scheduled items and RTP to be stopped when the stream no longer exists. ASTERISK-25356 #close Change-Id: Ibe6a7cc0927c87326fd5f1c0d4ad889dbfbea1de	10 years ago
Joshua Colp	06d42fede3	sched: ast_sched_del may return prematurely due to spurious wakeup When deleting a scheduled item if the item in question is currently executing the ast_sched_del function waits until it has completed. This is accomplished using ast_cond_wait. Unfortunately the ast_cond_wait function can suffer from spurious wakeups so the predicate needs to be checked after it returns to make sure it has really woken up as a result of being signaled. This change adds a loop around the ast_cond_wait to make sure that it only exits when the executing task has really completed. ASTERISK-25355 #close Change-Id: I51198270eb0b637c956c61aa409f46283432be61	10 years ago
Joshua Colp	042ece7669	Merge "Local channels: Alternate solution to ringback problem." into certified/13.1	10 years ago

1 2 3 4 5 ...

26229 Commits (dd4d4e40e57a0013c6861f6441f30eadbd1698c6) All Branches Search

26229 Commits (dd4d4e40e57a0013c6861f6441f30eadbd1698c6)

All Branches