Commit Graph

29433 Commits

Author SHA1 Message Date
Sean Bright
3f7d0b63fc formats: Restore previous fread() behavior
Some formats are able to handle short reads while others are not, so
restore the previous behavior for the format modules so that we don't
have spurious errors when playing back files.

ASTERISK-27232 #close
Reported by: Jens T.

Change-Id: Iab7f52b25a394f277566c8a2a4b15a692280a300
2017-09-05 11:05:48 -04:00
Walter Doekes
45744fc53d res/res_pjsip: Standardize/fix localnet checks across pjsip.
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.

For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.

Therefore, checks like this look wrong, but are right:

    /* See if where we are sending this request is local or not, and if
       not that we can get a Contact URI to modify */
    if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
        ast_debug(5, "Request is being sent to local address, "
                     "skipping NAT manipulation\n");

(In the list == localnet == DENY == skip NAT manipulation.)

And conversely, other checks that looked right, were wrong.

This change adds two macro's to reduce the confusion and uses those
instead:

    ast_sip_transport_is_nonlocal(transport_state, addr)
    ast_sip_transport_is_local(transport_state, addr)

ASTERISK-27248 #close

Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934
2017-09-05 16:16:01 +02:00
Joshua Colp
7b240d1734 Merge "app_directory: Handle a NULL mailbox without crashing" into 13 2017-09-05 08:20:26 -05:00
Jenkins2
6b9d18be7a Merge "chan_ooh323: Fix confusing indentation warning" into 13 2017-09-05 06:39:56 -05:00
George Joseph
786c4791f9 res_pjsip_t38: Make t38_reinvite_response_cb tolerant of NULL channel
t38_reinvite_response_cb can get called by res_pjsip_session's
session_inv_on_tsx_state_changed in situations where session->channel
is NULL.  If it is, the ast_log warning segfaults because it tries
to get the channel name from a NULL channel.

* Check session->channel and print "unknown channel" when it's NULL.

ASTERISK-27236
Reported by: Ross Beer

Change-Id: I4326e288d36327f6c79ab52226d54905cdc87dc7
2017-09-05 04:54:51 -06:00
Sean Bright
55f30c29fd rtp_engine: Prevent possible double free with DTLS config
ASTERISK-27225 #close
Reported by: Richard Kenner

Change-Id: I097b81734ef730f8603c0b972909d212a3a5cf89
2017-09-01 18:59:35 -04:00
Sean Bright
f36db2dbdc chan_ooh323: Fix confusing indentation warning
ASTERISK-27177 #close
Reported by: Tzafrir Cohen

Change-Id: I40311c404edb2302a7543ad5ca7a06b2a38f2d97
2017-09-01 14:15:40 -04:00
Sean Bright
5f4863d4f9 app_directory: Handle a NULL mailbox without crashing
ASTERISK-27241 #close
Reported by: David Moore

Change-Id: Ibbbca85517b04c315406ebfe3b6f7e0763daedc6
2017-09-01 11:16:09 -04:00
Jenkins2
07577fc997 Merge "chan_pjsip: Add tag info in CHANNEL function" into 13 2017-08-31 17:15:52 -05:00
Jenkins2
b0064245b3 Merge "pjsip_message_ip_updater: Fix issue handling "tel" URIs" into 13 2017-08-31 06:36:46 -05:00
Jenkins2
c4254e237c Merge "AST-2017-006: Fix app_minivm application MinivmNotify command injection" into 13 2017-08-31 06:35:14 -05:00
George Joseph
990b017668 pjsip_message_ip_updater: Fix issue handling "tel" URIs
sanitize_tdata was assuming all URIs were SIP URIs so when a non
SIP uri was in the From, To or Contact headers, the unconditional
cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused
a segfault when trying to access uri->other_param.

* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)
  checks before attempting to cast or use the returned uri.

ASTERISK-27152
Reported-by: Ross Beer

Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f
2017-08-30 18:44:06 +00:00
Corey Farrell
04ee3eb774 AST-2017-006: Fix app_minivm application MinivmNotify command injection
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received.  The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.

