asterisk

Commit Graph

Author	SHA1	Message	Date
Matthew Jordan	fd9f2351cd	AST-2012-008: Fix remote crash vulnerability in chan_skinny When a skinny session is unregistered, the corresponding device pointer is set to NULL in the channel private data. If the client was not in the on-hook state at the time the connection was closed, the device pointer can later be dereferenced if a message or channel event attempts to use a line's pointer to said device. The patches prevent this from occurring by checking the line's pointer in message handlers and channel callbacks that can fire after an unregistration attempt. (closes issue ASTERISK-19905) Reported by: Christoph Hebeisen Tested by: mjordan, Damien Wedhorn Patches: AST-2012-008-1.8.diff uploaded by mjordan (license 6283) AST-2012-008-10.diff uploaded by mjordan (license 6283) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367843 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Richard Mudgett	be10342c3f	AST-2012-007: Fix IAX receiving HOLD without suggested MOH class crash. * Made schedule_delivery() set the received frame f->data.ptr to NULL if the datalen is zero. * Fix queue_signalling() memcpy() size error. * Made queue_signalling() not use C++ keyword variable names. (closes issue ASTERISK-19597) Reported by: mgrobecker Patches: jira_asterisk_19597_v1.8.patch (license #5621) patch uploaded by rmudgett Tested by: rmudgett, Michael L. Young git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367781 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Michael L. Young	20b362fa4b	Fix pvt_sip for inbound call to use peer's allowtransfer setting The pvt_sip allowtransfer was not being set to that of the peer's setting. Therefore, the global allowtransfer setting was being used instead which would lead to calls not being transfered if the global setting was set to 'no' despite the setting on the peer being 'yes' and vice versa, calls would be allowed to transfer even if the peer's setting was 'no' but the global setting was 'yes'. (Closes issue ASTERISK-19856) Reported by: Jacek Tested by: Michael L. Young, Jacek Patches: issue-asterisk-19856-branch10-v3.diff uploaded by Michael L. Young (license 5026) Review: https://reviewboard.asterisk.org/r/1923/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367730 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	f26d22b563	Update a peer's LastMsgsSent when the peer is notified of waiting messages Previously, MWI logic utilized a counter called 'lastmsgssent' to know whether or not MWI NOTIFY requests had been sent to a specific peer. When MWI notifications were changed to use the internal event framework, this value was no longer needed for its original purpose. Hence, it was no longer updated with the new/old message counts for a peer. However, the value was still presented when, either by AMI or CLI, a 'sip show peer [peer]' command was executed. The output of the command would always display the erroneous value of 32767/65535 for 'LastMsgsSent'. This patch makes it so that the value of lastmsgssent is updated appropriately. The value should now display the new/old message counts for a particular peer. (closes issue ASTERISK-17866) Reported by: Steve Davies patches by: ast-17866-rb1272.patch (License #5041 by irroot) Modified slightly for this commit Review: https://reviewboard.asterisk.org/r/1939 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367362 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Terry Wilson	c191395381	Resolve crash in subscribing for MWI notifications ASTOBJ_UNREF sets the variable to NULL after unreffing it, so the variable should definitely not be used after that. To solve this in the two cases that affect subscribing for MWI notifications, we instead save the ref locally, and unref them in the error conditions. (closes issue ASTERISK-19827) Reported by: B. R Review: https://reviewboard.asterisk.org/r/1940/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367266 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	3ddfb50fe4	Address MISSING_BREAK static analysis reports some more. This addresses core findings 4 and 6. Moises Silva helped me by stating that a break could be safely added to the case where it is added in chan_dahdi.c In say.c, I have added a comment indicating that static analysis complains but that it is currently unknown if this is correct. This fixes all core findings of this type. (closes issue ASTERISK-19662) reported by Matthew Jordan git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367027 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	eef4c09787	Fix memory leak of SSL_CTX structures in TLS core. SSL_CTX structures were allocated but never freed. This was a bigger issue for clients than servers since new SSL_CTX structures could be allocated for each connection. Servers, on the other hand, typically set up a single SSL_CTX for their lifetime. This is solved in two ways: 1. In __ssl_setup(), if a tcptls_cfg has an ssl_ctx on it, it is freed so that a new one can take its place. 