A test agent was continuously failing all ARI tests when run against
Asterisk 13. As it turns out, the reason for this is that on those test
runs, for some reason we decided to use the super extended 64 bit
payload length for websocket text frames instead of the extended 16 bit
payload length. For 64-bit payloads, the expected byte order over the
network is
7, 6, 5, 4, 3, 2, 1, 0
However, we were sending the payload as
3, 2, 1, 0, 7, 6, 5, 4
This meant that we were saying to expect an absolutely MASSIVE payload
to arrive. Since we did not follow through on this expected payload
size, the client would sit patiently waiting for the rest of the payload
to arrive until the test would time out.
With this change, we use the htobe64() function instead of htonl() so
that a 64-bit byte-swap is performed instead of a 32 bit byte-swap.
Change-Id: Ibcd8552392845fbcdd017a8c8c1043b7fe35964a
This change fixes a bug where the DTLS timeout timer would be
initialized to 0 if DTLS was not used for an RTP session.
ASTERISK-25103
Change-Id: If8d26bb054f1d300838850da5b8db9044c2fe2ac
This change moves logic for setting up the DTLS SSL contexts to
when the SDP is done being processed instead of when ICE negotiation
completes. It also stops handshakes from being initiated when we
are acting as a server.
Manipulating the SSL context when ICE negotiation has completed
is problematic as the SSL context is not protected and if acting
as a client the remote side may have started DTLS negotiation
already.
The retransmission timeout timer code has also been split up
and simplified some. Both RTP and RTCP now have their own timers
and the points at which the timer is stopped and started is now
more specific. When a packet is sent the timer is started. When
a response is received but before it is processed the timer is
stopped. This provides a guarantee that the timeout is not
occurring while the response is processed.
ASTERISK-22805 #close
ASTERISK-24550 #close
ASTERISK-24651 #close
ASTERISK-24832 #close
ASTERISK-25103 #close
ASTERISK-25127 #close
Change-Id: Ib75ea2546f29d6efc3d2d37c58df6986c7bd9b91
This fixes so a failure to get a timer file descriptor does not cascade
to closing FD 0.
On error, both res_timing_kqueue and res_timing_timerfd would call the
destructor before setting the file handle. The file handle had been
initialized to 0, causing FD 0 to be closed. This in turn, resulted in
floods of "CLI>" messages and an unusable terminal.
ASTERISK-19277 #close
Reported by: Barry Chern
Change-Id: I147d7e33726c6e5a2751928d56561494f5800350
This patch updates a variety of Makefiles in Asterisk's build system to
remove .gcda and .gcno files when 'make clean' is executed. These files
are generated when '--enable-coverage' is passed to the Asterisk
configure script.
Change-Id: Ib70b41eea2ee2908885bff02e80faf9f40c84602
First byte of DTLS packet shall be in range 20-63, not 20-64. Refer to RFC
https://tools.ietf.org/html/rfc5764#section-5.1.2 for correct values.
Change-Id: Iae6fa0d72b37c36a27fe40686e0ae6fba3afec31
While trying to get WebRTC working with chan_pjsip, I was running
into the following error:
Attempted to set an invalid DTLS-SRTP configuration on RTP
instance...
Josh helpfully pointed out that res_srtp.so might not be loaded, and
sure enough, it wasn't. This patch adds a ERROR indiciating as much
to hopefully help others having a similar problem.
Change-Id: I13aa477b47b299876728a21b130998a0ea6cd19f
Apply the negative connection cache setting to all connections,
even those that are not pooled. This ensures that the connection
will not be re-established before the negative connection cache
time is met.
ASTERISK-22708 #close
Change-Id: I431cc2e8584ab0b6908b3523d0a0e18c9a527271
A previous set of patches (see: ASTERISK-22790 & ASTERISK-23231) made it so
a v.27 modem was not allowed to have a minimum transmission rate of 2400 bits
per second. This reverts all or some of those patches since according to the
v.27ter standard a rate of 2400 bits per second is also supported.