* Add ast_safe_execvp() function.  This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding.  This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.

* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.

* Document code injection potential from untrusted data sources for other
shell commands that are under user control.

ASTERISK-27103

Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
2017-08-30 18:41:25 +00:00
Joshua Colp
1a022285dd res_rtp_asterisk: Only learn a new source in learn state.
This change moves the logic which learns a new source address
for RTP so it only occurs in the learning state. The learning
state is entered on initial allocation of RTP or if we are
told that the remote address for the media has changed. While
in the learning state if we continue to receive media from
the original source we restart the learning process. It is
only once we receive a sufficient number of RTP packets from
the new source that we will switch to it. Once this is done
the closed state is entered where all packets that do not
originate from the expected source are dropped.

The learning process has also been improved to take into
account the time between received packets so a flood of them
while in the learning state does not cause media to be switched.

Finally RTCP now drops packets which are not for the learned
SSRC if strict RTP is enabled.

ASTERISK-27013

Change-Id: I56a96e993700906355e79bc880ad9d4ad3ab129c
2017-08-30 18:36:52 +00:00
Jenkins2
844f70f301 Merge "bridge_native_rtp.c: Fixup native_rtp_framehook()" into 13 2017-08-30 08:38:49 -05:00
Richard Mudgett
4aaccb7795 bridge_native_rtp.c: Fixup native_rtp_framehook()
* Fix framehook to test frame type for control frame.
* Made framehook exit early if frame type is not a control frame.
* Eliminated RAII_VAR in framehook.
* Use switch instead of else-if ladder for control frame handling.

Change-Id: Ia555fc3600bd85470e3c0141147dbe3ad07c1d18
2017-08-29 14:22:15 -05:00
Sean Bright
d2ace23248 confbridge: Handle user hangup during name recording
This prevents orphaned CBAnn channels from getting stuck in the bridge.

ASTERISK-26994 #close
Reported by: James Terhune

Change-Id: I5e43e832a9507ec3f2c59752cd900b41dab80457
2017-08-29 10:26:17 -04:00
Jenkins2
2d69137bf4 Merge "app_record: Resolve some absolute vs. relative filename bugs" into 13 2017-08-29 05:22:55 -05:00
Jenkins2
378e0f7764 Merge "voicemail: Fix various abuses of mkstemp" into 13 2017-08-29 05:07:45 -05:00
Jenkins2
71cc740828 Merge "main/app: Only look to end of file if ':end' is specified, and not just ':'" into 13 2017-08-28 07:35:29 -05:00
Jenkins2
06e7d6e750 Merge "res/res_pjsip_session: allow SDP answer to be regenerated" into 13 2017-08-28 06:48:23 -05:00
Jenkins2
a3b36b5043 Merge "alembic: Add dtls_fingerprint column in ps_endpoints table" into 13 2017-08-28 06:43:00 -05:00
Andre Nazario
a45af32983 chan_pjsip: Add tag info in CHANNEL function
Create local_tag and remote_tag in CHANNEL info to get tag from From and
To headers of a SIP dialog.

ASTERISK-27220

Change-Id: I59b16c4b928896fcbde02ad88f0e98922b15d524
2017-08-25 23:06:10 -03:00
Sean Bright
9e6efcace5 voicemail: Fix various abuses of mkstemp
mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.

In the case of app_minivm, we also now properly clean up any temporary
files that we create.

ASTERISK-20858 #close
Reported by: Walter Doekes

Change-Id: I30ad04f0e115f0b11693ff678ba5184d8b938e43
2017-08-25 17:02:17 -04:00
Sean Bright
01b5913ce0 app_record: Resolve some absolute vs. relative filename bugs
If the Record() application is called with a relative filename that
includes directories, we were not properly creating the intermediate
directories and Record() would fail.

Secondarily, updated the documentation for RECORDED_FILE to mention
that it does not include a filename extension.

Finally, rewrote the '%d' functionality to be a bit more straight
forward and less noisy.