2. A companion to ast_ssl_setup() called ast_ssl_teardown() has been added so that servers can properly free their SSL_CTXs. (issue ASTERISK-19278) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@367002 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	67268d9198	Fix more memory leaks This patch adds to what was fixed in r366880. Specifically, it addresses the following: * chan_sip: dispose of an allocated frame in off nominal code paths in sip_rtp_read * func_odbc: when disposing of an allocated resultset, ensure that any rows that were appended to that resultset are also disposed of * cli: free the created return string buffer in another off nominal code path (issue ASTERISK-19665) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/1922/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366944 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	3bdb733c5d	Reorder and renumber tests appropriately It appears that a patch did not apply properly when adding tests 12 and 13 and test 11 was duplicated. These tests have been reordered and renumbered such that they make sense. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366882 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	3edf245601	Fix a variety of memory leaks This patch addresses a number of memory leaks in a variety of modules that were found by a static analysis tool. A brief summary of the changes: * app_minivm: free ast_str objects on off nominal paths * app_page: free the ast_dial object if the requested channel technology cannot be appended to the dialing structure * app_queue: if a penalty rule failed to match any existing rule list names, the created rule would not be inserted and its memory would be leaked * app_read: dispose of the created silence detector in the presence of off nominal circumstances * app_voicemail: dispose of an allocated unique ID field for MWI event un-subscribe requests in off nominal paths; dispose of configuration objects when using the secret.conf option * chan_dahdi: dispose of the allocated frame produced by ast_dsp_process * chan_iax2: properly unref peer in CLI command "iax2 unregister" * chan_sip: dispose of the allocated frame produced by sip_rtp_read's call of ast_dsp_process; free memory in parse unit tests * func_dialgroup: properly deref ao2 object grhead in nominal path of dialgroup_read * func_odbc: free resultset in off nominal paths of odbc_read * cli: free match_list in off nominal paths of CLI match completion * config: free comment_buffer/list_buffer when configuration file load is unchanged; free the same buffers any time they were created and config files were processed * data: free XML nodes in various places * enum: free context buffer in off nominal paths * features: free ast_call_feature in off nominal paths of applicationmap config processing * netsock2: users of ast_sockaddr_resolve pass in an ast_sockaddr struct that is allocated by the method. Failures in ast_sockaddr_resolve could result in the users of the method not knowing whether or not the buffer was allocated. The method will now not allocate the ast_sockaddr struct if it will return failure. * pbx: cleanup hash table traversals in off nominal paths; free ignore pattern buffer if it already exists for the specified context * xmldoc: cleanup various nodes when we no longer need them * main/editline: various cleanup of pointers not being freed before being assigned to other memory, cleanup along off nominal paths * menuselect/mxml: cleanup of value buffer for an attribute when that attribute did not specify a value * res_calendar: responses are allocated via the various _request method returns and should not be allocated in the various write_event methods; ensure attendee buffer is freed if no data exists in the parsed node; ensure that calendar objects are de-ref'd appropriately * res_jabber: free buffer in off nominal path * res_musiconhold: close the DIR* object in off nominal paths * res_rtp_asterisk: if we run out of ports, close the rtp socket object and free the rtp object * res_srtp: if we fail to create the session in libsrtp, destroy the temporary ast_srtp object (issue ASTERISK-19665) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/1922 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366880 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Jonathan Rose	a7733c579b	chan_sip: Fix missed locking of opposing pvt for directmedia acl from r366547 It also required deadlock avoidance since two sip_pvts structs needed to be locked simultaneously. Trunk handles it differently, so this is a 1.8 and 10 patch only. (issue AST-876) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366791 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	7eb528fbf1	Fix checking bounds of array index after using it; improper sizeof This patch fixes two problems pointed out by a static analysis tool. * In chan_dahdi, when an event is handled the index of the sub channel is first obtained. In very off nominal cases, the method that determines the index can return a negative value. In the event handling code, whether or not the index returned is valid was being checked after that value was used to index into an array. This patch makes it so the value is checked before any indexing is done. * In res_calendar_ews, sizeof was being passed a pointer instead of the struct to determine the amount of memory to allocate. (issue ASTERISK-19651) Reported by: Matt Jordan (closes issue ASTERISK-19671) Reported by: Matt Jordan git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366740 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	5e7f34fa05	Correct misuse of ast_strip_quoted() when getting a Diversion header's reason parameter. The use here was assuming that the pointer would be updated, but the updated string is actually returned by ast_strip_quoted() instead. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366597 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Jonathan Rose	923a66d764	chan_sip: Check the right channel's host address for directmediapermit/deny Prior to this patch, when checking the addresses for directmediapermit and directmediadeny, Asterisk would check the host address of the channel permit/deny was specified, which differs from the expectations of both our users and the development team. Instead, directmediapermit/deny now checks against the address of the channel that the peer with the ACL is connected to. (issue AST-876) Review: https://reviewboard.asterisk.org/r/1899/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366547 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	fd520e0d19	Fix broken reinvite glare scenario. To make a long story short, reinvite glares were broken because Asterisk would invert the To and From headers when ACKing a 491 response. The reason was because the initreq of the dialog was being changed to the incoming glared reinvite instead of being set to the outgoing glared reinvite. This change has three parts * In handle_incoming, we never will reject an ACK because it has a to-tag present, even if we think the request may be out of dialog. * In handle_request_invite, we do not change the initreq when receiving a reinvite to which we will respond with a 491. * In handle_request_invite, several superflous settings up pendinginvite have been removed since this is dones automatically by transmit_response_reliable Review: https://reviewboard.asterisk.org/r/1911 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366389 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	a94fcae21b	Resolve FORWARD_NULL static analysis warnings This resolves core findings from ASTERISK-19650 numbers 0-2, 6, 7, 9-11, 14-20, 22-24, 28, 30-32, 34-36, 42-56, 82-84, 87, 89-90, 93-102, 104, 105, 109-111, and 115. Finding numbers 26, 33, and 29 were already resolved. Those skipped were either extended/deprecated or in areas of code that shouldn't be disturbed. (Closes issue ASTERISK-19650) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366167 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Jonathan Rose	ae528efea3	Coverity Report: Fix issues for error type CHECKED_RETURN for core (issue ASTERISK-19658) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/1905/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366094 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	965dd3a7d8	Close the proper tcptls_session when session creation fails. (issue AST-998) Reported by: Thomas Arimont Tested by: Thomas Arimont git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@366052 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	3a9a0b9cea	Prevent sip_pvt refleak when an ast_channel outlasts its corresponding sip_pvt. chan_sip was coded under the assumption that a SIP dialog with an owner channel will always be destroyed after the owner channel has been hung up. However, there are situations where the SIP dialog can time out and auto destruct before the corresponding channel has hung up. A typical example of this would be if the 'h' extension in the dialplan takes a long time to complete. In such cases, __sip_autodestruct() would complain about the dialog being auto destroyed with an owner channel still in place. The problem is that even once the owner channel was hung up, the sip_pvt would still be linked in its ao2_container because nothing would ever unlink it. The fix for this is that if __sip_autodestruct() is called for a sip_pvt that still has an owner channel in place, the destruction is rescheduled for 10 seconds in the future. This will continue until the owner channel is finally hung up. (closes issue ASTERISK-19425) reported by David Cunningham Patches: ASTERISK-19425.patch uploaded by Mark Michelson (License #5049) (closes issue ASTERISK-19455) reported by Dean Vesvuio Tested by Dean Vesvuio git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365896 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	2cb787371c	Send more accurate identification information in dialog-info SIP NOTIFYs. This uses the calling channel's caller ID and connected line information to populate the remote and local identities in the dialog-info NOTIFY when an extension is ringing. There is a bit of an oddity here, and that is that we seed the remote target with the