Stripping the DNID in a SIP dial string can result in attempting to call
the argument parsing macros on an empty string, causing a crash.
ASTERISK-26131 #close
Reported by: Dwayne Hubbard
Patches:
dw-asterisk-master-dnid-crash.patch (license #6257) patch
uploaded by Dwayne Hubbard
Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
Previously, peers connected via TCP (or TLS) were matched by ignoring their
source port. One cannot say anything when protocol:IP:port match, yes (see
<http://stackoverflow.com/q/3329641>). However, when the ports do not match, the
peers do not match as well.
This change allows two peers connected to an Asterisk server via TCP (or TLS)
behind a NAT (= same source IP address) to be differentiated via their port as
well.
ASTERISK-27457
Reported by: Stephane Chazelas
Change-Id: Id190428bf1d931f2dbfd4b293f53ff8f20d98efa
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
When chan_sip receives a SUBSCRIBE request with no "Expires" header it
processes the request as an unsubscribe. This is incorrect, per RFC3264
when the "Expires" header is missing a default expiry should be used.
ASTERISK-18140
Change-Id: Ibf6dcd4fdd07a32c2bc38be1dd557981f08188b5
When sip.conf contains 'sipdebug=yes' it is impossible to disable it
using CLI 'sip set debug off'. This corrects the output of that CLI
command to instruct the user to turn sipdebug off in the configuration
file.
ASTERISK-23462 #close
Change-Id: I1cceade9caa9578e1b060feb832e3495ef5ad318
Currently privacy requests are only granted if the Privacy header
value is exactly "id" (defined in RFC 3325). It ignores any other
possible value (or a combination there of). This patch reverses the
logic from testing for "id" to grant privacy, to testing for "none" and
granting privacy for any other value. "none" must not be used in
combination with any other value (RFC 3323 section 4.2).
ASTERISK-27284 #close
Change-Id: If438a21f31a962da32d7a33ff33bdeb1e776fe56
In handle_request_invite, when processing a pickup, a call
is made to get_sip_pvt_from_replaces to locate the pvt for
the subscription. The pvt is assumed to be valid when zero
is returned indicating no error, and is dereferenced which
can cause a crash if it was not found.
This change checks the not found case and returns -1 which
allows the calling code to fail appropriately.
ASTERISK-27217 #close
Reported-by: Bryan Walters
Change-Id: I6bee92b8b8b85fcac3fd66f8c00ab18bc1765612
If directmedia=yes is configured, when call is answered, Asterisk sends reINVITE
to both parties to set up media path directly between the endpoints.
In this reINVITE msg SDP origin line (o=) contains IP address of endpoint
instead of IP of asterisk. This behavior violates RFC3264, sec 8:
"When issuing an offer that modifies the session,
the "o=" line of the new SDP MUST be identical to that in the
previous SDP, except that the version in the origin field MUST
increment by one from the previous SDP."
This patch assures IP address of Asterisk is always sent in
SDP origin line.
ASTERISK-17540
Reported by: saghul
Change-Id: I533a047490c43dcff32eeca8378b2ba02345b64e
This adds a way to access information passed along with SIP headers in
a REFER message that initiates a transfer. Headers matching a dialplan
variable GET_TRANSFERRER_DATA in the transferrer channel are added to
a HASH object TRANSFER_DATA to be accessed with functions HASHKEY and HASH.
The variable GET_TRANSFERRER_DATA is interpreted to be a prefix for
headers that should be put into the hash. If not set, no headers are
included. If set to a string (perhaps 'X-' in a typical case), all headers
starting this string are added. Empty string matches all headers.
If there are multiple of the same header, only the latest occurrence in
the REFER message is available in the hash.
Obviously, the variable GET_TRANSFERRER_DATA must be inherited by the
referrer channel, and should be set with the '_' or '__' prefix.
I avoided a specific reference to SIP or REFER, as in my mind the mechanism
can be generalized to other channel techs.
ASTERISK-27162
Change-Id: I73d7a1e95981693bc59aa0d5093c074b555f708e
Syntax: SIP_HEADERS([prefix])
If the argument is specified, only the headers matching the given prefix
are returned.
The function returns a comma-separated list of SIP header names from an
incoming INVITE message. Multiple headers with the same name are included
in the list only once. The returned list can be iterated over using the
functions POP() and SIP_HEADER().