ASTERISK-16777 #close
Reported by: klaus3000

Change-Id: Ibc2640cba3a8c7f17d97b02f76b7608b1e7ffde2
2017-08-25 13:25:44 -04:00
Jenkins2
28857047da Merge "app_queue: Evaluate realtime queues when running dialplan functions" into 13 2017-08-25 09:07:53 -05:00
Jenkins2
c0251ae004 Merge "app_voicemail: Honor escape digits in "greeting only" mode" into 13 2017-08-25 08:12:26 -05:00
Florian Floimair
bf178a0f4f alembic: Add dtls_fingerprint column in ps_endpoints table
The ps_endpoints table was missing the dtls_fingerprint column
introduced with commit adba2a8d7f.

ASTERISK-27168 #close

Change-Id: I9cb5006f7f50718b5239919562773adabb334cfd
2017-08-25 08:09:35 -05:00
Matt Jordan
fff2f68616 main/app: Only look to end of file if ':end' is specified, and not just ':'
There is a little known feature in app_controlplayback that will cause the
specified offset to be used relative to the end of a file if a ':end' is
detected within the filename.

This feature is pretty bad, but okay.

However, a bug exists in this code where a ':' detected in the filename
will cause the end pointer to be non-NULL, even if the full ':end' isn't
specified. This causes us to treat an unspecified offset (0) as being
"start playing from the end of the file", resulting in no file playback
occurring.

This patch fixes this bug by resetting the end pointer if ':end' is not
found in the filename.

ASTERISK-23608 #close
Reported by: Jonathan White

Change-Id: Ib4c7b1b45283e4effd622a970055c51146892f35
(cherry picked from commit 13efea24f7)
2017-08-24 13:37:52 -05:00
Sean Bright
579d4593ac app_queue: Evaluate realtime queues when running dialplan functions
ASTERISK-19103 #close
Reported by: Jim Van Meggelen

Change-Id: I4bd32a9d1fcebb8ac56bff0e084d4f53e31b692b
2017-08-24 10:42:24 -04:00
Sean Bright
0af145de2d app_voicemail: Honor escape digits in "greeting only" mode
ASTERISK-21241 #close
Reported by: Eelco Brolman
Patches:
	Patch uploaded by Eelco Brolman (License 6442)

Change-Id: Icbe39b5c82a49b46cf1d168dc17766f3d84f54fe
2017-08-24 09:03:40 -05:00
Sean Bright
d251a961ac res_smdi: Clean up memory leak
Change-Id: I1e33290929e1aa7c5b9cb513f8254f2884974de8
2017-08-24 09:39:24 -04:00
Jenkins2
e8cfd5a80f Merge "bridge_softmix.c: Remove always true test." into 13 2017-08-23 11:20:33 -05:00
Richard Mudgett
3f22b53349 bridge_softmix.c: Remove always true test.
Change-Id: I26238df2ff0d0f6dfe95c3aa35da588f1ee71727
2017-08-22 11:04:15 -05:00
Sungtae Kim
b88c3a4209 app_queue: Fix initial hold time queue statistic
Fixed to use correct initial value and fixed to use the
correct queue info to check the first value.

ASTERISK-27204

Change-Id: Ia9e36c828e566e1cc25c66f73307566e4acb8e73
2017-08-22 08:27:47 -05:00
Jenkins2
71753d67f4 Merge "res_xmpp: fix inverted return code check in OAuth" into 13 2017-08-22 07:43:35 -05:00
Torrey Searle
8e99969000 res/res_pjsip_session: allow SDP answer to be regenerated
If an SDP answer hasn't been sent yet, it's legal to change it.
This is required for PJSIP_DTMF_MODE to work correctly, and can
also have use in the future for updating codecs too.

ASTERISK-27209 #close

Change-Id: Idbbfb7cb3f72fbd96c94d10d93540f69bd51e7a1
2017-08-22 12:22:56 +00:00
Jenkins2
3fffa7ae86 Merge "res_calendar_icalendar: Properly handle recurring events" into 13 2017-08-22 05:07:03 -05:00
Michael Kuron
4faf77feec res_xmpp: fix inverted return code check in OAuth
fetch_access_token calls func_curl via ast_func_read. The latter returns 0 upon
success and -1 if the function is not available.
This commit inverts the return code check so that an error is printed if the
module is not loaded and not if it is loaded.