To header of the outbound call rather than the from header. This is because it was reported that seeding with the from header caused hints to be broken with certain SNOM devices. A comment has been added to the code to explain this. (closes issue ASTERISK-16735) reported by Maciej Krajewski patches: local_remote_hint2.diff uploaded by Mark Michelson (license #5049) 16735_tweak1.diff uploaded by Mark Michelson (license #5049) Tested by Niccolo Belli git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365574 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	eafb430562	Fix findings 0-3, 5, and 8 for Coverity MISSING_BREAK errors. (Issue ASTERISK-19662) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365460 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	83d3444284	Fix many issues from the NULL_RETURNS Coverity report Most of the changes here are trivial NULL checks. There are a couple optimizations to remove the need to check for NULL and outboundproxy parsing in chan_sip.c was rewritten to avoid use of strtok. Additionally, a bug was found and fixed with the parsing of outboundproxy when "outboundproxy=," was set. (Closes issue ASTERISK-19654) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365398 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Richard Mudgett	186a89e99c	Fix local channel chains optimizing themselves out of a call. * Made chan_local.c:check_bridge() check the return value of ast_channel_masquerade(). In long chains of local channels, the masquerade occasionally fails to get setup because there is another masquerade already setup on an adjacent local channel in the chain. * Made the outgoing local channel (the ;2 channel) flush one voice or video frame per optimization attempt. * Made sure that the outgoing local channel also does not have any frames in its queue before the masquerade. * Made do the masquerade immediately to minimize the chance that the outgoing channel queue does not get any new frames added and thus unconditionally flushed. * Made block indication -1 (Stop tones) event when the local channel is going to optimize itself out. When the call is answered, a chain of local channels pass down a -1 indication for each bridge. This blizzard of -1 events really slows down the optimization process. (closes issue ASTERISK-16711) Reported by: Alec Davis Tested by: rmudgett, Alec Davis Review: https://reviewboard.asterisk.org/r/1894/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365313 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Terry Wilson	c068460b12	Don't leak a ref if out of memory and can't link the linkedid If the ao2_link fails, we are most likely out of memory and bad things are going to happen. Before those bad things happen, make sure to clean up the linkedid references. This patch also adds a comment explaining why linkedid can't be passed to both local channel allocations and combines two ao2_ref calls into 1. Review: https://reviewboard.asterisk.org/r/1895/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365068 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Terry Wilson	7da21c68c4	Fix a CEL LINKEDID_END race and local channel linkedids This patch has the ;2 channel inherit the linkedid of the ;1 channel and fixes the race condition by no longer scanning the channel list for "other" channels with the same linkedid. Instead, cel.c has an ao2 container of linkedid strings and uses the refcount of the string as a counter of how many channels with the linkedid exist. Not only does this eliminate the race condition, but it also allows us to look up the linkedid by the hashed key instead of traversing the entire channel list. Review: https://reviewboard.asterisk.org/r/1895/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@365006 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Richard Mudgett	fde9505a95	* Fix error path resouce leak in local_request(). * Restructure local_request() to reduce indentation. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@364840 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	dba70c1340	Revert improved identities sent in dialog-info NOTIFY requests in r360862 Revision 360862 was intended to improve identities sent in dialog-info NOTIFY requests. Some users reported that hint became broken once this was done. It's not clear exactly what part of the patch has caused this regression, but broken hints are bad. For now, this revision is being reverted so that the next releases of Asterisk do not have bad behavior in them. The original reported issue will have to be fixed differently in the next version of Asterisk. (issue ASTERISK-16735) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@364706 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	139a7459cd	Don't attempt to make use of the dynamic_exclude_static ACL if DNS lookup fails. (closes issue ASTERISK-18321) Reported by Dan Lukes Patches: ASTERISK-18321.patch by Mark Michelson (license #5049) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@364341 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	0536634ff1	Allow SIP pvts involved