Confbridge dialplan function permission escalation via AMI and inappropriate
class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan
function when executed from an external protocol (for instance AMI), could
result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord”
could also be used to execute arbitrary system commands without first checking
for system access.
Asterisk now inhibits the CONFBRIDGE function from being executed from an
external interface if the live_dangerously option is set to no. Also, the
“ConfbridgeStartRecord” AMI action is now only allowed to execute under a
user with system level access.
ASTERISK-24490
Reported by: Gareth Palmer
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428332 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Under load it was possible for the bridging API, and thus ConfBridge, to get
channels that may have hung up stuck in it. This is because handling of state
transitions for a bridged channel within a bridge was not protected and simply
set the new state without regard to the existing state. If the existing state
had been hung up this would get overwritten.
This change adds locking to protect changing of the state and also
takes into consideration the existing state.
ASTERISK-24440 #close
Reported by: Ben Klang
Review: https://reviewboard.asterisk.org/r/4173/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428299 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If transmit_refer is called when p->refer is already allocated,
it leaks the previous allocation. Updated code to always free
previous allocation during a new allocation. Also instead of
checking if we have a previous allocation, always create a
clean record.
ASTERISK-15242 #close
Reported by: David Woolley
Review: https://reviewboard.asterisk.org/r/4160/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428117 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When r428077 was made for ASTERISK-24522, it failed to take into account users
who are neither wait_marked nor end_marked. These users are *also* supposed to
hear the 'leader has left the conference' message. Granted, this behaviour is
a bit odd; however, that is how it used to work... and behaviour changes are
not good.
This patch ensures that if there are any 'normal' users present when the last
marked user leaves the conference, the message will still be played to them.
Note that this regression was caught by the Asterisk Test Suite's
confbridge_nominal test, which has a quirky combination of users.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428113 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Consider the following:
- A marked user in a conference
- One or more end_marked only users in the conference
When the marked users leaves, we will be in the conf_state_multi_marked state.
This currently will traverse the users, kicking out any who have the end_marked
flags. When they are kicked, a full ast_bridge_remove is immediately called on
the channels. At this time, we also unilaterally set the need_prompt flag.
When the need_prompt flag is set, we then playback a sound to the bridge
informing everyone that the leader has left; however, no one is left in the
bridge. This causes some odd behaviour for the end_marked users - they are
stuck waiting for the bridge to be unlocked. This results in them waiting for
5 or 6 seconds of dead air before hearing that they've been kicked.
Unfortunately, we do have to keep the bridge locked while we're playing back
the 'leader-has-left' prompt. If there are any wait_marked users in the
conference, this behaviour can't be easily changed - but we do make the case
of the end_marked users better with this patch.
Review: https://reviewboard.asterisk.org/r/4184/
ASTERISK-24522 #close
Reported by: Matt Jordan
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428077 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds microsecond precision when inserting a CEL record into a table
with an "eventtime" column of type timestamp, instead of second precision. The
documentation (configs/cel_odbc.conf.sample) was already saying that the
eventtime column included microseconds precision, but that was not the case.
Also, without this patch, if you had a table with an "eventtime" column of
type varchar, you had millisecond precision. With this patch, you also get
microsecond precision in this case.
Review: https://reviewboard.asterisk.org/r/3980
ASTERISK-24283 #close
Reported by: Etienne Lessard
patches:
cel_odbc_time_precision.patch uploaded by Etienne Lessard (License 6394)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427952 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When sending the USERNAME attribute in an RTP STUN
response, the implementation in append_attr_string
passed the actual length, instead of padding it up
to a multiple of four bytes as required by the RFC
3489. This change adds separate variables for the
string and padded attributed lengths, and performs
padding correctly.
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/4139/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427874 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Currently if the leader of a conference bridge leaves any participant
that has musiconhold enabled will not hear the "leader has left" sound.
This is because musiconhold is started and THEN the sound is played.
This change makes it so that the sound is played and THEN musiconhold
is started. This provides a better experience for users as they may not
have known previously why they went back to musiconhold.
Review: https://reviewboard.asterisk.org/r/4177/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427844 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If during the operation of adding an extension a priority is added but
fails it is possible for the extension to be freed but still exist in
the PBX core. If this occurs subsequent lookups may try to access the
extension and end up in freed memory.
This change removes the extension from the PBX core when the priority
addition fails and then frees the extension.
ASTERISK-24444 #close
Reported by: Leandro Dardini
Review: https://reviewboard.asterisk.org/r/4162/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427709 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When DONT_OPTIMIZE is enabled with dev-mode, it causes a shadow compilation
to be done with output to /dev/null. This can cause errors with coverage
when GCC attempts to write to /dev/null.gcno. This change disables
coverage for the shadow compilation.
ASTERISK-24502 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4151/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427682 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In chan_agent, a '*' is used by default to terminate a bridge with a caller.
This can lead to all sorts of problems if '*' is used by a feature in
features.conf, as the chan_agent disconnect '*' may be detected first.
This patch adds a documentation snippet to features.conf so that users who
attempt to use features with agents know of the potential conflict.
ASTERISK-20402 #close
Reported by: Matt Riddell
patches:
features.conf.diff uploaded by Matt Riddell (License 5023)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427617 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r227276, a while loop was turned into a for loop. Unfortunately, a portion
of the while loop was left in the code such that, when a static gateway is
encountered in the list of MGCP gateways, the next gateway would be skipped.
At best, we would simply flip past a gateway; at worst, this could lead to a
crash.
