The media frame cache gets in the way of finding use after free errors of
media frames. Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.
* Added the "cache_media_frames" option to asterisk.conf. Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the frame is
used after free and who freed it. NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.
To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.
Sample asterisk.conf setting:
[options]
cache_media_frames=no
ASTERISK-27413
Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00
cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long. The long string could be supplied by
external means using the CDR(userfield) function.
This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.
ASTERISK-27337
Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
Message tech and handler registrations use a vector which could fail to
expand. If it does log and error and return error.
Change-Id: I593a8de81a07fb0452e9b0efd5d4018b77bca6f4
format_cap_framed_init can fail on AST_VECTOR_APPEND. This should
report failure to the caller and clean the newly allocated frame.
Change-Id: Ica0661235bf09497bf23d844ceb01f21b41a55b0
The internal CLI command "_command complete" was last used by Asterisk
0.2.0. Since then we've been using "_command nummatches" and "_command
matchesarray".
Change-Id: I682fe1e21a24a3bb5bd04146e639f1c5866bcfce
When (v)asprintf() fails, the state of the allocated buffer is undefined.
The library had better not leave an allocated buffer as a result or no one
will know to free it. The most likely way it can return failure is for an
allocation failure. If the printf conversion fails then you actually have
a threading problem which is much worse because another thread modified
the parameter values.
* Made __ast_asprintf()/__ast_vasprintf() set the returned buffer to NULL
on failure. That is much more useful than either an uninitialized pointer
or a pointer that has already been freed. Many uses won't have to check
for failure to ensure that the buffer won't be double freed or prevent an
attempt to free an uninitialized pointer.
* stasis.c: Fixed memory leak in multi_object_blob_to_ami() allocated by
ast_asprintf().
* ari/resource_bridges.c:ari_bridges_play_helper(): Remove assignment to
the wrong thing which is now not needed even if assigning to the right
thing.
Change-Id: Ib5252fb8850ecf0f78ed0ee2ca0796bda7e91c23
Asterisk can be compiled without a SSL/TLS library, without the Development
Headers of OpenSSL. However, if TLS (SIP) or Secure-WebSockets (WebRTC) was
enabled in a configuration file, Asterisk did not notice the user. Asterisk
failed silently, only the corresponding TCP ports were not open.
ASTERISK-27394
Reported-by: mossley74
Change-Id: Ib8b7539a5b2af8154c22e5f7a40fc68f95d95b93
We use the editline library to help with filename completion in our CLI
interface. Some systems failed to find the header when included from
loader.c. This is fixed by setting the proper CFLAGS for the build of
loader.o.
ASTERISK-27378
Change-Id: Ib7fd496f1d7ed48141a2eadd5dd61cab2f2308be
Replace 'needsreload' argument with a 'type' argument to specify which
type of modules you want completion. This provides more accurate CLI
completion for load and unload commands.
* 'module unload' now excludes modules that have active references or are
not running.
* 'module load' now excludes modules that are already running.
* 'core set debug [atleast] <level> [module]' shows running modules only.
ASTERISK-27378
Change-Id: Iea3e00054461484196c46f688f02635cc886bad1
The dialplan application "Bridge" was not setting the BRIDGERESULT to failure
when a failure did occur. Even worse if it did fail to join the bridge it would
still report success.
This patch now sets the BRIDGERESULT variable to an appropriate value for a
given condition state. Also, removed the value INCOMPATIBLE as a valid result
type since it is no longer used.
ASTERISK-27369 #close
Change-Id: I22588e7125a765edf35cff28c98ca143e9927554
* Stop using ast_module_helper to check if a module is loaded, use
ast_module_check instead (app_confbridge and app_meetme).
* Stop ast_module_helper from listing reload classes when needsreload
was not requested.
ASTERISK-27378
Change-Id: Iaed8c1e4fcbeb242921dbac7929a0fe75ff4b239
Earlier versions of the codec_opus samples_count callback can return
negative error values on undecodable frames. This resulted in a divide by
zero exception.
* Added a defensive check in ast_codec_samples_count() for a "negative"
samples count return value. Log the event and set the count to zero.