One of the original patches also added 9600 bits per second support for v.27.
This patch also removes that since v.27ter only supports 2400/4800 bits per
second.
Also, since Asterisk specifically supports v.27ter the enum was renamed to
better reflect this.
ASTERISK-24955 #close
Reported by: Matt Jordan
Change-Id: I4b9dfb6bf7eff08463ab47ee1a74224f27cae733
ao2 ref leak in res_rtp_asterisk.c when a DTLS policy is created.
The resources are linked into a table, but the original alloc refs
are never released. ast_strdup leak in rtp_engine.c. If
ast_rtp_dtls_cfg_copy() is called twice on the same destination struct,
a pointer to an alloc'd string is overwritten before the string is free'd.
ASTERISK-25022
Reported by: one47
Change-Id: I62a8ceb8679709f6c3769136dc6aa9a68202ff9b
clang can warn about a so called tautological-compare, when it finds
comparisons which are logically always true, and are therefore deemed
unnecessary.
Example:
unsigned int x = 4;
if (x > 0) // x is always going to be bigger than 0
Enum Case:
Each enumeration is its own type. Enums are an integer type but they do not
have to be *signed*. C leaves it up to the compiler as an implementation
option what to consider the integer type of a particular enumeration is.
Gcc treats an enum without negative values as an int while clang treats this
enum as an unsigned int.
rmudgett & mmichelson:
cast the enum to (unsigned int) in assert. The cast does have an effect.
For gcc, which seems to treat all enums as int, the cast to unsigned int
will eliminate the possibility of negative values being allowed. For
clang, which seems to treat enums without any negative members as
unsigned int, the cast will have no effect. If for some reason in the
future a negative value is ever added to the enum the assert will still
catch the negative value.
ASTERISK-24917
Change-Id: Ief23ef68916192b9b72dabe702b543ecfeca0b62
Add the .gitignore and .gitreview files to the asterisk repo.
NB: You can add local ignores to the .git/info/exclude file
without having to do a commit.
Common ignore patterns are in the top-level .gitignore file.
Subdirectory-specific ignore patterns are in their own .gitignore
files.
Change-Id: I2b7513fc9acf5d432cf9587c25faa9786af14abf
Tested-by: George Joseph
This patch fixes several warnings caught by clang - in this case, usage of the
abs function on non-integer values. This patch uses labs and fabs, as
appropriate, in the various affected files.
Review: https://reviewboard.asterisk.org/r/4525
ASTERISK-24917
Reported by: dkdegroot
patches:
rb4525.patch submitted by dkdegroot (License 6600)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433749 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Clang will treat ((a == b)) as a warning, as it reasonably expects that the
developer may have intended to write (a == b) or ((a = b)). This patch cleans
up all instances where equality, not assignment, was intended between two
parantheses.
Review: https://reviewboard.asterisk.org/r/4531/
ASTERISK-24917
Repoted by: dkdegroot
patches:
rb4531.patch submitted by dkdegroot (License 6600)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433687 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Due to a quirk in the configuration handling of res_xmpp, the 'autoregister'
setting was never actually processed. This was due to not properly copying
over the global settings to the client settings when applying the
configuration to the run-time object.
ASTERISK-14233
ASTERISK-24780 #close
Reported by: Simon Arlott
patches:
asterisk-13.1.0-24780 uploaded by Simon Arlott (License 5756)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433395 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When escaping backslashes with MySQL, the proper way to escape the characters
in a LIKE clause is to escape the '\' four times, i.e., '\\\\'. To quote the
MySQL manual:
"Because MySQL uses C escape syntax in strings (for example, “\n” to represent
a newline character), you must double any “\” that you use in LIKE strings.
For example, to search for “\n”, specify it as “\\n”. To search for “\”,
specify it as “\\\\”; this is because the backslashes are stripped once by the
parser and again when the pattern match is made, leaving a single backslash to
be matched against."