in Replaces transfers to fall out of reference sooner Unref the SIP pvt stored in the refer structure as soon as it is no longer needed so that the pvt and associated file descriptors can be freed sooner. This change makes a reference decrement unnecessary in code that handles SIP BYE/Also transfers which should not touch the reference anyway. (Closes issue ASTERISK-19579) Reported by: Maciej Krajewski Tested by: Maciej Karjewski git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@364258 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	3ef885b576	Allow for reloading SRTP crypto keys within the same SIP dialog As a continuation of the patch in r356604, which allowed for the reloading of SRTP keys in re-INVITE transfer scenarios, this patch addresses the more common case where a new key is requested within the context of a current SIP dialog. This can occur, for example, when certain phones request a SIP hold. Previously, once a dialog was associated with an SRTP object, any subsequent attempt to process crypto keys in any SDP offer - either the current one or a new offer in a new SIP request - were ignored. This patch changes this behavior to only ignore subsequent crypto keys within the current SDP offer, but allows future SDP offers to change the keys. (issue ASTERISK-19253) Reported by: Thomas Arimont Tested by: Thomas Arimont Review: https://reviewboard.asteriskorg/r/1885/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@364203 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	c4ed0550e8	Fix reference leaks involving SIP Replaces transfers The reference held for SIP blind transfers using the Replaces header in an INVITE was never freed on success and also failed to be freed in some error conditions. This caused a file descriptor leak since the RTP structures in use at the time of the transfer were never freed. This reference leak and another relating to subscriptions in the same code path have now been corrected. (closes issue ASTERISK-19579) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@363986 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Alec L Davis	2ecce90e93	chan_sip: [general] maxforwards, not checked for a value greater than 255 The peer maxforwards is checked for both '< 1' and '> 255', but the default 'maxforwards' in the [general] section is only checked for '< 1' alecdavis (license 585) Reported by: alecdavis Tested by: alecdavis Review: https://reviewboard.asterisk.org/r/1888/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@363934 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Richard Mudgett	1302d291c7	Make DAHDISendCallreroutingFacility wait 5 seconds for a reply before disconnecting the call. Some switches may not handle the call-deflection/call-rerouting message if the call is disconnected too soon after being sent. Asteisk was not waiting for any reply before disconnecting the call. * Added a 5 second delay before disconnecting the call to wait for a potential response if the peer does not disconnect first. (closes issue ASTERISK-19708) Reported by: mehdi Shirazi Patches: jira_asterisk_19708_v1.8.patch (license #5621) patch uploaded by rmudgett Tested by: rmudgett git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@363730 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Richard Mudgett	74a9fcd6c4	Clear ISDN channel resetting state if the peer continues to use it. Some ISDN switches occasionally fail to send a RESTART ACKNOWLEDGE in response to a RESTART request. * Made the second SETUP received after sending a RESTART request clear the channel resetting state as if the peer had sent the expected RESTART ACKNOWLEDGE before continuing to process the SETUP. The peer may not be sending the expected RESTART ACKNOWLEDGE. (issue ASTERISK-19608) (issue AST-844) (issue AST-815) Patches: jira_ast_815_v1.8.patch (license #5621) patch uploaded by rmudgett (modified) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@363687 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	88f80c1d54	AST-2012-006: Fix crash in UPDATE handling when no channel owner exists If Asterisk receives a SIP UPDATE request after a call has been terminated and the channel has been destroyed but before the SIP dialog has been destroyed, a condition exists where a connected line update would be attempted on a non-existing channel. This would cause Asterisk to crash. The patch resolves this by first ensuring that the SIP dialog has an owning channel before attempting a connected line update. If an UPDATE request is received and no channel is associated with the dialog, a 481 response is sent. (closes issue ASTERISK-19770) Reported by: Thomas Arimont Tested by: Matt Jordan Patches: ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@363106 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	9a3120c0c8	AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling When handling a keypad button message event, the received digit is placed into a fixed length buffer that acts as a queue. When a new message event is received, the length of that buffer is not checked before placing the new digit on the end of the queue. The situation exists where sufficient keypad button message events would occur that would cause the buffer to be overrun. This patch explicitly checks that there is sufficient room in the buffer before appending a new digit. (closes issue ASTERISK-19592) Reported by: Russell Bryant ........ Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@363102 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	0e488d7cc4	Fix a variety of potential buffer overflows * chan_mobile: Fixed an overrun where the cind_state buffer (an integer array of size 16) would be overrun due to improper bounds checking. At worst, the buffer can be overrun by a total of 48 bytes (assuming 4-byte integers), which would still leave it within the allocated memory of struct hfp. This would corrupt other elements in that struct but not necessarily cause any further issues. * app_sms: The array imsg is of size 250, while the array (ud) that the data is copied into is of size 160. If the size of the inbound message is greater then 160, up to 90 bytes could be overrun in ud. This would corrupt the user data header (array udh) adjacent to ud. * chan_unistim: A number of invalid memmoves are corrected. These would move data (which may or may not be valid) into the ends of these buffers. * asterisk: ast_console_toggle_loglevel does not check that the console log level being set is less then or equal to the allowed log levels of 32. * frame: In ast_codec_pref_prepend, if any occurrence of the specified codec is not found, the value used to index into the array pref->order would be one greater then the maximum size of the array. * jitterbuf: If the element being placed into the jitter buffer lands in the last available slot in the jitter history buffer, the insertion sort attempts to move the last entry in the buffer into one slot past the maximum length of the buffer. Note that this occurred for both the min and max jitter history buffers. * tdd: If a read from fsk_serial returns a character that is greater then 32, an attempt to read past one of the statically defined arrays containing the values that character maps to would occur. * localtime: struct ast_time and tm are not the same size - ast_time is larger, although it contains the elements of tm within it in the same layout. Hence, when using memcpy to copy the contents of tm into ast_time, the size of tm should be used, as opposed to the size of ast_time. * extconf: this treats ast_timing's minmask array as if it had a length of 48, when it has defined the size of the array as 24. pbx.h defines minmask as having a size of 48. (issue ASTERISK-19668) Reported by: Matt Jordan git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362485 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Richard Mudgett	e9a0da476a	Add ability to ignore layer 1 alarms for BRI PTMP lines. Several telcos bring the BRI PTMP layer 1 down when the line is idle. When layer 1 goes down, Asterisk cannot make outgoing calls. Incoming calls could fail as well because the alarm processing is handled by a different code path than the Q.931 messages. * Add the layer1_presence configuration option to ignore layer 1 alarms when the telco brings layer 1 down. This option can be configured by span while the similar DAHDI driver teignorered=1 option is system wide. This option unlike layer2_persistence does not require libpri v1.4.13 or newer. Related to JIRA AST-598 JIRA ABE-2845 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362428 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Michael L. Young	d84e70a95c	Turn off warning message when bind address is set to any. When a bind address is set to an ANY address (udpbindport=::), a warning message is displayed stating that "Address remapping activated in sip.conf but we're using IPv6, which doesn't need it. Please remove 'localnet' and/or 'externaddr' settings." But if one is running dual stack, we shouldn't be told to turn those settings off. This patch checks if the bind address is an ANY address or not. The warning message will now only be displayed if the bind address is NOT an ANY address and IPv6 is being used. Also, updated the copyright year. (closes issue ASTERISK-19456) Reported by: Michael L. Young Tested by: Michael L. Young Patches: chan_sip_ipv6_message.diff uploaded by Michael L. Young (license 5026) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362253 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	7a72dc706a	Fix negative return handling in channel drivers In chan_agent, while handling a channel indicate, the agent channel driver must obtain a lock on both the agent channel, as well as the channel the agent channel is using. To do so, it attempts to lock the other channel first, then unlock the agent channel which is locked prior to entry into the indicate handler. If this unlock fails with a negative return value, which can occur if the object passed to agent_indicate is an invalid ao2 object or is NULL, the return value is passed directly to strerror, which can only accept positive integer values. In chan_dahdi, the