Asterisk maintains an internal cache for devices in the event subsystem. The
device state cache holds the state of each device known to Asterisk, such that
consumers of device state information can query for the last known state for
a particular device, even if it is not part of an active call. The concept of
a device in Asterisk can include entities that do not have a physical
representation. One way that this occurred was when anonymous calls are allowed
in Asterisk. A device was automatically created and stored in the cache for
each anonymous call that occurred; this was possible in the SIP and IAX2
channel drivers and through channel drivers that utilized the
res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). These devices
are never removed from the system, allowing anonymous calls to potentially
exhaust a system's resources.
This patch changes the event cache subsystem and device state management to
no longer cache devices that are not associated with a physical entity.
(issue ASTERISK-20175)
Reported by: Russell Bryant, Leif Madsen, Joshua Colp
Tested by: kmoore
patches:
event-cachability-3.diff uploaded by jcolp (license 5000)
........
Merged revisions 378303 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@378323 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk had several places where messages received over various network
transports may be copied in a single stack allocation. In the case of TCP,
since multiple packets in a stream may be concatenated together, this can
lead to large allocations that overflow the stack.
This patch modifies those portions of Asterisk using TCP to either
favor heap allocations or use an upper bound to ensure that the stack will not
overflow:
* For HTTP, the allocation is now a heap allocation instead of a stack
allocation
* For XMPP (in res_jabber), the allocation has been eliminated since it was
unnecesary.
Note that the HTTP portion of this issue was independently found by Brandon
Edwards of Exodus Intelligence.
(issue ASTERISK-20658)
Reported by: wdoekes, Brandon Edwards
Tested by: mmichelson, wdoekes
patches:
ASTERISK-20658_res_jabber.c.patch uploaded by mmichelson (license 5049)
issueA20658_http_postvars_use_malloc2.patch uploaded by wdoekes (license 5674)
........
Merged revisions 378269 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@378289 65c4cc65-6c06-0410-ace0-fbb531ad65f3
r375591 merged with conflicts and an oversight resulted in an unlock being
missed which resulted in a deadlock when updating realtime members in queues.
This patch adds that unlock back in.
(closes issue AST-1035)
Reported by: Steve Pitts
Patches:
certified_1.8.11_oops_missed_an_unlock.diff uploaded by Jonathan Rose (license 6182)
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@376302 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r375519 | rmudgett | 2012-10-30 16:06:15 -0500 (Tue, 30 Oct 2012) | 11 lines
chan_misdn: Timer primitives must be handled first.
The frm->addr is a different "address space" than the stack/instance
address of other Lx primitives. The test for B channel instance address
could fail.
Patches:
patch01_timers.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2888
........
r375520 | rmudgett | 2012-10-30 16:14:58 -0500 (Tue, 30 Oct 2012) | 10 lines
chan_misdn: Free memory in error paths and other memory leaks.
The one line commented with BUG is not easily fixable because there is no
de-init function one can call.
Patches:
patch02_memory.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2888
........
r375521 | rmudgett | 2012-10-30 16:38:41 -0500 (Tue, 30 Oct 2012) | 14 lines
chan_misdn: ISDN NT L2 de-establish/establish
* An NT-PTMP cannot de/establish L2 since it doesn't know the TEIs.
* On NT-PTP L2 is started when L1 is finally active in handle_l1.
* L2 deactivation logging cleanup.
* L2 aggregate link status is unknown for NT-PTMP, show as "UNKN".
* Removed unused functions and code for L2 handling.
Patches:
patch03_L2estab.diff (license #6372) patch uploaded by Guenther Kelleter
Modified
JIRA ABE-2888
........
r375522 | rmudgett | 2012-10-30 16:56:14 -0500 (Tue, 30 Oct 2012) | 22 lines
chan_misdn: Fix broken upper_id/lower_id usage.
Sending PH prim via lower_id layer (3 or 1) simply does not work. For TE
(3) it returns an error (len=-6) which is not evaluated by handle_l1(), so
the L1 layer status ends up wrong. Instead PH must be sent via L4, only
then does it reach L1 without an error message.
And NT PH prims only reach L1 when they are sent to layer 2 id.
--> use upper_id to send PH primitives.
