This is based on the review request posted by Walter Doekes
(referenced lower in the commit message)
The main fix here is to treat the IPorHost portion of the dial
string as a temporary outbound proxy. This ensures requests
get sent to the proper location.
Due to the age of the request, some parts were no longer relevant.
For instance, the request moved outbound proxy parsing code into
a single method. This is done in a previous commit, so it was not
necessary to do again.
Also, the review request fixed some errors with regards to request
routing for CANCEL and ACK requests. This has also been fixed in
more recent commits.
(closes issue ASTERISK-19677)
reported by Walter Doekes
Review https://reviewboard.asterisk.org/r/1859
........
Merged revisions 370769 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@370843 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1) There is no such function as ast_ref()
2) The patch was originally credited as the one uploaded by Guenther
Kelleter (license 6372) via issue AST-921, but the patch committed
was not the patch referenced on the issue.
3) Guenther Kelleter's patch was actually correct. It moved the
ast_free above the presencechange_cleanup label. I am not
committing his change as it is not technically necesary--calling
ast_free(NULL) is perfectly safe and I worry that moving the
ast_free outside of the label could lead to future bugs if
someone ever adds another failure conditional and expects
'goto presencechange_cleanup;' to clean up after everything.
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@370472 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The patch for r368759 in Asterisk 1.8 relied upon the methods
analog_unlock_private/analog_lock_private. In earlier versions of 1.8,
including the Certified Asterisk 1.8.11 branch, those two methods were
unused, and hence were undefined out of the source. When the patch was made
for 1.8.11-cert5, those two functions were not re-defined back in. This caused
linking errors when sig_analog was loaded.
This patch properly restores those two methods, such that the fix for AST-891
works correctly.
(issue AST-891)
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@369964 65c4cc65-6c06-0410-ace0-fbb531ad65f3
------------------------------------------------------------------------
r365395 | qwell | 2012-05-04 16:17:08 -0500 (Fri, 04 May 2012) | 7 lines
Add support for folders in MixMonitor 'm' option. Backport manager actions.
The manager actions are needed, so MixMonitor can be executed on existing
channels.
(issue DPMA-68)
------------------------------------------------------------------------
r364761 | qwell | 2012-05-01 12:25:14 -0500 (Tue, 01 May 2012) | 6 lines
Remove folder_dir from voicemail snapshots API.
It was both unused (except in tests, where it was fudged) and unnecessary.
(closes issue AST-842)
------------------------------------------------------------------------
r367161 | mmichelson | 2012-05-21 14:05:52 -0500 (Mon, 21 May 2012) | 21 lines
Add "send to voicemail" Digium phone functionality to Asterisk.
This change accommodates two methods by which calls can be directed to
a user's voicemail.
* Incoming calls can be redirected to any user's voicemail.
* Established calls can be blind transferred to any user's voicemail.
Digium phones indicate the desire to direct a call to voicemail by using
a Diversion header with a reason parameter of "send_to_vm".
This patch adds the "send_to_vm" reason as a valid redirecting reason. In
addition, chan_sip.c has been modified to update redirecting information
on the transferred channel by reading a Diversion header on a REFER request.
(closes issue AST-871)
Reported by Malcolm Davenport
Review: https://reviewboard.asterisk.org/r/1925
------------------------------------------------------------------------
r368790 | mjordan | 2012-06-12 08:44:36 -0500 (Tue, 12 Jun 2012) | 18 lines
Fix deadlock in SIP transfers that involve a REFER request
In r367163, "send to voicemail" functionality was added to the SIP channel
driver. This required updating the party redirecting information for the
channel based on the headers provided in the REFER request. When the
redirecting party information is updated on the channel, a call to
ast_indicate_data occurs. Because handle_request_refer still had the sip_pvt
locked, a deadlock could occur between the pbx_thread and the do_monitor thread
servicing the REFER request.
This patch preserves the proper locking order between the channel and the
sip_pvt by ensuring that the sip_pvt is unlocked prior to updating the party
redirecting information on the channel.