ASTERISK-27194
Change-Id: Icf69350307ecbbc80a3d74de46af9bd80ea17819
The configure option to disable XML documentation does not currently
work. This patch makes it effective, but also causes an ABI change by
removing the ast_xmldoc_* symbols. Disabling xmldoc also prevents docs
from being automatically generated, but they can still be manually
generated with 'make doc/core-en_US.xml'.
ASTERISK-26639
Change-Id: Ifac562340c09f80c83e0203de098fcac93bf8c44
Currently ast_http_send barricades a portion of the content that
needs to be sent in order to establish a connection for things
like the ARI client. The conditional and contents have been changed
to ensure that everything that needs to be sent, will be sent.
ASTERISK-27372
Change-Id: I8816d2d8f80f4fefc6dcae4b5fdfc97f1e46496d
* Rename the Party A CDR container from active_cdrs_by_channel to
active_cdrs_master.
* Renamed the support functions associated with active_cdrs_master
appropriately.
ASTERISK-27335
Change-Id: I6104bb3edc3a0b7243ce502e45e8832b0cff14f7
The CDR performance gets worse the further it gets behind in processing
stasis messages. One of the reasons is because of a n*m loop used when
processing Party B information.
* Added a new CDR container that is keyed to Party B so we don't need such
a large loop when processing Party B information.
NOTE: To reduce the size of the patch I deferred to another patch the
renaming of the Party A active_cdrs_by_channel container to
active_cdrs_master and renaming the container's hash and cmp functions
appropriately.
ASTERISK-27335
Change-Id: I0bf66e8868f8adaa4b5dcf9e682e34951c350249
It's possible for bfdobj to be created but syms not created. If syms
was not allocated in the current loop iteration but was allocated in the
previous iteration it would crash.
ASTERISK-27340
Change-Id: I5b110c609f6dfe91339f782a99a431bca5837363
This avoids a crash on stopping a chan_sip which failed to start its TLS server.
ASTERISK-27339 #close
Change-Id: I327fc70db68eaaca5b50a15c7fd687fde79263d5
The CDR performance gets worse the further it gets behind in processing
stasis messages. One of the reasons is we were getting the global config
to determine if we needed to log a debugging message.
* Many calls to ao2_global_obj_ref() were just so we could determine if
debug mode is enabled. Made a global flag to check instead.
* Eliminated many RAII_VAR() usages associated with the remaining
ao2_global_obj_ref() calls.
* Added missing NULL checks for the returned ao2_global_obj_ref() value.
ASTERISK-27335
Change-Id: Iceaad93172862f610cad0188956634187bfcc7cd
The CDR performance gets worse the further it gets behind in processing
stasis messages. One of the reasons is we were getting the global config
even if we didn't need it.
* Most uses of the global config were only needed on off nominal code
paths so it makes sense to not get it until absolutely needed.
ASTERISK-27335
Change-Id: I00c63b7ec233e5bfffd5d976f05568613d3c2365
The CDR performance gets worse the further it gets behind in processing
stasis messages. One of the reasons is we were repeatedly setting string
fields to potentially the same string in base_process_party_a(). Setting
a string field involves allocating room for the new string out of a memory
pool which may have to allocate even more memory.
* Check to see if the string field is already set to the desired string.
ASTERISK-27335
Change-Id: I3ccb7e23f1488417e08cafe477755033eed65a7c
The string comparisons for setting these CDR variables was inverted. We
were repeatedly setting these CDR variables only if the channel snapshots
had the same value.
ASTERISK-27335
Change-Id: I9482073524411e7ea6c03805b16de200cb1669ea
The only caller of cdr_object_fn_table.process_party_b() explicitly does
the check before calling.
Change-Id: Ib0c53cdf5048227842846e0df9d2c19117c45618
Since ASTERISK-26922, this issue affected only those chan_sip which were
* enabled for dual-stack (bindaddr=::), and
* enabled for TCP (tcpenable=yes) and/or TLS (tlsenable=yes), and
* tried to register and/or invite a IPv4-only service,
* via TCP and/or TLS.
Now, ast_tcptls_client_create does not re-bind to [::] anymore.
ASTERISK-27324 #close
Change-Id: I4b242837bdeb1ec7130dc82505c6180a946fd9b5
ast_strings_match uses sscanf and checks for non-zero return to verify a
token was parsed. This is incorrect as sscanf returns EOF (-1) for errors.