* Check for errors in PH_(DE)ACTIVATE | CONFIRM.
* Debug messages are improved.
* The lower_id is now not used for anything, except: Why is lower_id layer
deleted when it wasn't created? I removed this code since it looks very
wrong.
Patches:
patch04_l1activation.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2888
........
r375523 | rmudgett | 2012-10-30 17:29:15 -0500 (Tue, 30 Oct 2012) | 31 lines
chan_misdn: Fix loss of B channels if L1 is down.
If you make 2 calls out an NT PTMP port which is not connected to any
phone, the B channel associated with that call becomes unusable until
Asterisk is restarted.
The problem is the EVENT_SETUP is queued when L1 is not up in
misdn_lib_send_event(). If L1 cannot be activated the event won't be
dequeued. It gets even worse when the call is hung up. The queued
EVENT_SETUP will be overwritten by an EVENT_DISCONNECT. The reserved B
channel then will never be freed. If later someone connects a phone to
the port, L1 will eventually activate and the queued EVENT_DISCONNECT is
sent down the stack. However, it is ignored because it is the wrong call
state.
The real fix would be that activation and queueing for a new SETUP is done
by the NT stack. But since it doesn't, the workaround must be removed
because it doesn't always work.
Fix: The event is no longer queued but immediately sent to the stack. If
L1 cannot be activated, the L3 state machine that was started by the
EVENT_SETUP will do its work, i.e. a timeout will release the B channel
properly. The SETUP possibly cannot be sent the first time but is resent
by T303 in case L1 could be activated.
Patches:
patch05_bchan-loss.diff (license #6372) patch uploaded by Guenther Kelleter
Modified
JIRA ABE-2888
........
r375524 | rmudgett | 2012-10-30 18:26:05 -0500 (Tue, 30 Oct 2012) | 13 lines
chan_misdn: Remove some calls to exit().
Try proper cleanup when something goes wrong in misdn_lib_init().
Especially do not call exit()!
* Fix memory leak because stack_destroy() does not free the stack struct.
Patches:
patch06_cleanup-init.diff (license #6372) patch uploaded by Guenther Kelleter
Modified
JIRA ABE-2888
........
Merged revisions 375519-375524 from https://origsvn.digium.com/svn/asterisk/be/branches/C.3-bier
........
Merged revisions 375625 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@375629 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Prior to this patch, adding, removing or reloading members to rrmemory would
cause the order to become completely jumbled. Now it behaves more or less like
rrordered other than the fact that it stores the members on a hash table rather
than a linked list. This patch also prevents removal of members and member
reloads from jumbling rrordered queues.
(issue AST-989)
Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/2164/
........
Merged revisions 375216 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@375569 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r369436 | twilson | 2012-06-27 15:58:51 -0500 (Wed, 27 Jun 2012) | 17 lines
AST-2012-010: Clean up after a reinvite that never gets a final response
The basic problem is that if a re-INVITE is sent by Asterisk and it receives a
provisional response, but no final response, then the dialog is never torn
down. In addition to leaking memory, this also leaks file descriptors and will
eventually lead to Asterisk no longer being able to process calls.
This patch just keeps track of whether there is an outstanding re-INVITE, and if
there is goes ahead and cleans up everything as though there was no outstanding
reinvite.
Review: https://reviewboard.asterisk.org/r/2009/
(closes issue ASTERISK-19992)
Reported by: Steve Davies
Tested by: Steve Davies, Terry Wilson
........
r369557 | twilson | 2012-07-03 09:27:02 -0500 (Tue, 03 Jul 2012) | 11 lines
Better handle re-INVITEs with provisional but no final repsonses
A previous attempt at fixing this issue had negative side effects related
to attended transfers which this patch should resolve. Many thanks to
Steve Davies for all of the good suggestions and testing.
(closes issue ASTERISK-19992)
Reported by: Steve Davies
Tested by: Steve Davies, Terry Wilson
Review: https://reviewboard.asterisk.org/r/2009/
........
r369579 | twilson | 2012-07-03 11:58:16 -0500 (Tue, 03 Jul 2012) | 8 lines
More improvements to re-INVITEs timing out after a provisional response
There is no need to call check_pendings() on a final response to an INVITE
when destroying the scheduler entry as it will be done later during normal
processing.