ASTERISK-24500 #close
Reported by: Xavier Hienne
patches:
chan_mgcp.patch uploaded by Xavier Hienne (License 6657)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427613 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When UCS2 character encoding is used, one symbol in national language can be
expanded to 4 bytes. The current buffer used for receiving message in
do_monitor_phone is 256 bytes, which is not large enough for incoming messages.
For example:
* AT+CMGR phone response prefix
'+CMGR: "REC UNREAD","+7**********",,"14/10/29,13:31:39+12"\r\n' - 60 bytes
* SMS body with UCS2 encoding (max) - 280 bytes
* AT+CMGR phone response suffix '\r\n\r\nOK\r\n' - 8 bytes
* Terminating null character - 1 byte
This results in a needed buffer size of 349 bytes. Hence, this patch opts for a
350 byte buffer.
ASTERISK-24468 #close
Reported by: Dmitriy Bubnov
patches:
chan_mobile-1_8.diff uploaded by Dmitriy Bubnov (License 6651)
chan_mobile-trunk.diff uploaded by Dmitry Bubnov (License 6651)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427607 65c4cc65-6c06-0410-ace0-fbb531ad65f3
fn_wrapper only adds a reference to the format's module if the file
was able to be opened. If not this causes an unmatched
ast_module_unref in filestream_destructor. Move ast_module_ref to
get_stream.
ASTERISK-24492 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4149/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427464 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a config file is read, an unescaped semicolon signals comments which are
stripped from the value before it's stored. Escaped semicolons are then
unescaped and become part of the value. Both of these behaviors are normal
and expected. When the config is serialized either by 'dialplan save' or
AMI/UpdateConfig however, the now unescaped semicolons are written as-is.
If you actually reload the file just saved, the unescaped semicolons are
now treated as start of comments.
Since true comments are stripped on read, any semicolons in
ast_variable.value must have been escaped originally. This patch
re-escapes semicolons in ast_variable.values before they're written to
file either by 'dialplan save' or config/ast_config_text_file_save which
is called by AMI/UpdateConfig. I also fixed a few pre-existing formatting
issues nearby in pbx_config.c
Tested-by: George Joseph
ASTERISK-20127 #close
Review: https://reviewboard.asterisk.org/r/4132/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427328 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.
11+: Fix leak of ast_writestream recording_fs in
app_voicemail:leave_voicemail.
ASTERISK-24476 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4138/
........
Merged revisions 427023 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427024 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.
........
Merged revisions 426858 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426860 65c4cc65-6c06-0410-ace0-fbb531ad65f3
set_member_value has a couple leaks to references in the variable q
found through testsuite tests/queues/set_penalty. Also remove the
REF_DEBUG_ONLY_QUEUES compiler declaration, this is no longer possible
with the updated REF_DEBUG code.
ASTERISK-24466 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4125/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426805 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In update_messages_by_imapuser(), messages were appended to a finite
array which resulted in a crash when an IMAP mailbox contained more
than 256 entries. This memory is now dynamically increased as needed.
Observe that this patch adds a bunch of XXX's to questionable code. See
the review (url below) for more information.
ASTERISK-24190 #close
Reported by: Nick Adams
Tested by: Nick Adams
Review: https://reviewboard.asterisk.org/r/4126/
........
Merged revisions 426691 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426692 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When frames are translated by a fax gateway they need to be freed. The
existing call to ast_frfree was unreachable. This change reorganizes
fax_gateway_framehook to ensure that ast_frfree is called when needed.
ASTERISK-24457 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4115/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426527 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When Moises committed the fixes for WSS (which was a great patch), wdoekes had
a few style nits that were on the review that got missed. This patch resolves
what I *think* were all of the ones that were still on the review.
Thanks to both moy for the patch, and wdoekes for the reviews.
Review: https://reviewboard.asterisk.org/r/3248/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426209 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In libsrtp 1.5.0, crypto_get_random is no longer resolved simply by including
srtp.h. Now, one must include crypto_kernel.h as well. As it turns out, this
header file has been provided by the library since 2006, so this is a
relatively benign change.
ASTERISK-24436 #close
Reported by: Patrick Laimbock
........
Merged revisions 426140 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426141 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425986 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The outboundproxy setting is currently ignored when sending OPTIONS requests
as a result of the qualify setting. This means that if an Asterisk server is
unable to send the packet directly to a peer, it is unable to qualify any
non-inbound registered peer (e.g. a peer SIP Trunk).
This patch grabs the outboundproxy information for a peer when a qualify
attempt is being constructed and, if it finds the information, uses it
when sending the OPTIONS request.
Review: https://reviewboard.asterisk.org/r/3948
ASTERISK-24063 #close
Reported by: Damian Ivereigh
patches:
outboundproxy-dai.patch uploaded by Damian Ivereigh (License 6632)
........
Merged revisions 425818 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425819 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In the case where the ICE negotiation had not yet started current state would
get wiped when it shouldn't.
This also removes channel binding as in practice this does not work well with
other implementations.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425644 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fax gateway session objects can be re-used, causing the
same gateway session to be added to faxregistry.container
more than once. This change causes fax_session_new to
remove the reserved session from the container before
it's id is changed, ensuring it's possible for the
session to be freed.
ASTERISK-24392 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4049/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425457 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The main Makefile has a target test called 'badshell' that tests if
DESTDIR does not happen to have an an-expanded tilde (~). This might
be the case if you run: make install DESTDIR=~/somewhere/
That test also disallowed valid tildes in directory names. The test is
now changed to only trigger on a tilde at the start of the path.
ASTERISK-13797 #close
Reported by: Tzafrir Cohen
Review: https://reviewboard.asterisk.org/r/4064/
........
Merged revisions 425291 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425292 65c4cc65-6c06-0410-ace0-fbb531ad65f3