ASTERISK-24808 #close
Reported by: Javier Acosta
patches:
res_config_odbc.diff uploaded by Javier Acosta (License 6690)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@432720 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Some WebSocket applications, like [chan_respoke][], require a larger
frame size than the default 8k; this patch bumps the default to 16k.
This patch also fixes some problems exacerbated by large frames.
The sanity counter was decremented on every fread attempt in
ws_safe_read(), regardless of whether data was read from the socket or
not. For large frames, this could result in loss of sanity prior to
reading the entire frame. (16k frame / 1448 bytes per segment = 12
segments).
This patch changes the sanity counter so that it only decrements when
fread() doesn't read any bytes. This more closely matches the original
intention of ws_safe_read(), given that the error message is
"Websocket seems unresponsive".
This patch also properly logs EOF conditions, so disconnects are no
longer confused with unresponsive connections.
[chan_respoke]: https://github.com/respoke/chan_respoke
Review: https://reviewboard.asterisk.org/r/4431/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@432236 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch modifies the ast_odbc_find_table function such that it only performs
a lookup of the requested table if the table is not already known. Prior to
this patch, a queries would be executed against the database even if the table
was already known and cached.
Review: https://reviewboard.asterisk.org/r/4405/
ASTERISK-24742 #close
Reported by: ibercom
patches:
patch.diff uploaded by ibercom (License 6599)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431617 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A recent security fix for OpenSSL broke DTLS negotiation for many
applications. This was caused by read ahead not being enabled when it
should be. While a commit has gone into OpenSSL to force read ahead
on for DTLS it may take some time for a release to be made and the
change to be present in distributions (if at all). As enabling read
ahead is a simple one line change this commit does that and fixes
the issue.
ASTERISK-24711 #close
Reported by: Jared Biel
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431384 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change makes the T.38 negotiation timeout configurable via
't38timeout' in res_fax.conf or FAXOPT(t38timeout). It was previously
hard coded to be 5000 milliseconds.
This change also handles T.38 switch failures by aborting the fax since
in the case where this can happen, both sides have agreed to switch to
T.38 and Asterisk is unable to do so.
Review: https://reviewboard.asterisk.org/r/4320/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@430415 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r413586 (1.8) various casts were added to silence gcc 4.10 warnings.
Those fixes included things like:
-out += sprintf(out, "%%%02X", (unsigned char) *ptr);
+out += sprintf(out, "%%%02X", (unsigned) *ptr);
That works for low ascii characters, but for the high range that yields
e.g. FFFFFFC3 when C3 is expected.
This changeset:
- fixes those casts to use the 'hh' unsigned char modifier instead
- consistently uses %02x instead of %2.2x (or other non-standard usage)
- adds a few 'h' modifiers in various places
- fixes a 'replcaes' typo
- dev/urandon typo (in 13+ patch)
Review: https://reviewboard.asterisk.org/r/4263/
ASTERISK-24619 #close
Reported by: Stefan27 (on IRC)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429673 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Verbose message displayed when a file is played back via 'stream file'
was formatted differently than other playbacks:
* It didn't include the channel name
* It didn't include the channel language
It does, however, include the playback offset as well as any escape digits.
That information was kept; however, this patch updates the formatting to more
closely match the Verbose messages displayed when a file is played back by
'control stream file', Playback, ControlPlayback, or any other file playback
operation.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429517 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Frames with a payload length of 0 were incorrectly handled in res_http_websocket.
Provided a frame with a payload had been received prior it was possible for a double
free to occur. The realloc operation would succeed (thus freeing the payload) but be
treated as an error. When the session was then torn down the payload would be
freed again causing a crash. The read function now takes this into account.
This change also fixes assumptions made by users of res_http_websocket. There is no
guarantee that a frame received from it will be NULL terminated.