(issue ASTERISK-19992)
........
r369626 | mjordan | 2012-07-05 12:01:52 -0500 (Thu, 05 Jul 2012) | 16 lines
Do not send a BYE when a provisional response arrives during a re-INVITE
Commits r369557 and r369579 were done to improve handling of re-INVITEs
when the UA that was supposed to receive the re-INVITE fails to respond.
A limitation of those patches occurred when a UA sent a provisional
response to the re-INVITE. This triggered a sending of a BYE in
check_pending. This patch tweaks the handling of the re-INVITE such that
a BYE is not sent in response to those messages.
(issue ASTERISK-19992)
Reported by: Steve Davies
Tested by: Steve Davies
patches:
(reinvite_tweak.diff license #5012 by Steve Davies)
........
r369652 | kmoore | 2012-07-05 14:01:52 -0500 (Thu, 05 Jul 2012) | 22 lines
AST-2012-011: Resolve heap corruption issue with voicemail
The heard and deleted arrays in the voicemail state structure were not
handled properly following the memory leak fix in r354890 and a fix for
an invalid free in r356797. This could result in accessing and writing
into freed memory. The allocation for these arrays has been reworked
to avoid the possibility of invalid frees, access of freed memory, and
crashes that were occurring as a result of this.
Locking around accesses and modifications of the voicemail state
structure members dh_arraysize, heard, and deleted has been added to
prevent simultaneous modification and access when IMAP storage is in
use. If IMAP storage is not in use, this locking is not compiled in.
Review: https://reviewboard.asterisk.org/r/1994/
(closes issue ASTERISK-19923)
Reported by: Dan Delaney
Tested by: Dan Delaney, Julian Yap
Patches:
vm_alloc_fix.diff uploaded by kmoore (license 6273)
........
r372628 | rmudgett | 2012-09-07 17:06:29 -0500 (Fri, 07 Sep 2012) | 5 lines
Remove annoying unconditional debug message from INC/DEC functions.
(closes issue AST-1001)
Reported by: Guenther Kelleter
........
Merged revisions 369436,369557,369579,369626,369652,372628 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@375568 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The SIP session timer mechanism contains a mandatory 'refresher' parameter
(included in the Session-Expires header) which is used in the session timer
offer/answer signaling within a SIP Invite dialog. It looks like asterisk is
interpreting the uac resp. uas role only as the initial role of client and
server (caller is uac, callee is uas). The standard rfc 4028 however assigns
the client role to the ((RE)-Invite) requester, the server role to the
((RE)-Invite) responder.
This patch has Asterisk track the actual refresher as "us" or "them" as opposed
to relying on just the configured "uas" or "uac" properties.
(closes issue AST-922)
Reported by: Thomas Airmont
Review: https://reviewboard.asterisk.org/r/2118/
........
Merged revisions 373652 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@375024 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Similar to r369351, the billing duration can be skewed when batch mode is
enabled. This happened much more rarely than the duration, as it only
occured when the call was answered (thereby indicating an actual answer
time) and immediately hung up on (indicating a billsec of 0). Since
a billing time of '0' can either mean that the call immediately ended
or that the CDR was improperly answered, we have to use additional information
to know whether or not we can trust the CDR billsec value. Prior to this
patch, we looked to see if we had a valid answer time. If we did, and
billsec was zero, we used the current time to calculate what billsec value
we could from the CDR being written. If batch mode is enabled, this will
incorrectly report a billsec value being much greater than the actual
duration of the call.
Instead of relying on the presence of an answer time to know whether or not
we can re-calculate the billsec for the CDR, we now also use the presence
of the CDR's end time to know if we need to re-calculate or whether we can
trust the billsec value that we have. This prevents erroneous jumps in the
billsec value, while still making sure that in the worst case, some billing
time will be calculated.
(closes issue AST-1016)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
........
Merged revisions 374843 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@374847 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Party A calls Party B
Party B puts Party A on hold.
Party B calls a queue.
Ringing queue member D sees Party B identification.
Party B transfers Party A to the queue.
Queue member D does not get a connected line update for Party A.
