We cannot overwrite the reallocated variable, otherwise on failure we
leak it.
Change-Id: I541537ade71086c9ceb851d8c5223364e3908b07
Warned-by: cppcheck (memleakOnRealloc)
While the code is not threaded, better be future-proof and use safer
APIs, which in addition has less side-effects as it does not set the
global TZ related variables.
Change-Id: I57fbe6683590cc2fbc0da508819553c040764739
Warned-by: lgtm
Whether a bit-field is signed or unsigned is implementation specific, so
we should be explicit about this.
Change-Id: I8bce847d6ece3d08fc93fa77227f6f970d1353de
Warned-by: lgtm
On Debian buster the latter contains transitive dependencies in Libs,
instead of in Libs.private, which leaks linking implementation details.
Change-Id: Ia131fe82444b8c2204976df75be047ab6d17c561
We need readonly access to /dev/urandom, otherwise the rand()
calls might fail, as seen in kamailio-config-tests.
Change-Id: Id132191994ae5fe74ec3ebb7d34a4a5d50769dbc
Thanks: Victor Seva for reporting
In carrier environments we have foreign DB hosts
configured in /etc/ngcp-mediator/ngcp-mediator.conf,
therefore we can't easily apply IP address filtering.
JFTR, new and current systemd hardening state for ngcp-mediator:
| $ sudo COLUMNS=142 systemd-analyze security ngcp-mediator | grep -v '✓'
| NAME DESCRIPTION EXPOSURE
| ✗ PrivateNetwork= Service has access to the host's … 0.5
| ✗ User=/DynamicUser= Service runs as root user 0.4
| ✗ RestrictAddressFamilies=~AF_(INET… Service may allocate Internet soc… 0.3
| ✗ RestrictAddressFamilies=~… Service may allocate exotic socke… 0.3
| ✗ DeviceAllow= Service has a device ACL with som… 0.1
| ✗ IPAddressDeny= Service does not define an IP add… 0.2
| ✗ RestrictAddressFamilies=~AF_PACKET Service may allocate packet socke… 0.2
| ✗ SystemCallFilter=~@privileged System call whitelist defined for… 0.2
| ✗ RestrictAddressFamilies=~AF_NETLI… Service may allocate netlink sock… 0.1
| ✗ RootDirectory=/RootImage= Service runs within the host's ro… 0.1
| SupplementaryGroups= Service runs as root, option does…
| RemoveIPC= Service runs as root, option does…
| ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1
|
| → Overall exposure level for ngcp-mediator.service: 2.1 OK 🙂
Change-Id: I0e7c474eddd5d4d4c77b9bda157448294ed0a5c4
ngcp-mediator service state BEFORE this change:
| $ systemd-analyze security ngcp-mediator | tail -1
| → Overall exposure level for ngcp-mediator.service: 9.5 UNSAFE 😨
ngcp-mediator service state AFTER this change:
| $ sudo COLUMNS=142 systemd-analyze security ngcp-mediator | grep -v '✓'
| NAME DESCRIPTION EXPOSURE
| ✗ PrivateNetwork= Service has access to the host's network 0.5
| ✗ User=/DynamicUser= Service runs as root user 0.4
| ✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3
| ✗ RestrictAddressFamilies=~… Service may allocate exotic sockets 0.3
| ✗ DeviceAllow= Service has a device ACL with some special devices 0.1
| ✗ IPAddressDeny= Service defines IP address whitelits with only localhost entries 0.1
| ✗ RestrictAddressFamilies=~AF_PACKET Service may allocate packet sockets 0.2
| ✗ SystemCallFilter=~@privileged System call whitelist defined for service, and @privileged is included 0.2
| ✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1
| ✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1
| SupplementaryGroups= Service runs as root, option does not matter
| RemoveIPC= Service runs as root, option does not apply
| ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1
|
| → Overall exposure level for ngcp-mediator.service: 2.0 OK 🙂
Change-Id: If33c303b9df465393f15c0b685d1aab54a465df6
We only ever go into the error handling code before malloc has
succeeded, which means ‘entries’ will always be NULL.
Change-Id: Iaedd1ac668249b0e4516f782c24a2f420e8682a5
Warned-by: coverity
While MariaDB uses my_bool here, MySQL uses the standard bool type. Both
are compatible, so use the more standard one.
Change-Id: I648bc8eb55f7617f6b4eb796a33bc77ce15ca34b
We need to respect user-controlled variables and only append to them
whatever we require for the build.
Change-Id: Ie86415863f806e2c76b6a47929c65aafc0a2d177
With the increased length of src/dst_leg strings, we must also increase
the buffer size for the insert string.
Did I mention that we should really move to dynamic strings here...