ASTERISK-27318 #close
Change-Id: Ifcece92605f58116eff24c5a0a3b0ee08b3c87b1
When two channels were early bridged in a native_rtp bridge, the RTP description
on one side was not updated when the other side answered.
This patch forbids non-answered channels to enter a native_rtp bridge, and
triggers a bridge reconfiguration when an ANSWER frame is received.
ASTERISK-27257
Change-Id: If1aaee1b4ed9658a1aa91ab715ee0a6413b878df
A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.
res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.
Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c
If an error occurs during a bridge impart it's possible that
the "bridge_after" callback might try to run before
control_swap_channel_in_bridge has been signalled to continue.
Since control_swap_channel_in_bridge is holding the control lock
and the callback needs it, a deadlock will occur.
* control_swap_channel_in_bridge now only holds the control
lock while it's actually modifying the control structure and
releases it while the bridge impart is running.
* bridge_after_cb is now tolerant of impart failures.
Change-Id: Ifd239aa93955b3eb475521f61e284fcb0da2c3b3
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.
For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.
Therefore, checks like this look wrong, but are right:
/* See if where we are sending this request is local or not, and if
not that we can get a Contact URI to modify */
if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
ast_debug(5, "Request is being sent to local address, "
"skipping NAT manipulation\n");
(In the list == localnet == DENY == skip NAT manipulation.)
And conversely, other checks that looked right, were wrong.
This change adds two macro's to reduce the confusion and uses those
instead:
ast_sip_transport_is_nonlocal(transport_state, addr)
ast_sip_transport_is_local(transport_state, addr)
ASTERISK-27248 #close
Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
ASTERISK-27103
Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
There is a little known feature in app_controlplayback that will cause the
specified offset to be used relative to the end of a file if a ':end' is
detected within the filename.
This feature is pretty bad, but okay.
However, a bug exists in this code where a ':' detected in the filename
will cause the end pointer to be non-NULL, even if the full ':end' isn't
specified. This causes us to treat an unspecified offset (0) as being
"start playing from the end of the file", resulting in no file playback
occurring.
This patch fixes this bug by resetting the end pointer if ':end' is not
found in the filename.
ASTERISK-23608 #close
Reported by: Jonathan White
Change-Id: Ib4c7b1b45283e4effd622a970055c51146892f35
(cherry picked from commit 13efea24f7)
* netsock2.c: Test the addr->len member first as it may be the only member
initialized in the struct.
* stun.c:ast_stun_handle_packet(): The combinded[] local array could get
used uninitialized by ast_stun_request(). The uninitialized string gets
copied to another location and could overflow the destination memory
buffer.
These valgrind findings were found for ASTERISK_27150 but are not
necessarily a fix for the issue.
Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57
GCC 7 has added capability to produce warnings, this fixes most of those
warnings. The specific warnings are disabled in a few places:
* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().
ASTERISK-27156 #close
Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
The seconds and minutes files have always existed in the base language
directory of the Core package. So say.c has always been calling the wrong
location (under digits/) for those two files and in the case of second and
minute they didn't exist in the Core packages at all.
The 1.6 sounds release moves the second and minute files into Core from
Extra for the languages that already had them. A future release will include
the second and minute files for languages that didn't already have them.
This patch just changes all the target locations for second, seconds,
minute, and minutes that were under the digits subdir to be under the root of
sounds instead. Which is where the sounds will be for some languages after 1.6
sounds and for all languages after a future release.
ASTERISK-25810 #close
Change-Id: I05d9d4bee6a7237030530a46e7eb3df15f13f702
Reported-by: Nicolas Riendeau
This adds support for parsing timelen values from config files. This
includes support for all flags which apply to PARSE_INT32. Support for
this parser is added to ACO via the OPT_TIMELEN_T option type.
Fixes an issue where extra characters provided to ast_app_parse_timelen
were ignored, they now cause an error.
Testing is included.
ASTERISK-27117 #close
Change-Id: I6b333feca7e3f83b4ef5bf2636fc0fd613742554
Setting maxfiles (maximum number of open files) has no practical
effect on a remote asterisk (rasterisk, rasterisk -x).