Queue member D answers the call and still sees Party B information.
However, if Party A later transfers the call to Party C then queue member
D gets a connected line update for Party C.
* Made pass connected line updates from the caller to queue members while
the queue members are ringing.
(closes issue AST-1017)
Reported by: Thomas Arimont
(closes issue ABE-2886)
Reported by: Thomas Arimont
Tested by: rmudgett
........
Merged revisions 374801 from https://origsvn.digium.com/svn/asterisk/be/branches/C.3-bier
........
Merged revisions 374802 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@374806 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r370563 | rmudgett | 2012-07-30 11:47:19 -0500 (Mon, 30 Jul 2012) | 2 lines
Release B channel allocation on error path in chan_misdn.
........
r374536 | rmudgett | 2012-10-05 13:20:01 -0500 (Fri, 05 Oct 2012) | 159 lines
Merged revisions 374515-374535 from
https://origsvn.digium.com/svn/asterisk/be/branches/C.3-bier
................
r374515 | rmudgett | 2012-10-04 17:52:36 -0500 (Thu, 04 Oct 2012) | 10 lines
chan_misdn: Remove some deadcode
* Made setup_bc() static.
Patches:
patch1_unused-code.diff (license #6372) patch uploaded by Guenther Kelleter
Modified
JIRA ABE-2882
................
r374516 | rmudgett | 2012-10-04 18:01:01 -0500 (Thu, 04 Oct 2012) | 7 lines
chan_misdn: Remove unused bchan states
Patches:
patch2_unused-states.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2882
................
r374517 | rmudgett | 2012-10-04 18:17:51 -0500 (Thu, 04 Oct 2012) | 16 lines
chan_misdn: Remove unnecessary null pointer checks and checks for stack->nt
* cleanup_bc() is always called with valid bc (or it would've crashed
before).
* Value of stack->nt is known in advance at some places.
* Rename handle_event() to handle_event_te(), handle_frm() to
handle_frm_te().
Patches:
patch3_checks.diff (license #6372) patch uploaded by Guenther Kelleter
Modified
JIRA ABE-2882
................
r374518 | rmudgett | 2012-10-04 18:21:59 -0500 (Thu, 04 Oct 2012) | 7 lines
chan_misdn: Fix spelling in log messages
Patches:
patch4_spelling.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2882
................
r374519 | rmudgett | 2012-10-04 18:31:59 -0500 (Thu, 04 Oct 2012) | 15 lines
chan_misdn: Don't cleanup a bc twice.
In handle_frm_te() after calling misdn_lib_send_event(bc,
EVENT_RELEASE_COMPLETE) bc is emptied, cleaned and set not in use,
although misdn_lib_send_event() already did the same. This is bad. When
it's not in use we are not allowed to touch it.
* Moved log message in front of the resulting actions and fixed it to
match the case.
Patches:
patch5_bccleanup.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2882
................
r374520 | rmudgett | 2012-10-04 18:43:56 -0500 (Thu, 04 Oct 2012) | 12 lines
chan_misdn: Fix memory leaks, bc, chan not cleaned up etc., really bad stuff.
* Fix return codes of cb_events() for EVENT_SETUP to use caller's cleanup
mechanisms.
* Move cl_queue_chan() call after bearer check.
Patches:
patch6_leaks.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2882
................
r374521 | rmudgett | 2012-10-04 18:48:38 -0500 (Thu, 04 Oct 2012) | 11 lines
chan_misdn: We must initialize cause on sending a DISCONNECT.
We must initialize cause on sending a DISCONNECT, so it is later correctly
indicated to ast_channel in case the answer (RELEASE/RELEASE_COMPLETE)
does not include one.
Patches:
patch7_hangupcause.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2882
................
r374522 | rmudgett | 2012-10-04 19:03:56 -0500 (Thu, 04 Oct 2012) | 7 lines
chan_misdn: Remove unused code for upqueue
Patches:
patch8_unused-upqueue.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2882
................
r374523 | rmudgett | 2012-10-04 19:11:50 -0500 (Thu, 04 Oct 2012) | 7 lines
chan_misdn: Improve debugging (port number, messages fixed, dups removed)
Patches:
patch9_debug.diff (license #6372) patch uploaded by Guenther Kelleter
JIRA ABE-2882
................
r374533 | rmudgett | 2012-10-05 12:17:18 -0500 (Fri, 05 Oct 2012) | 8 lines
chan_misdn: Better debug: we can print_bc_info even if there's no ast leg.