For example, '${SIP_HEADERS(Co)}' might return the string
'Contact,Content-Length,Content-Type'.
Practical use is rather '${SIP_HEADERS(X-)}' to enumerate optional
extended headers sent by a peer.
ASTERISK-27163
Change-Id: I2076d3893d03a2f82429f393b5b46db6cf68a267
GCC 7 has added capability to produce warnings, this fixes most of those
warnings. The specific warnings are disabled in a few places:
* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().
ASTERISK-27156 #close
Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
This API was not actively maintained, was not added to new modules
(such as res_pjsip), and there exist better alternatives to acquire the
same information, such as the ARI.
Change-Id: I4b2185a83aeb74798b4ad43ff8f89f971096aa83
When sip.conf contained tcpenable=yes and autodomain=yes, the TCP domain was
added in any case, because of a local Boolean-negation error of the return value
of ast_sockaddr_cmp. After fixing this error for TCP and TLS, the TLS domain was
still always added with tlsenable=yes, because the domains were not compared
just on the address but also on the port – and TLS is always on a different port
than UDP/TCP.
ASTERISK-27106
Change-Id: I14fe9e319e238320b094016980445ef3a5b3337c
Because of a copy-and-paste error when the struct ast_sockaddr changed,
tlsbindaddr was not added, when sip.conf contained autodomain=yes; see
"show sip domains" on the command-line interface (CLI) of Asterisk.
ASTERISK-27106
Change-Id: I3d0957150017c223136968ef1266f275d0d6695e
If we are offered or are offering RTCP-MUX, don't consider RTCP ICE
candidates. This confuses certain browsers (current Firefox for
example) and causes intial audio setup delays.
ASTERISK-26982 #close
Change-Id: Ifeaf47e83972fe8dbe58b7fb3d6d1823400cfb91
For outgoing TCP connections, Asterisk uses the first IP address of the
interface instead of the IP address we asked him to bind to.
ASTERISK-26922 #close
Reported-by: Ksenia
Change-Id: I43c71ca89211dbf1838e5bcdb9be8d06d98e54eb
Some equipments may send a re-INVITE containing an SDP in the final ACK
request. If this happens in the context of direct media, the remote end
should be updated with a re-INVITE.
This patch queues an "update RTP peer" frame to trigger the re-INVITE,
instead of the "source change" frame wich was used previously.
ASTERISK-26951
Change-Id: I3644d2025f20e086ea9f8f62b486172c52b5b2e6
This saves around 100 bytes when G.711, G.722, G.729, and GSM are advertised in
SDP. This reduces the chance to hit the MTU bearer of 1300 bytes for SIP over
UDP, if many codecs are allowed in Asterisk. This new feature is enabled
together with the optional feature compact_headers=yes via the file pjsip.conf.
ASTERISK-26932 #close
Change-Id: Iaa556ab4c8325cd34c334387ab2847fab07b1689
In all non-pbx modules, AST_MODULE_LOAD_FAILURE has been changed
to AST_MODULE_LOAD_DECLINE. This prevents asterisk from exiting
if a module can't be loaded. If the user wishes to retain the
FAILURE behavior for a specific module, they can use the "require"
or "preload-require" keyword in modules.conf.
A new API was added to logger: ast_is_logger_initialized(). This
allows asterisk.c/check_init() to print to the error log once the
logger subsystem is ready instead of just to stdout. If something
does fail before the logger is initialized, we now print to stderr
instead of stdout.
Change-Id: I5f4b50623d9b5a6cb7c5624a8c5c1274c13b2b25
SIP user-agents indicate which protocol extensions are allowed in headers
like Supported and Required. Such protocol extensions are Session Timers
(RFC 4028) for example. Session Timers are supported since Mantis-10665.
Since ASTERISK-21721, not only the first but multiple Supported/Required
headers in a message are parsed. In that change, an existing variable was
re-used within a newly added do-loop. Currently, at the end of that loop,
that variable is an empty string always. Previously, that variable was used
within log output. However, the log output was not changed.
ASTERISK-26915 #close
Change-Id: I09315f31b4d78fb214bb2a9fb6c0f5e143eae990
When receiving a 422 response, the invitestate variable must be reset to
INV_CALLING.