It has an ill effect of printing an extra message, which
may be annoying in case of -x.
ASTERISK-27105 #close
Change-Id: Iaf9eb344e4b4b517df91b736b27ec55f6a6921a2
Messages like "fwrite() failed: Connection reset by peer" are no
help whatsoever, especially since they can be caused simply by a
client disconnecting.
* Make those WARNINGs DEBUGs.
* Check the return of the headers fprintf.
Change-Id: I17bd5f3621514152a7b2b263c801324c5e96568b
Invoking 'data get /asterisk/core/channeltypes' caused a crash because
of an assumption of a tech's capabilities to be non-NULL. The
'Surrogate' tech, however, does have a NULL capabilities member,
resulting in a crash.
ASTERISK-27108 #close
Change-Id: I2fbe7715681f43d5565d1e1599269468c26b0e0a
Clear channel flag AST_FLAG_END_DTMF_ONLY in ast_waitfordigit_full when
ast_read returns NULL.
ASTERISK-27100 #close
Change-Id: Id3039e9a4e74e0cb359f636c9fd0c9740ebf7d9d
In an earlier version of Asterisk a local channel [un]lock all functions were
added in order to keep a crash from occurring when a channel hung up too early
during an attended transfer. Unfortunately, when a transfer failure occurs and
depending on the timing, the local channels sometime do not get properly
unlocked and deref'ed after being locked and ref'ed. This happens because the
underlying local channel structure gets NULLed out before unlocking.
This patch reworks those [un]lock functions and makes sure the values that get
locked and ref'ed later get unlocked and deref'ed.
ASTERISK-27074 #close
Change-Id: Ice96653e29bd9d6674ed5f95feb6b448ab148b09
If an attended transfer failed it was possible for some of the channels
involved to get "stuck" because Asterisk was not hanging up the transfer target.
This patch ensures Asterisk hangs up the transfer target when an attended
transfer failure occurs.
ASTERISK-27075 #close
Change-Id: I98a6ecd92d3461ab98c36f0d9451d23adaf3e5f9
When a stasis channel is stolen by another app, the control
structure is unreffed but never unlinked from the app_controls
container. This causes the channel reference to leak.
Added OBJ_UNLINK to the callback in channel_stolen_cb.
Also added some additional channel lifecycle debug messages to
channel.c.
ASTERISK-27059 #close
Repoorted-by: George Joseph
Change-Id: Ib820936cd49453f20156971785e7f4f182c56e14
The ast_channel_suppress function wrongly decremented the
reference count of the underlying structure used to keep
track of what should be suppressed on a channel if the
function was called multiple times on the same channel.
This change cleans up the reference counting a bit so
this no longer occurs.
ASTERISK-27016
Change-Id: I2eed4077cb4916e6626f9f120b63b963acc5c136
Not easy to reproduce, but we have noticed deadlocks when unloading a module
while dialplan is handling a request.
The deadlock is between :
1) Dialplan execution: pbx_extension_helper() first taking conlock,
then pbx_findapp() [when called] asking for lock on apps list.
2) Application unregistration: ast_unregister_application() first taking lock
on apps list, then unreference_cached_app() [when called] asking for conlock.
As a protection, I suggest to modify ast_unregister_application(), so that it
anticipates the need of conlock, before taking the lock on apps list.
The side effect is a longer unavailability of conlock when unregistering an
application.
ASTERISK-27041
Change-Id: I0db0f1eb320da6a5758cce3a47d765be1face8e2
This change adds a deferred queue to bridging. If a bridge
technology determines that a frame can not be written and
should be deferred it can indicate back to bridging to do so.
Bridging will then requeue any deferred frames upon a new
channel joining the bridge.
This change has been leveraged for T.38 request negotiate
control frames. Without the deferred queue there is a race
condition between the bridge receiving the T.38 request
negotiate and the second channel joining and being in the
bridge. If the channel is not yet in the bridge then the T.38
negotiation fails.
A unit test has also been added that confirms that a T.38
request negotiate control frame is deferred when no other
channel is in the bridge and that it is requeued when a new
channel joins the bridge.
