When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.
........
Merged revisions 426858 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426860 65c4cc65-6c06-0410-ace0-fbb531ad65f3
set_member_value has a couple leaks to references in the variable q
found through testsuite tests/queues/set_penalty. Also remove the
REF_DEBUG_ONLY_QUEUES compiler declaration, this is no longer possible
with the updated REF_DEBUG code.
ASTERISK-24466 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4125/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426805 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In update_messages_by_imapuser(), messages were appended to a finite
array which resulted in a crash when an IMAP mailbox contained more
than 256 entries. This memory is now dynamically increased as needed.
Observe that this patch adds a bunch of XXX's to questionable code. See
the review (url below) for more information.
ASTERISK-24190 #close
Reported by: Nick Adams
Tested by: Nick Adams
Review: https://reviewboard.asterisk.org/r/4126/
........
Merged revisions 426691 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426692 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When frames are translated by a fax gateway they need to be freed. The
existing call to ast_frfree was unreachable. This change reorganizes
fax_gateway_framehook to ensure that ast_frfree is called when needed.
ASTERISK-24457 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4115/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426527 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When Moises committed the fixes for WSS (which was a great patch), wdoekes had
a few style nits that were on the review that got missed. This patch resolves
what I *think* were all of the ones that were still on the review.
Thanks to both moy for the patch, and wdoekes for the reviews.
Review: https://reviewboard.asterisk.org/r/3248/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426209 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In libsrtp 1.5.0, crypto_get_random is no longer resolved simply by including
srtp.h. Now, one must include crypto_kernel.h as well. As it turns out, this
header file has been provided by the library since 2006, so this is a
relatively benign change.
ASTERISK-24436 #close
Reported by: Patrick Laimbock
........
Merged revisions 426140 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426141 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425986 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The outboundproxy setting is currently ignored when sending OPTIONS requests
as a result of the qualify setting. This means that if an Asterisk server is
unable to send the packet directly to a peer, it is unable to qualify any
non-inbound registered peer (e.g. a peer SIP Trunk).
This patch grabs the outboundproxy information for a peer when a qualify
attempt is being constructed and, if it finds the information, uses it
when sending the OPTIONS request.
Review: https://reviewboard.asterisk.org/r/3948
ASTERISK-24063 #close
Reported by: Damian Ivereigh
patches:
outboundproxy-dai.patch uploaded by Damian Ivereigh (License 6632)
........
Merged revisions 425818 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425819 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In the case where the ICE negotiation had not yet started current state would
get wiped when it shouldn't.
This also removes channel binding as in practice this does not work well with
other implementations.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425644 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fax gateway session objects can be re-used, causing the
same gateway session to be added to faxregistry.container
more than once. This change causes fax_session_new to
remove the reserved session from the container before
it's id is changed, ensuring it's possible for the
session to be freed.
ASTERISK-24392 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4049/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425457 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The main Makefile has a target test called 'badshell' that tests if
DESTDIR does not happen to have an an-expanded tilde (~). This might
be the case if you run: make install DESTDIR=~/somewhere/
That test also disallowed valid tildes in directory names. The test is
now changed to only trigger on a tilde at the start of the path.
ASTERISK-13797 #close
Reported by: Tzafrir Cohen
Review: https://reviewboard.asterisk.org/r/4064/
........
Merged revisions 425291 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425292 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If a device re-INVITEs at the same time as the dialog is hung up, and
if then the ACK to the re-INVITE never reaches Asterisk, chan_sip would
fail to destroy the dialog after a while. This resulted in (most
prominently) file handle leaks.
(Patch reindented by me.)
ASTERISK-20784 #close
ASTERISK-15879 #close
Reported by: Torrey Searle, Nitesh Bansal
Patches:
reinvite_ack_timeout.patch uploaded by Torrey Searle (License #5334)
patch_asterisk_20784.txt uploaded by Nitesh Bansal (License #6418)
Reviewboard: https://reviewboard.asterisk.org/r/4052/
(testcase can be found at r4051)
........
Merged revisions 425068 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425069 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When starting ice if there is not at least one remote ice candidate with an RTP
component asterisk will crash. This is due to an assertion in pjnath as it
expects at least one candidate with an RTP component. Added a check to make
sure at least one candidate contains an RTP component and at least one candidate
has an RTCP component.
ASTERISK-24383 #close
Review: https://reviewboard.asterisk.org/r/4039/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
On systems with lots of RAM (e.g. 24GB) /proc/sys/fs/file-max divided
by two can exceed the per-process file limit of 2^20. This patch
ensures the value is capped.
(Patch cleaned up by me.)
ASTERISK-24011 #close
Reported by: Michael Myles
Patches:
safe_asterisk-ulimit.diff uploaded by Michael Myles (License #6626)
........
Merged revisions 424875 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424878 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The underlying library, pjnath, that res_rtp_asterisk uses for ICE
support does not have support for ICE-TCP. As candidates are
passed through directly to it this can cause error messages to occur
when it receives something unexpected (such as a TCP candidate).
This change merely ignores all non-UDP candidates so they never
reach pjnath.
ASTERISK-24326 #close
Reported by: Joshua Colp
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424852 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If SendMessage encounters an error (such as incorrect input provided to the
action), it will currently return -1. Actions should only return -1 if the
connection to the AMI client should be closed. In this case, SendMessage
causing the client to disconnect is inappropriate.
This patch causes the action to return 0, which simply causes the action to
fail.
Review: https://reviewboard.asterisk.org/r/4024
ASTERISK-24354 #close
Reported by: Peter Katzmann
patches:
sendMessage.patch uploaded by Peter Katzmann (License 5968)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424690 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change fixes an issue where ICE candidates put into the SDP did not contain
the 'raddr' and 'rport' information for server reflexive and relay candidates.
#SIPit31
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424151 65c4cc65-6c06-0410-ace0-fbb531ad65f3
'==' is bashism (bashspecific, fails when dash is /bin/sh). Anyway, a
'case' works better there.
Originally committed in r375059 and r375060 on 2012-10-16 21:13:08.
ASTERISK-20567 #close
Reported by: Tzafrir Cohen
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424117 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Make astob2 REF_DEBUG output an invalid object line when an invalid ao2
object ref/unref is attempted. This is similar to the
constructor/destructor lines.
* Fixed refcounter.py to handle skewed objects that have
constructor/destructor states.
* Made refcounter.py highlight the invalid ao2 object refs by putting them
in their own section of the processed output file.
* Made refcounter.py highlight unreffing an object by more than one that
results in a negative ref count and the object being destroyed. The
abnormally destroyed object is reported in the invalid and finalized
object sections of the output.
Review: https://reviewboard.asterisk.org/r/3971/
........
Merged revisions 423349 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@423400 65c4cc65-6c06-0410-ace0-fbb531ad65f3