Patches:
patch10_debug-bc-2.diff (license #6372) patch uploaded by Guenther Kelleter
Modified.
JIRA ABE-2882
................
r374534 | rmudgett | 2012-10-05 12:34:10 -0500 (Fri, 05 Oct 2012) | 16 lines
chan_misdn: setup_bc() is called too early for an incoming SETUP on TE.
This prevents the B channel from being setup for HDLC mode when requested
by the bearer capability and config option hdlc=yes. It violates
ETS300102 Ch.5.2.3.2: "The user, in any case, must not connect to the
channel until a CONNECT ACKNOWLEDGE message has been received."
* Call setup_bc() on receipt of CONNECT_ACKNOWLEGDE for PTMP, and on first
response to SETUP for PTP.
Patches:
abe-2881-2.diff (license #6372) patch uploaded by Guenther Kelleter
Modified.
JIRA ABE-2881
................
r374535 | rmudgett | 2012-10-05 12:41:05 -0500 (Fri, 05 Oct 2012) | 2 lines
chan_misdn: Remove some more deadcode.
................
........
Merged revisions 370563,374536 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@374540 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r366052 | mmichelson | 2012-05-10 11:10:18 -0500 (Thu, 10 May 2012) | 7 lines
Close the proper tcptls_session when session creation fails.
(issue AST-998)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
........
r367002 | mmichelson | 2012-05-18 11:53:47 -0500 (Fri, 18 May 2012) | 17 lines
Fix memory leak of SSL_CTX structures in TLS core.
SSL_CTX structures were allocated but never freed. This was a bigger
issue for clients than servers since new SSL_CTX structures could be
allocated for each connection. Servers, on the other hand, typically
set up a single SSL_CTX for their lifetime.
This is solved in two ways:
1. In __ssl_setup(), if a tcptls_cfg has an ssl_ctx on it, it is
freed so that a new one can take its place.
2. A companion to ast_ssl_setup() called ast_ssl_teardown() has
been added so that servers can properly free their SSL_CTXs.
(issue ASTERISK-19278)
........
r367416 | mmichelson | 2012-05-23 15:27:47 -0500 (Wed, 23 May 2012) | 5 lines
Only call SSL_CTX_free if DO_SSL is defined.
Thanks to Paul Belanger for pointing out this error.
........
r369731 | mmichelson | 2012-07-06 13:40:06 -0500 (Fri, 06 Jul 2012) | 19 lines
Remove a superfluous and dangerous freeing of an SSL_CTX.
The problem here is that multiple server sessions share
a SSL_CTX. When one session ended, the SSL_CTX would be
freed and set NULL, leaving the other sessions unable to
function.
The code being removed is superfluous because the SSL_CTX
structures for servers will be properly freed when ast_ssl_teardown
is called.
(closes issue ASTERISK-20074)
Reported by Trevor Helmsley
Patches:
ASTERISK-20074.diff uploaded by Mark Michelson (license #5049)
Testers:
Trevor Helmsley
........
r373061 | mjordan | 2012-09-14 14:07:20 -0500 (Fri, 14 Sep 2012) | 28 lines
Resolve memory leaks in TLS initialization and TLS client connections
This patch resolves two sources of memory leaks when using TLS in Asterisk:
1) It removes improper initialization (and multiple re-initializations) of
portions of the SSL library. Asterisk calls SSL_library_init and
SSL_load_error_strings during SSL initialization; collectively this
obviates the need for calling any of the following during initialization
or client connection handling:
* ERR_load_crypto_strings (handled by SSL_load_error_strings)
* OpenSSL_add_all_algorithms (synonym for SSL_library_init)
* SSLeay_add_ssl_algorithms (synonym for SSL_library_init)
2) Failure to completely clean up all memory allocated by Asterisk and by
the SSL library for TLS clients. This included not freeing the SSL_CTX
object in the SIP channel driver, as well as not clearing the error
stack when the TLS client exited.