ASTERISK-26923
Change-Id: Ie05b08523f399eae579130f4a5f562a344d2e415
FreeBSD does not include a crypt.h include file. Definitions for
crypt() and crypt_r() are in unistd.h
ASTERISK-27042 #close
Change-Id: Ib307ee5e384870c6af50efa89fb73722dd0c3a7e
ASTERISK-26419 introduced a bug when calling ast_audiohook_write_list in
ast_write. It would free the frame given to ast_write if the frame returned
by ast_audiohook_write_list was different than the given one. The frame
give to ast_write should never be freed within that function. It is the
caller's resposibility to free the frame after writing (or when it its done
with it). By freeing it within ast_write this of course led to some memory
corruption problems.
This patch makes it so the frame given to ast_write is no longer freed within
the function. The frame returned by ast_audiohook_write_list is now subsequently
used in ast_write and is freed later. It is freed either after translate if the
frame returned by translate is different, or near the end of ast_write prior
to function exit.
ASTERISK-26973 #close
Change-Id: I463d4ac3b736ced95de986ee74a489c7c7ab103b
Before this patch, when a user hung up during a Background, we would
stuff 0xff into a char and attempt a dialplan lookup of it. This caused
problems for some realtime engines which interpreted the value as the
beginning of an invalid UTF-8 sequence.
ASTERISK-19291 #close
Reported by: Andrew Nowrot
Change-Id: I8ca6da93252d61c76ebdb46a4aa65e73ca985358
In review 4843 (ASTERISK-24858), we added a hack that forced a smoother
creation when sending signed linear so that the byte order was adjusted
during transmission. This was needed because smoother flags were lost
during the new format work that was done in Asterisk 13.
Rather than rolling that same hack into res_rtp_multicast, re-introduce
smoother flags so that formats can dictate their own options.
Change-Id: I77b835fba0e539c6ce50014a984766f63cab2c16
During the channel flag audit an incorrect change was
done. The flag should be cleared on the second channel.
ASTERISK-26469
Change-Id: I770c5a389550a2fb5a6ade942fccbb2e1d9199c8
...that can only be run by explicitly calling it with
'test execute category /DO_NOT_RUN/ name RAISE_SEGV'
This allows us to more easily test CI and debugging tools that
should do certain things when asterisk coredumps.
To allow this a new member was added to the ast_test_info
structure named 'explicit_only'. If set by a test, the test
will be skipped during a 'test execute all' or
'test execute category ...'.
Change-Id: Ia3a11856aae4887df9a02b6b081cc777b36eb6ed
When manipulating flags on a channel the channel has to be
locked to guarantee that nothing else is also manipulating
the flags. This change introduces locking where necessary to
guarantee this. It also adds helper functions that manipulate
channel flags and lock to reduce repeated code.
ASTERISK-26789
Change-Id: I489280662dba0f4c50981bfc5b5a7073fef2db10
This change uses the functions provided by OpenSSL to query
and better construct error messages for situations where
the connection encounters a problem.
ASTERISK-26606
Change-Id: I7ae40ce88c0dc4e185c4df1ceb3a6ccc198f075b
It is possible to initialize a valid config without a capath
or cafile definition. This will cause a crash on a reload.
This fix ensures capath is always allocated.
ASTERISK-26983 #close
Change-Id: I63ff715d9d9023427543a5b8a4ba7b0d82533c12
All log messages go to a queue serviced by a single thread
which does all the IO. This setting controls how big that
queue can get (and therefore how much memory is allocated)
before new messages are discarded. The default is 1000.
Should something go bezerk and log tons of messages in a tight
loop, this will prevent memory escalation.
When the limit is reached, a WARNING is logged to that effect
and messages are discarded until the queue is empty again. At
that time another WARNING will be logged with the count of
discarded messages. There's no "low water mark" for this queue
because the logger thread empties the entire queue and processes it
in 1 batch before going back and waiting on the queue again.
Implementing a low water mark would mean additional locking as
the thread processes each message and it's not worth it.
A "test" was added to test_logger.c but since the outcome is
non-deterministic, it's really just a cli command, not a unit
test.