return value of dahdi_get_index is used to directly index into the sub-channel array. If dahd_get_index returns a negative value, it would use that value to index into the array, which could cause an invalid memory access. If dahdi_get_index returns a negative number, we now default to SUB_REAL. (issue ASTERISK-19655) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/1863/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@362204 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	7a33e9ba9d	Make trunkfreq take effect when set Previously, setting trunkfreq had no effect on initial load or on reload and only ever used the default value. This causes trunkfreq to be used appropriately on initial load and reload. (closes issue ASTERISK-19521) Patch-by: Jaco Kroon git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361972 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Richard Mudgett	b856533029	Prevent invalid access of free'd memory if DAHDI channel during an MWI event In the MWI processing loop, when a valid event occurs the temporary caller ID information is deallocated. If a new DAHDI channel is successfully created, the event is passed up to the analog_ss_thread without error and the loop exits. If, however, the DAHDI channel is not created, then the caller ID struct has been free'd, and the gains reset to their previous level. This will almost certainly cause an invalid access to the free'd memory, either in subsequent calls to callerid_free or calls to callerid_feed. * Rework the -r361705 patch to better manage the cs and mtd allocated resources. * Fixed use of mwimonitoractive flag to be correct if the mwi_thread() fails to start. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361854 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	246ad9bf0d	Prevent invalid access of free'd memory if DAHDI channel during an MWI event In the MWI processing loop, when a valid event occurs the temporary caller ID information is deallocated. If a new DAHDI channel is successfully created, the event is passed up to the analog_ss_thread without error and the loop exits. If, however, the DAHDI channel is not created, then the caller ID struct has been free'd, and the gains reset to their previous level. This will almost certainly cause an invalid access to the free'd memory, either in subsequent calls to callerid_free or calls to callerid_feed. This patch makes it so that we only free the caller ID structure if a DAHDI channel is successfully created, and we bump the gains back up if we fail to make a DAHDI channel. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361705 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	4148e51555	Add missing newlines to CLI logging git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361471 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Matthew Jordan	5c318b19c2	Fix a typo in the warning messages for an ignored media stream Added a '\n' to the warning messages when we ignore a media stream due to the port number being '0'. (closes issue ASTERISK-19646) Reported by: Badalian Vyacheslav git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361332 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Jonathan Rose	ed76cdda72	Replace GNU old-style field designator extensions to fix clang warnings (issue ASTERISK-19540) Reported by: Makoto Dei Patches: clang-gnu-designator.patch uploaded by Makoto Dei (license 5027) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@361142 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Kinsey Moore	063aa93c46	Stop sending out RTCP if RTP is inactive This change prevents Asterisk from sending RTCP receiver reports during a remote bridge since it is no longer receiving media and should not be reporting anything. (related to ASTERISK-19366) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360987 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	58565827e6	Improve accuracy of identifying information sent in dialog-info SIP NOTIFY requests. This change makes use of connected party information in addition to caller ID in order to populate local and remote XML elements in the dialog-info NOTIFYs. (closes issue ASTERISK-16735) Reported by: Maciej Krajewski Tested by: Maciej Krajewski Patches: local_remote_hint2.diff uploaded by Mark Michelson (license 5049) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360862 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Terry Wilson	d58fe85724	Destroy configs when they are no longer used https://reviewboard.asterisk.org/r/1834/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360712 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago
Mark Michelson	390e8c1f73	Make a debug message regarding subscription changes more accurate. I was getting confused during some testing why Asterisk was saying that a subscription was being added when it was clearly being removed. This fixes that confusion. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@360625 65c4cc65-6c06-0410-ace0-fbb531ad65f3	13 years ago

1 2 3 4 5 ...

7217 Commits (fd9f2351cdbe1be6f4c47ab2fdbd6c3634afb91b)