ASTERISK-27207 #close

Change-Id: I9ef903f80702d1218e8701f65a4e5e918e6548fb
2017-08-22 00:34:54 -05:00
Sean Bright
a6251ec373 res_calendar_icalendar: Properly handle recurring events
When looking for recurring events, use the correct end time based on the
configured 'timeframe.'

ASTERISK-27174 #close
Reported by: Mark Thompson

Change-Id: Id90c3cfc79d561a5521d79be176683e225f2edef
2017-08-17 13:14:54 -04:00
George Joseph
572b5307e0 Fix downloader not working with curl
The codec/dpma downloader wasn't handling curl correctly.  The logic
that transforms makeopts into a bash-sourceable file wasn't
handling the make 'or' command in DOWNLOAD_TIMEOUT so bash was
looking for an 'or' command.

That logic has been eliminated.  Instead of trying to transform
and source makeopts, the downloader now calls a make scriptlet
to print the value of a specific variable.  This way, make handles
the ors (or any other make construct that happens to creep into
that file).

ASTERISK-27202
Reported by: Sean McCord

Change-Id: Iadfb6693528e4d4da7b8bb201fa66da2c71c7f99
2017-08-16 15:04:12 -06:00
Jenkins2
b461fe8bcd Merge "configure: Check cache for valid pjproject tarball before downloading." into 13 2017-08-16 07:06:55 -05:00
Richard Mudgett
8594f73a81 configure: Check cache for valid pjproject tarball before downloading.
On a fresh Asterisk source directory, the bundled pjproject tarball is
unconditionally downloaded even if the tarball is already in a specified
cache directory.

* Made check if the pjproject tarball is valid in the cache directory
before downloading the tarball on a fresh source directory.

Change-Id: Ic7ec842d3c97ecd8dafbad6f056b7fdbce41cae5
2017-08-15 15:17:22 -05:00
Richard Mudgett
d08342b0cb res_pjsip: Fix prune_on_boot to remove only contacts for the host.
* Check that the contact's reg_server matches the host's name before
deleting any prune_on_boot contacts.  We don't want to delete reliable
transport contacts made with other servers if the ps_contacts database
table is shared with other servers.

Thanks to Ross Beer for pointing out that the original prune logic would
delete reliable transport contacts from other servers.

ASTERISK-27147

Change-Id: I8e439d0d1c266ffdfd7b73d1e5e466180a689bd0
2017-08-15 11:21:20 -05:00
Jenkins2
fa50a3def9 Merge "res_xmpp: Google OAuth 2.0 protocol support for XMPP / Motif" into 13 2017-08-15 08:18:29 -05:00
Andrey Egorov
54e3ac402f res_xmpp: Google OAuth 2.0 protocol support for XMPP / Motif
Add ability to use tokens instead of passwords according to Google OAuth 2.0
protocol.

ASTERISK-27169
Reported by: Andrey Egorov
Tested by: Andrey Egorov

Change-Id: I07f7052a502457ab55010a4d3686653b60f4c8db
2017-08-15 11:08:59 +00:00
George Joseph
b81de2c896 Merge "res_pjsip_outbound_registration.c: Re-REGISTER on transport shutdown." into 13 2017-08-14 14:56:29 -05:00
Jenkins2
1bfb4047ae Merge "res_pjsip: Remove ephemeral registered contacts on transport shutdown." into 13 2017-08-14 13:14:13 -05:00
Jenkins2
cc4735742c Merge "res_pjsip: PJSIP Transport state monitor refactor." into 13 2017-08-14 13:05:29 -05:00
Jenkins2
1ff6082da9 Merge "res_pjsip_transport_management.c: Rename some variables." into 13 2017-08-14 12:49:45 -05:00