(closes issue AST-903)
Reported by: Matt Jordan
patches:
jira_ast_903_trunk.patch by rmudgett (license 5621)
------------------------------------------------------------------------
r368962 | qwell | 2012-06-14 13:38:48 -0500 (Thu, 14 Jun 2012) | 11 lines
Remove global symbol requirement from app_voicemail.
This uses the existing "function installation" stuff that already existed for
other functions, like getting message counts.
(closes issue AST-807)
(issue AST-901)
(issue AST-908)
Review: https://reviewboard.asterisk.org/r/1965/
------------------------------------------------------------------------
r368964 | qwell | 2012-06-14 14:03:24 -0500 (Thu, 14 Jun 2012) | 8 lines
These functions that were moved need to be static.
Also wrap test functions in a #ifdef.
(issue AST-807)
(issue AST-901)
(issue AST-908)
------------------------------------------------------------------------
r368998 | qwell | 2012-06-15 10:31:43 -0500 (Fri, 15 Jun 2012) | 6 lines
Remove some symbol exports that got missed in the removal of global symbols.
(issue AST-807)
(issue AST-901)
(issue AST-908)
------------------------------------------------------------------------
r369024 | qwell | 2012-06-15 11:29:40 -0500 (Fri, 15 Jun 2012) | 2 lines
Fix voicemail API tests by using the correct argument order for create/destroy.
------------------------------------------------------------------------
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@369839 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Re-enable res_smdi/res_adsi by default, as they are both now considered
core supported modules.
(issue AST-900)
Reported by: Thomas Arimont
(issue AST-885)
Reported by: Denis Alberto Martinez
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368919 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Recently, various issues surrounding weak attributes have caused problems with
modules that rely on that feature to be enabled in menuselect. This includes
app_voicemail and chan_dahdi, as they both rely upon res_smdi and res_adsi,
which, in certain circumstances, may not be enabled by default in menuselect.
Because res_smdi/res_adsi are dependencies for chan_dahdi/app_voicemail, this
patch marks both as 'core' supported modules. This will allow both
app_voicemail and chan_dahdi to be enabled as well, regardless of whether or
not that system supports weak attributes.
(issue AST-900)
Reported by: Thomas Arimont
(issue AST-885)
Reported by: Denis Alberto Martinez
........
Merged revisions 368894 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368897 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r367163, "send to voicemail" functionality was added to the SIP channel
driver. This required updating the party redirecting information for the
channel based on the headers provided in the REFER request. When the
redirecting party information is updated on the channel, a call to
ast_indicate_data occurs. Because handle_request_refer still had the sip_pvt
locked, a deadlock could occur between the pbx_thread and the do_monitor thread
servicing the REFER request.
This patch preserves the proper locking order between the channel and the
sip_pvt by ensuring that the sip_pvt is unlocked prior to updating the party
redirecting information on the channel.
(closes issue AST-903)
Reported by: Matt Jordan
patches:
jira_ast_903_trunk.patch by rmudgett (license 5621)
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368790 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Certain branches, such as Certified Asterisk, may have a modifier added to
them that specifies the features available in that branch. For branches, this
modifier is expected to be reflected in the location of the branch in
subversion. For example, a subversion of URL of /certified/branches/1.8.11
would have a feature modifier of 'certified'. This is slightly different then
how features are determined for tags, where the feature is part of the actual
tag name, e.g., "10.5.0-digiumphones".
In keeping with the nomenclature used for tags, the feature specifier for
branches is translated and placed after the revision numbers. For the example
given previously, this would result in a branch version of
"Asterisk SVN-branch-1.8.11-cert-rXXXXXX".
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368608 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Made schedule_delivery() set the received frame f->data.ptr to NULL if
the datalen is zero.
* Fix queue_signalling() memcpy() size error.
* Made queue_signalling() not use C++ keyword variable names.
(closes issue ASTERISK-19597)
Reported by: mgrobecker
Patches:
jira_asterisk_19597_v1.8.patch (license #5621) patch uploaded by rmudgett
Tested by: rmudgett, Michael L. Youngi
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@367847 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a skinny session is unregistered, the corresponding device pointer is set
to NULL in the channel private data. If the client was not in the on-hook state
at the time the connection was closed, the device pointer can later be
dereferened if a message or channel event attempts to use a line's pointer to
said device.