Change-Id: Ib4520c95e1ca5325dbf584c7989ce391649836d1
menu_template_handler wasn't properly accounting for the fact that
it might be called both during a load/reload (which isn't really
valid but not prevented) and by a dialplan function. In both cases
it was attempting to use the "pending" config which wasn't valid in
the latter case. aco_process_config is also partly to blame because
it wasn't properly cleaning "pending" up when a reload was done and
no changes were made. Both of these contributed to a crash if
CONFBRIDGE(menu,template) was called in a dialplan after a reload.
* aco_process_config now sets info->internal->pending to NULL
after it unrefs it although this isn't strictly necessary in the
context of this fix.
* menu_template_handler now uses the "current" config and silently
ignores any attempt to be called as a result of someone uses the
"template" parameter in the conf file.
Luckily there's no other place in the codebase where
aco_pending_config is used outside of aco_process_config.
ASTERISK-25506 #close
Reported-by: Frederic LE FOLL
Change-Id: Ib349a17d3d088f092480b19addd7122fcaac21a7
When using the Bridge AMI action on the same channel multiple times
it was possible for the channel to return to the wrong location in
the dialplan if the other party hung up. This happened because the
priority of the channel was not preserved across each action
invocation and it would fail to move on to the next priority in
other cases.
This change makes it so that the priority of a channel is preserved
when taking control of it from another thread and it is incremented
as appropriate such that the priority reflects where the channel
should next be executed in the dialplan, not where it may or may not
currently be.
The Bridge AMI action was also changed to ensure that it too
starts the channels at the next location in the dialplan.
ASTERISK-24529
Change-Id: I52406669cf64208aef7252a65b63ade31fbf7a5a
There is a theoretical potential to deadlock in
ast_rtp_codecs_payloads_copy() because it locks two different
ast_rtp_codecs locks. It is theoretical because the callers of the
function are either copying between a local ast_rtp_codecs struct and a
RTP instance of the ast_rtp_codecs struct. Or they are copying between
the caller and callee channel RTP instances before initiating the call to
the callee. Neither of these situations could actually result in a
deadlock because there cannot be another thread involved at the time.
* Add deadlock avoidance code to ast_rtp_codecs_payloads_copy() since it
locks two ast_rtp_codecs locks to perform a copy.
This only affects v13 since this deadlock avoidance code is already in
newer branches.
Change-Id: I1aa0b168f94049bd59bbd74a85bd1e78718f09e5
Interpolated frames are frames which contain a number of
samples but have no actual data. Audiohooks did not
handle this case when translating an incoming frame into
signed linear. It assumed that a frame would always contain
media when it may not. If this occurs audiohooks will now
immediately return and not act on the frame.
As well for users of ast_trans_frameout the function has
been changed to be a bit more sane and ensure that the data
pointer on a frame is set to NULL if no data is actually
on the frame. This allows the various spots in Asterisk that
check for an interpolated frame based on the presence of a
data pointer to work as expected.
ASTERISK-26926
Change-Id: I7fa22f631fa28d540722ed789ce28e84c7f8662b
Cleaned up some of the incorrect uses of fread() and fwrite(), mostly in
the format modules. Neither of these functions will ever return a value
less than 0, which we were checking for in some cases.
I've introduced a fair amount of duplication in the format modules, but
I plan to change how format modules work internally in a subsequent
patch set, so this is simply a stop-gap.
Change-Id: I8ca1cd47c20b2c0b72088bd13b9046f6977aa872
The primary win of switching to eventfd when possible is that it only
uses a single file descriptor while pipe() will use two. This means for
each bridge channel we're reducing the number of required file
descriptors by 1, and - if you're using timerfd - we also now have 1
less file descriptor per Asterisk channel.
The API is not ideal (passing int arrays), but this is the cleanest
approach I could come up with to maintain API/ABI.
I've also removed what I believe to be an erroneous code block that
checked the non-blocking flag on the pipe ends for each read. If the
file descriptor is 'losing' its non-blocking mode, it is because of a
bug somewhere else in our code.
In my testing I haven't seen any measurable difference in performance.
Change-Id: Iff0fb1573e7f7a187d5211ddc60aa8f3da3edb1d
Both ast_pbx_outgoing_app() and ast_pbx_outgoing_exten() cause the core
to spawn a new thread to perform the dial. When AST_OUTGOING_WAIT_COMPLETE
is passed to these functions, the calling thread will be blocked until
the newly created channel has been hung up.