ASTERISK-26841
Change-Id: Ia0502d6b02192664cefa4e75bafdd2645ce56099
* manager.c:manager_state_cb() Fix potential use of uninitialized hint[]
if a hint does not exist for the requested extension. Ran into this when
developing a testsuite test. The AMI event ExtensionStatus came out with
the hint header value containing garbage. The AMI event PresenceStatus
also had the same issue.
* manager.c:action_extensionstate() no need to completely initialize the
hint[]. Only initialize the first element.
* pbx.c:ast_add_hint() Remove unnecessary assignment.
* chan_sip.c: Eliminate an unneeded hint[] local variable. We only care
about the return value of ast_get_hint() there.
Change-Id: Ia9a8786f01f93f1f917200f0a50bead0319af97b
* app_minivm: Use built-in completion facilities to complete optional
arguments.
* app_voicemail: Use built-in completion facilities to complete
optional arguments.
* app_confbridge: Add missing colons after 'Usage' text.
* chan_alsa: Use built-in completion facilities to complete optional
arguments.
* chan_sip: Use built-in completion facilities to complete optional
arguments. Add completions for 'load' for 'sip show user', 'sip show
peer', and 'sip qualify peer.'
* chan_skinny: Correct and extend completions for 'skinny reset' and
'skinny show line.'
* func_odbc: Correct completions for 'odbc read' and 'odbc write'
* main/astmm: Use built-in completion facilities to complete arguments
for 'memory' commands.
* main/bridge: Correct completions for 'bridge kick.'
* main/ccss: Use built-in completion facilities to complete arguments
for 'cc cancel' command.
* main/cli: Add 'all' completion for 'channel request hangup.' Correct
completions for 'core set debug channel.' Correct completions for 'core
show calls.'
* main/pbx_app: Remove redundant completions for 'core show
applications.'
* main/pbx_hangup_handler: Remove unused completions for 'core show
hanguphandlers all.'
* res_sorcery_memory_cache: Add completion for 'reload' argument of
'sorcery memory cache stale' and properly implement.
Change-Id: Iee58c7392f6fec34ad9d596109117af87697bbca
We shouldn't unlock the channel after starting a snapshot staging because
another thread may interfere and do its own snapshot staging.
* app_dial.c:dial_exec_full() made hold the channel lock while setting up
the outgoing channel staging. Made hold the channel lock after the called
party answers while updating the caller channel staging.
* chan_sip.c:sip_new() completed the channel staging on off-nominal exit.
Also we need to use ast_hangup() instead of ast_channel_unref() at that
location.
* channel.c:__ast_channel_alloc_ap() added a comment about not needing to
complete the channel snapshot staging on off-nominal exit paths.
* rtp_engine.c:ast_rtp_instance_set_stats_vars() made hold the channel
locks while staging the channels for the stats channel variables.
Change-Id: Iefb6336893163f6447bad65568722ad5d5d8212a
The escalator works by creating a set of startup commands in cli.conf
that set up logger channels and issue the debug commands for the
subsystems specified. If asterisk is running when it is executed,
the same commands will be issued to the running instance. The original
cli.conf is saved before any changes are made and can be restored by
executing '$prog --reset'.
The log output will be stored in...
$astlogdir/message.$uniqueid
$astlogdir/debug.$uniqueid
$astlogdir/dtmf.$uniqueid
$astlogdir/fax.$uniqueid
$astlogdir/security.$uniqueid
$astlogdir/pjsip_history.$uniqueid
$astlogdir/sip_history.$uniqueid
Some minor tweaks were made to chan_sip, and res_pjsip_history
so their history output could be send to a log channel as packets
are captured.
A minor tweak was also made to manager so events are output to verbose
when "manager set debug on" is issued.
Change-Id: I799f8e5013b86dc5282961b27383d134bf09e543
After a SIP_CODEC_INBOUND in the dialplan, do not continue with cached formats
but remember the joint format. Cached formats contain default parameters,
often create an empty fmtp line. However, a joint format might have passed
format_get_joint(.) in a res_format_attr_* module (like Opus Codec) and
contain the resulting format parameters from a SDP negotiation.