Change-Id: I0e77155d36f434055e36124d37bf699179f887b1
This is relevant for records coming from Redis, as the insertion into
the trash and backup tables is done from the strings kept in memory.
Change-Id: I1398f7bfc0d4a0c2da8b8104dc4589ea9d983da7
(cherry picked from commit 6e957e69b7)
/var/lock was deprecated with Debian/wheezy (see
https://wiki.debian.org/ReleaseGoals/RunDirectory), so
/var/lock/mediator.lock is actually /run/lock/mediator.lock.
Reflect this in the definition of MEDIATOR_LOCK_FILE.
Change-Id: If50a5fdcfafb289d59ae828f750388e103b5b3ad
Due to the movement of call transfer handling from sems pbx to
standard sems, in case of blind call transfer the BYE ACC is
generated with call_id suffix '_pbx-1_xfer-1' instead of '_xfer-1'.
To be more precise, currently we creates 2 ACCs for INVITEs:
- one without any suffix
- one with '_xfer-1" suffix
and just one for the BYE:
- with '_xfer-1' suffix
Mediator is able to use the BYE to close both the INVITEs
With the new implementation we creats 2 ACCs for INVITEs:
- one without any suffix
- one with '_pbx-1_xfer-1" suffix
and just one for the BYE:
- with '_pbx-1_xfer-1' suffix
The sinlge BYE record is not used to close both the ACC INVITEs.
Change-Id: Id7a68fab8d84ffe987084e925fecc1e051cbaccd
Strings, in particular call IDs, that are coming from Redis are not
necessarily valid UTF-8 since Redis doesn't really do UTF-8. The MySQL
DB schema expects strings in valid UTF-8 however (even though call IDs
really should be raw binary strings), resulting in an error if an
UTF-8 invalid string is attempted to be inserted.
Solve this by verifying each string's UTF-8 correctness before inserting
it, and forcing it to be interpreted as the 100% permissive latin1
charset if it isn't.
Change-Id: I5a218083bc4e3d7a47d1f77911f7ef9a88ce9bd2
Kamailio writes src_leg and dst_leg information of ACCs
in json format. Mediator has been adapted to read them
in this new format.
Due to that the size of src_leg and dst_leg has been
increased from char(256) to char (1024).
For backward compatibility the old format has been preserved
and used if the src_leg and dst_leg are not in json format.
This change is transparent for the final CDR's output.
Change-Id: I4de9c61a5bfe5855628412f6aca988ffc9406a59
In a cluster setup, intermediate CDRs might be written to a different
host than the final CDRs (central vs pair).
Change-Id: I56716d2a96857d52715e48f513ee1d75676b1e52
Since medmysql_flush_med_str() takes the handler from the
_medmysql_batch_definition structure, the last retrieved insert ID must
also be taken from the same handler.
Change-Id: Ieaee3313d94cf41d8953591dd88a12e42be601d5
Json function used to get MOS values has been slitted in
two: one to get the value from the json dict and one to clamp
it in order to have the final value between the desired
range of values.
Change-Id: Ifecb2548ad3d1de8fc307158cb89107c7da6b370
medredis_fetch_records() allocates memory for 0 return records, which in
the calling code is understood as "no memory has been allocated",
leading to a slow leak. Returning early is correct as the mem block
pointer is set to NULL in this case.
Change-Id: I69a2d397edd15cb9e4033531a218658c7ca93b12
This is necessary to avoid issues with ACC records in the
OLD format during an upgrade.
It should be changed to back to -1 in mr9.+
Change-Id: I81097c0823343de066ec436d6f43a4ed279f372f
Tha value is readed from the last field of the the ACC srcleg.
It contains the ID of the peer_host from where the call was received.
Mediator uses it to find the correct peering_contract_id to write in
the CDR.
Change-Id: I2cfb7d0fadb5ade265fde3c1778475eda431a453
The DB schema allows for certain columns to be NULL. Handle this
appropriately to elminiate failed assertions from g_strlcpy.
Change-Id: I8768847b96b169dfad94b2ca448cc2af5058d38b
We must distinguish between old-style acc records without an appended
branch ID (key ends in `:<ts>`) and broken new-stype acc records with an
empty branch ID (key ends in `:<ts>:`). Failure to do so results in
leftover entries in the DB that are never trashed and repeatedly
processed.
Change-Id: I61a4086359369e460cf23cacfd53854605a6a955
The db_redis module also writes simulated non-unique keys for acc
records, so we must use handle them appropriately when deleting the
keys, because otherwise we get leftover entries.
Change-Id: Ic080dc5d4520ac548a726440d0b677028bfb6be3
Guillem Jover
Sipwise Jenkins Builder
Michael Prokop
Richard Fuchs
Marco Capetta