After this patch, we run the dial on the current thread rather than
spawning a new one. The only in-tree code that passes
AST_OUTGOING_WAIT_COMPLETE is pbx_spool, so you should see reduced
thread usage if you are using .call files.
Change-Id: I512735d243f0a9da2bcc128f7a96dece71f2d913
The struct ast_rtp_instance has historically been indirectly protected
from reentrancy issues by the channel lock because early channel drivers
held the lock for really long times. Holding the channel lock for such a
long time has caused many deadlock problems in the past. Along comes
chan_pjsip/res_pjsip which doesn't necessarily hold the channel lock
because sometimes there may not be an associated channel created yet or
the channel pointer isn't available.
In the case of ASTERISK-26835 a pjsip serializer thread was processing a
message's SDP body while another thread was reading a RTP packet from the
socket. Both threads wound up changing the rtp->rtcp->local_addr_str
string and interfering with each other. The classic reentrancy problem
resulted in a crash.
In the case of ASTERISK-26853 a pjsip serializer thread was processing a
message's SDP body while another thread was reading a RTP packet from the
socket. Both threads wound up processing ICE candidates in PJPROJECT and
interfering with each other. The classic reentrancy problem resulted in a
crash.
* rtp_engine.c: Make the ast_rtp_instance_xxx() calls lock the RTP
instance struct.
* rtp_engine.c: Make ICE and DTLS wrapper functions to lock the RTP
instance struct for the API call.
* res_rtp_asterisk.c: Lock the RTP instance to prevent a reentrancy
problem with rtp->rtcp->local_addr_str in the scheduler thread running
ast_rtcp_write().
* res_rtp_asterisk.c: Avoid deadlock when local RTP bridging in
bridge_p2p_rtp_write() because there are two RTP instance structs
involved.
* res_rtp_asterisk.c: Avoid deadlock when trying to stop scheduler
callbacks. We cannot hold the instance lock when trying to stop a
scheduler callback.
* res_rtp_asterisk.c: Remove the lock in struct dtls_details and use the
struct ast_rtp_instance ao2 object lock instead. The lock was used to
synchronize two threads to prevent a race condition between starting and
stopping a timeout timer. The race condition is no longer present between
dtls_perform_handshake() and __rtp_recvfrom() because the instance lock
prevents these functions from overlapping each other with regards to the
timeout timer.
* res_rtp_asterisk.c: Remove the lock in struct ast_rtp and use the struct
ast_rtp_instance ao2 object lock instead. The lock was used to
synchronize two threads using a condition signal to know when TURN
negotiations complete.
* res_rtp_asterisk.c: Avoid deadlock when trying to stop the TURN
ioqueue_worker_thread(). We cannot hold the instance lock when trying to
create or shut down the worker thread without a risk of deadlock.
This patch exposed a race condition between a PJSIP serializer thread
setting up an ICE session in ice_create() and another thread reading RTP
packets.
* res_rtp_asterisk.c:ice_create(): Set the new rtp->ice pointer after we
have re-locked the RTP instance to prevent the other thread from trying to
process ICE packets on an incomplete ICE session setup.
A similar race condition is between a PJSIP serializer thread resetting up
an ICE session in ice_create() and the timer_worker_thread() processing
the completion of the previous ICE session.
* res_rtp_asterisk.c:ast_rtp_on_ice_complete(): Protect against an
uninitialized/null remote_address after calling
update_address_with_ice_candidate().
* res_rtp_asterisk.c: Eliminate the chance of ice_reset_session()
destroying and setting the rtp->ice pointer to NULL while other threads
are using it by adding an ao2 wrapper around the PJPROJECT ice pointer.
Now when we have to unlock the RTP instance object to call a PJPROJECT ICE
function we will hold a ref to the wrapper. Also added some rtp->ice NULL
checks after we relock the RTP instance and have to do something with the
ICE structure.
ASTERISK-26835 #close
ASTERISK-26853 #close
Change-Id: I780b39ec935dcefcce880d50c1a7261744f1d1b4
In all non-pbx modules, AST_MODULE_LOAD_FAILURE has been changed
to AST_MODULE_LOAD_DECLINE. This prevents asterisk from exiting
if a module can't be loaded. If the user wishes to retain the
FAILURE behavior for a specific module, they can use the "require"
or "preload-require" keyword in modules.conf.