ASTERISK-24472 #close
Reported by: Badalian Vyacheslav
Review: https://reviewboard.asterisk.org/r/4220/
Review: https://reviewboard.asterisk.org/r/4219/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429270 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When repeatedly starting/stopping a Monitor on a channel, the accumulated
in/out sample counts are never reset to 0. This can cause inadvertent jumps
in the recordings, as the code in the channel core will determine incorrectly
that a jump in the recorded file position should occur. Setting the sample
counts to 0 simply reflects the initial state a Monitor should be in when it
is started, as this is the initial count that would be on the channels at that
time.
ASTERISK-24573 #close
Reported by: Nuno Borges
patches:
24573.patch uploaded by Nuno Borges (License 6116)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429031 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When frames are translated by a fax gateway they need to be freed. The
existing call to ast_frfree was unreachable. This change reorganizes
fax_gateway_framehook to ensure that ast_frfree is called when needed.
ASTERISK-24457 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4115/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426527 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When Moises committed the fixes for WSS (which was a great patch), wdoekes had
a few style nits that were on the review that got missed. This patch resolves
what I *think* were all of the ones that were still on the review.
Thanks to both moy for the patch, and wdoekes for the reviews.
Review: https://reviewboard.asterisk.org/r/3248/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426209 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In libsrtp 1.5.0, crypto_get_random is no longer resolved simply by including
srtp.h. Now, one must include crypto_kernel.h as well. As it turns out, this
header file has been provided by the library since 2006, so this is a
relatively benign change.
ASTERISK-24436 #close
Reported by: Patrick Laimbock
........
Merged revisions 426140 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426141 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425986 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In the case where the ICE negotiation had not yet started current state would
get wiped when it shouldn't.
This also removes channel binding as in practice this does not work well with
other implementations.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425644 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fax gateway session objects can be re-used, causing the
same gateway session to be added to faxregistry.container
more than once. This change causes fax_session_new to
remove the reserved session from the container before
it's id is changed, ensuring it's possible for the
session to be freed.
ASTERISK-24392 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4049/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425457 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When starting ice if there is not at least one remote ice candidate with an RTP
component asterisk will crash. This is due to an assertion in pjnath as it
expects at least one candidate with an RTP component. Added a check to make
sure at least one candidate contains an RTP component and at least one candidate
has an RTCP component.
ASTERISK-24383 #close
Review: https://reviewboard.asterisk.org/r/4039/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The underlying library, pjnath, that res_rtp_asterisk uses for ICE
support does not have support for ICE-TCP. As candidates are
passed through directly to it this can cause error messages to occur
when it receives something unexpected (such as a TCP candidate).
This change merely ignores all non-UDP candidates so they never
reach pjnath.
ASTERISK-24326 #close
Reported by: Joshua Colp
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424852 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change fixes an issue where ICE candidates put into the SDP did not contain
the 'raddr' and 'rport' information for server reflexive and relay candidates.
#SIPit31
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@424151 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If faxing fails at a very early stage, then it is possible for
us to pass a NULL t30 state pointer to spandsp, which spandsp
is none too pleased with.
This patch ensures that we pass the correct pointer to spandsp
in the situation where we have not yet set our local t30 state
pointer.
ASTERISK-24301 #close
Reported by Matt Jordan
Patches:
ASTERISK-24301-fax.diff Uploaded by Mark Michelson (License #5049)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@423360 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1. The number of file descriptors an ioqueue instance can handle is fixed, so we
now spawn the required number to handle the load.
2. Our transport identifiers were exceeding the range supported by pjnath.
3. The TURN client did not set up client binding causing needless bandwidth usage.
4. The code no longer updates address information on each packet.
5. STUN traffic was getting looped back to Asterisk instead of going through the
TURN server.
6. Synchronization now ensures things are completely setup or destroyed.
7. Logging now reflects the target the TURN server is sending to/receiving from
on our behalf.
ASTERISK-23577 #close
Reported by: Jay Jideliov
ASTERISK-23634 #close
Reported by: Roman Skvirsky
Review: https://reviewboard.asterisk.org/r/3982/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@423150 65c4cc65-6c06-0410-ace0-fbb531ad65f3