ASTERISK-26691 #close
Change-Id: I35712d98a793d4c3efdd156cec57deab9014b1dc
In some situations TCP threads may become frozen. This creates the
possibility that Asterisk could segfault if they become unfrozen after
chan_sip has been dlclose'd. This reorders the unload_module process to
allow abort if threads do not exit within 5 seconds.
High level order as follows:
1) Unregister from the core to stop new requests.
2) Signal threads to stop
3) Clear config based tables (but do not free the table itself).
4) Verify that threads have shutdown, cancel unload if not.
5) Clean all remaining resources.
ASTERISK-26586
Change-Id: Ie23692041d838fbd35ece61868f4c640960ff882
RFC says SIP headers look like:
HCOLON = *( SP / HTAB ) ":" SWS
SWS = [LWS] ; sep whitespace
LWS = [*WSP CRLF] 1*WSP ; linear whitespace
WSP = SP / HTAB ; from rfc2234
chan_sip implemented this:
HCOLON = *( LOWCTL / SP ) ":" SWS
LOWCTL = %x00-1F ; CTL without DEL
This discrepancy meant that SIP proxies in front of Asterisk with
chan_sip could pass on unknown headers with \x00-\x1F in them, which
would be treated by Asterisk as a different (known) header. For
example, the "To\x01:" header would gladly be forwarded by some proxies
as irrelevant, but chan_sip would treat it as the relevant "To:" header.
Those relying on a SIP proxy to scrub certain headers could mistakenly
get unexpected and unvalidated data fed to Asterisk.
This change fixes so chan_sip only considers SP/HTAB as valid tokens
before the colon, making it agree on the headers with other speakers of
SIP.
ASTERISK-26433 #close
AST-2016-009
Change-Id: I78086fbc524ac733b8f7f78cb423c91075fd489b
Per RFC 7118 5.2, the SIP URI 'transport' parameter should advertise
'ws' when WebSockets are to be used as the transport. This applies to
both secure and insecure WebSockets.
There were two bugs in Asterisk with respect to this:
(1) The most egregious occurs in res_pjsip. There, we advertise 'ws' for
insecure websockets and 'wss' for secure websockets. While this
would seem to make sense - since 'WS' and 'WSS' are used for the Via
Transport parameter - this is not the case for the SIP URI. This
patch corrects that by registering the secure websockets with
pjproject using the shorthand 'WS', and by returning 'ws' when asked
for the transport parameter. Note that in pjproject, it is perfectly
valid to have multiple transports use the same shorthand.
(2) In chan_sip, we return an upper-case version of the transport 'WS'
instead of 'ws'. Since we should be strict in what we send and
liberal in what we accept (within reason), this patch lower-cases
the transport before appending it to the parameter.
ASTERISK-24330 #close
Reported by: cervajs, Inaki Baz Castillo
Change-Id: Iff77b645f8cc3b7cd35168a6676c26b147f22f42
If a TCP/TLS connection was pending (not accepted and not timed out) during
unload of chan_sip, Asterisk would segfault when trying to send a signal to
a thread whose thread ID hadn't been recorded yet. This commit fixes that by
recording the thread ID before calling the blocking connect() syscall.
This was a regression introduced by 776a14386a.
The above wasn't enough to fix the segfault, which was now delayed to the
point where connect() timed out. Therefore, it was necessary to also remove
the SA_RESTART flag from the SIGURG sigaction so that pthread_kill() could be
used to interruput the connect() syscall.
This was a regression introduced by 5d313f51b9.
ASTERISK-26586 #close
Change-Id: I76fd9d47d56e4264e2629bce8ec15fecba673e7b
fopencookie/funclose is a non-standard API and should not be used
in portable software. Additionally, the way FILE's fd is used in
non-blocking mode is undefined behaviour and cannot be relied on.
This introduces internal abstraction for io streams, that allows
implementing the desired virtualization of read/write operations
with necessary timeout handling.
ASTERISK-24515 #close
ASTERISK-24517 #close
Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85
Correct typo of end-pints to end-points
Re-wrap session timer parameter docs to max 80 chars wide; this
eases reading on terminals with lower resolution, commonly the case
for those with visual impairments.
ASTERISK-26573
Change-Id: I22c94459f4bb6b8a2f6713cfd22e87c32f204e6b
Signed-off-by: C.J. Collier <cjcollier@linuxfoundation.org>