A new API was added to logger: ast_is_logger_initialized(). This
allows asterisk.c/check_init() to print to the error log once the
logger subsystem is ready instead of just to stdout. If something
does fail before the logger is initialized, we now print to stderr
instead of stdout.
Change-Id: I5f4b50623d9b5a6cb7c5624a8c5c1274c13b2b25
* changes:
stun.c: Fix ast_stun_request() erratic timeout.
sorcery.c: Speed up ast_sorcery_retrieve_by_id()
res_pjsip: Fix pointer use after unref.
res_pjsip_sdp_rtp.c: Don't use deprecated transport struct member.
If ast_stun_request() receives packets other than a STUN response then we
could conceivably never exit if we continue to receive packets with less
than three seconds between them.
* Fix poll timeout to keep track of the time when we sent the STUN
request. We will now send a STUN request every three seconds regardless
of how many other packets we receive while waiting for a response until we
have completed three STUN request transmission cycles.
Change-Id: Ib606cb08585e06eb50877f67b8d3bd385a85c266
Return early if ast_sorcery_retrieve_by_id() is not passed an id to find.
Also eliminated the RAII_VAR() usage in the function.
Change-Id: I871dbe162a301b5ced8b4393cec27180c7c6b218
Temporarily running out of file descriptors should not terminate the
listener thread. Otherwise, when there becomes more file descriptors
available, nothing is listening.
* Added EMFILE exception to abnormal thread exit.
* Added an abnormal TCP/TLS listener exit error message.
* Closed the TCP/TLS listener socket on abnormal exit so Asterisk does not
appear dead if something tries to connect to the socket.
ASTERISK-26903 #close
Change-Id: I10f2f784065136277f271159f0925927194581b5
ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
result in a buffer overrun when called from chan_sip or func_cdr. This patch
adds a maximum bytes written to the field by using ast_copy_string instead.
ASTERISK-26897 #close
patches:
0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
by Corey Farrell (license #5909)
Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
If DESTDIR is set, don't call ldconfig. Assume that DESTDIR is used to
create a binary archive. The ldconfig call should be delegated to the
archive postinst script. This fixes the case where fakeroot wraps 'make
install' causing $EUID to be 0 even though it doesn't have permission to
call ldconfig.
The previous logic in configure.ac to detect and correct libdir
has been removed as it was not completely accurate. CentOS 64-bit
users should again specifiy --libdir=/usr/lib64 when configuring
to prevent install to /usr/lib.
Updated Makefile:check-old-libdir to check for orphans in
lib64 when installing to lib as well as orphans in lib when installing
to lib64.
Updated Makefile and main/Makefile uninstall targets to remove the
orphans using the new logic.
ASTERISK-26705
Change-Id: I51739d4a03e60bff38be719b8d2ead0007afdd51
The ao2_global_obj_release() function holds an exclusive lock on the
global object while it is being dereferenced. Any destructors that
run during this time that call ao2_global_obj_ref() will deadlock
because a read lock is required.
Instead, we make the global object inaccessible inside of the write
lock and only dereference it once we have released the lock. This
allows the affected destructors to fail gracefully.
While this doesn't completely solve the referenced issue (the error
message about not being able to create an IQ continues to be shown)
it does solve the backtrace spew that accompanied it.
ASTERISK-21009 #close
Reported by: Marcello Ceschia
Change-Id: Idf40ae136b5070dba22cb576ea8414fbc9939385
The CDR code previously did not allow the user field to be set
from the 'h' extension in the dialplan. This change removes that
limitation and allows it to be set.
ASTERISK-26818
Change-Id: I0fed8a79b5e408bac4e30542b8f33a61c5ed9aa6
Richard Mudgett
Corey Farrell
Jenkins2
Joshua Colp
Alexander Traud
Kevin Harwell
Ben Ford
Tzafrir Cohen
Thomas Sevestre
Jean Aunis
George Joseph
Walter Doekes
Sean Bright
Matt Jordan
Rusty Newton
Frederic LE FOLL
Guido Falsi
Joshua Elson
Walter Doekes
zuul
Sebastian Gutierrez