The patches prevent this from occurring by checking the line's pointer in
message handlers and channel callbacks that can fire after an unregistration
attempt.
(closes issue ASTERISK-19905)
Reported by: Christoph Hebeisen
Tested by: mjordan, Damien Wedhorn
Patches:
AST-2012-008-1.8.diff uploaded by mjordan (license 6283)
AST-2012-008-10.diff uploaded by mjordan (licesen 6283)
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@367846 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change accommodates two methods by which calls can be directed to
a user's voicemail.
* Incoming calls can be redirected to any user's voicemail.
* Established calls can be blind transferred to any user's voicemail.
Digium phones indicate the desire to direct a call to voicemail by using
a Diversion header with a reason parameter of "send_to_vm".
This patch adds the "send_to_vm" reason as a valid redirecting reason. In
addition, chan_sip.c has been modified to update redirecting information
on the transferred channel by reading a Diversion header on a REFER request.
(closes issue AST-871)
Reported by Malcolm Davenport
Review: https://reviewboard.asterisk.org/r/1925
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@367161 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r363102 | mjordan | 2012-04-23 08:37:55 -0500 (Mon, 23 Apr 2012) | 16 lines
AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling
When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue. When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue. The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun. This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.
(closes issue ASTERISK-19592)
Reported by: Russell Bryant
........
Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
r363106 | mjordan | 2012-04-23 09:05:02 -0500 (Mon, 23 Apr 2012) | 17 lines
AST-2012-006: Fix crash in UPDATE handling when no channel owner exists
If Asterisk receives a SIP UPDATE request after a call has been terminated and
the channel has been destroyed but before the SIP dialog has been destroyed, a
condition exists where a connected line update would be attempted on a
non-existing channel. This would cause Asterisk to crash. The patch resolves
this by first ensuring that the SIP dialog has an owning channel before
attempting a connected line update. If an UPDATE request is received and no
channel is associated with the dialog, a 481 response is sent.
(closes issue ASTERISK-19770)
Reported by: Thomas Arimont
Tested by: Matt Jordan
Patches:
ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)
........
r363141 | jrose | 2012-04-23 09:33:16 -0500 (Mon, 23 Apr 2012) | 20 lines
AST-2012-004: Fix an error that allows AMI users to run shell commands sans authorization.
As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
actions were able to run system commands by going through other AMI commands which did
not require that authorization. Specifically, GetVar and Status allowed users to do this
by setting their variable/s options to the SHELL or EVAL functions.
Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
allowed users with originate permission to run MixMonitor and supply a shell command
in the Data argument. That flaw is fixed in those versions of this patch.
(closes issue ASTERISK-17465)
Reported By: David Woolley
Patches:
162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
........
Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 363102,363106,363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@363161 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This merges fixes for the following issues into the 1.8-digiumphones branch:
* ASTERISK-19355 - Call transfer with consultation frequently fails in cross-
linked Asterisk scenario (directmedia & sendrpid active)
* ASTERISK 19365 - Remote SIP Call legs are frequently not released in a
cross-linked Asterisk scenario (directmedia & sendrpid)
* ASTERISK-19183 - Sporadically missing connectedline event to caller channel
in directed pickup app
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@362042 65c4cc65-6c06-0410-ace0-fbb531ad65f3
These were originally written while merging features into trunk, but
these tests apply just as much for the 1.8 version of Digium phones, so
might as well have them here, too.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@361283 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r359656 | mjordan | 2012-03-15 13:35:59 -0500 (Thu, 15 Mar 2012) | 22 lines
Fix remotely exploitable stack overrun in Milliwatt
Milliwatt is vulnerable to a remotely exploitable stack overrun when using
the 'o' option. This occurs due to the milliwatt_generate function not
accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of
samples it can put in the output buffer.
This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET
when determining the maximum number of samples allowed. Note that at no
point is remote code execution possible. The data that is written into the
buffer is the pre-defined Milliwatt data, and not custom data.
(closes issue ASTERISK-19541)
Reported by: Russell Bryant
Tested by: Matt Jordan
Patches:
milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)
Note that this patch was written by Russell, even though Matt uploaded it
........
Merged revisions 359645 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
r359706 | mjordan | 2012-03-15 14:01:22 -0500 (Thu, 15 Mar 2012) | 16 lines
Fix remotely exploitable stack overflow in HTTP manager
There exists a remotely exploitable stack buffer overflow in HTTP digest
authentication handling in Asterisk. The particular method in question
is only utilized by HTTP AMI. When parsing the digest information, the
length of the string is not checked when it is copied into temporary buffers
allocated on the stack.
This patch fixes this behavior by parsing out pre-defined key/value pairs
and avoiding unnecessary copies to the stack.
(closes issue ASTERISK-19542)
Reported by: Russell Bryant
Tested by: Matt Jordan
........
r359979 | rmudgett | 2012-03-20 12:21:16 -0500 (Tue, 20 Mar 2012) | 28 lines
Allow AMI action callback to be reentrant.
Fix AMI module reload deadlock regression from ASTERISK-18479 when it
tried to fix the race between calling an AMI action callback and
unregistering that action. Refixes ASTERISK-13784 broken by
ASTERISK-17785 change.
Locking the ao2 object guaranteed that there were no active callbacks that
mattered when ast_manager_unregister() was called. Unfortunately, this
causes the deadlock situation. The patch stops locking the ao2 object to
allow multiple threads to invoke the callback re-entrantly. There is no
way to guarantee a module unload will not crash because of an active
callback. The code attempts to minimize the chance with the registered
flag and the maximum 5 second delay before ast_manager_unregister()
returns.
The trunk version of the patch changes the API to fix the race condition
correctly to prevent the module code from unloading from memory while an
action callback is active.
* Don't hold the lock while calling the AMI action callback.
(closes issue ASTERISK-19487)
Reported by: Philippe Lindheimer
Review: https://reviewboard.asterisk.org/r/1818/
Review: https://reviewboard.asterisk.org/r/1820/
........
Merged revisions 359656,359706,359979 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@360826 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If an extension's 'app' field is NULL, then a "(null)" string
would be written into an ast_str due to the way that snprintf
works. When this is passed to ast_strlen_zero(), it fires up
a big warning indicating something is probably wrong.
There indeed was a problem, but luckily it wasn't a very big
problem. After the failed ast_strlen_zero() check and big
warning message, the very next if statement, checking to
see if the "(null)" matched a presence provider, would fail,
so no harm was done.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@360031 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In the change from 1.6.2 to 1.8, ast_sockaddr was introduced which changed the
behavior of ast_find_ourip such that port number was wiped out. This caused
the port in internip (which is used for Contact and Call-ID on NOTIFYs) to be
0. This change causes ast_find_ourip to be port-preserving again.
(closes issue ASTERISK-19430)
........
Merged revisions 357665 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@358692 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r354890, a memory leak in app_voicemail was fixed by properly disposing of
the allocated heard/deleted pointers. However, there are situations,
particularly when no messages are found in a folder, where these pointers are
not allocated and not NULL. In that case, an invalid free would be attempted,
which could crash app_voicemail. As there are a number of code paths where
this could occur, this patch uses the number of messages detected in the folder
before it attempts to free the pointers. This resolves the crash detected in
the Asterisk Test Suite's check_voicemail_nominal test.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@356797 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The SIP TCP/TLS worker threads were created joinable but noone could join
them if they died on their own.
* Fix the SIP TCP/TLS worker threads to not be created joinable.
* _sip_tcp_helper_thread() only needs one parameter since the pvt
parameter is only passed in as NULL and never used.
(closes issue ASTERISK-19203)
Reported by: Steve Davies
Review: https://reviewboard.asterisk.org/r/1714/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@356677 65c4cc65-6c06-0410-ace0-fbb531ad65f3