Note that these memory leaks were found by Thomas Arimont, and this patch
was essentially written by him with some minor tweaks.
(closes issue AST-889)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
patches:
(bugAST-889.patch) by Thomas Arimont (license 5525)
Review: https://reviewboard.asterisk.org/r/2105
........
Merged revisions 366052,367002,367416,369731,373061 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@373088 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The AMI Originate action can allow a remote user to specify information that can
be used to execute shell commands on the system hosting Asterisk. This can
result in an unwanted escalation of permissions, as the Originate action, which
requires the "originate" class authorization, can be used to perform actions
that would typically require the "system" class authorization. Previous attempts
to prevent this permission escalation (AST-2011-006, AST-2012-004) have sought
to do so by inspecting the names of applications and functions passed in with
the Originate action and, if those applications/functions matched a predefined
set of values, rejecting the command if the user lacked the "system" class
authorization. As reported by IBM X-Force Research, the "ExternalIVR"
application is not listed in the predefined set of values. The solution for
this particular vulnerability is to include the "ExternalIVR" application in the
set of defined applications/functions that require "system" class authorization.
Unfortunately, the approach of inspecting fields in the Originate action against
known applications/functions has a significant flaw. The predefined set of
values can be bypassed by creative use of the Originate action or by certain
dialplan configurations, which is beyond the ability of Asterisk to analyze at
run-time. Attempting to work around these scenarios would result in severely
restricting the applications or functions and prevent their usage for legitimate
means. As such, any additional security vulnerabilities, where an
application/function that would normally require the "system" class
authorization can be executed by users with the "originate" class authorization,
will not be addressed. Instead, the README-SERIOUSLY.bestpractices.txt file has
been updated to reflect that the AMI Originate action can result in commands
requiring the "system" class authorization to be executed. Proper system
configuration can limit the impact of such scenarios.
(closes issue ASTERISK-20132)
Reported by: Zubair Ashraf of IBM X-Force Research
AST-2012-013: Resolve ACL rules being ignored during calls by some IAX2 peers
When an IAX2 call is made using the credentials of a peer defined in a dynamic
Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are
not applied to the call attempt. This allows for a remote attacker who is aware
of a peer's credentials to bypass the ACL rules set for that peer.
This patch ensures that the ACLs are applied for all peers, regardless of their
storage mechanism.
(closes issue ASTERISK-20186)
Reported by: Alan Frisch
Tested by: mjordan, Alan Frisch
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@372030 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This includes the following
* r369351 for AST-883
* r368807 for AST-884
* r356604, r356650, r364203 for AST-890
* r370618 for AST-896
* r370205, r370273, r370360 for AST-916
* r371469 for AST-932
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@371651 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This is based on the review request posted by Walter Doekes
(referenced lower in the commit message)
The main fix here is to treat the IPorHost portion of the dial
string as a temporary outbound proxy. This ensures requests
get sent to the proper location.
Due to the age of the request, some parts were no longer relevant.
For instance, the request moved outbound proxy parsing code into
a single method. This is done in a previous commit, so it was not
necessary to do again.
Also, the review request fixed some errors with regards to request
routing for CANCEL and ACK requests. This has also been fixed in
more recent commits.
(closes issue ASTERISK-19677)
reported by Walter Doekes
Review https://reviewboard.asterisk.org/r/1859
........
Merged revisions 370769 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@370843 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1) There is no such function as ast_ref()
2) The patch was originally credited as the one uploaded by Guenther
Kelleter (license 6372) via issue AST-921, but the patch committed
was not the patch referenced on the issue.
3) Guenther Kelleter's patch was actually correct. It moved the
ast_free above the presencechange_cleanup label. I am not
committing his change as it is not technically necesary--calling
ast_free(NULL) is perfectly safe and I worry that moving the
ast_free outside of the label could lead to future bugs if
someone ever adds another failure conditional and expects
'goto presencechange_cleanup;' to clean up after everything.
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@370472 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The patch for r368759 in Asterisk 1.8 relied upon the methods
analog_unlock_private/analog_lock_private. In earlier versions of 1.8,
including the Certified Asterisk 1.8.11 branch, those two methods were
unused, and hence were undefined out of the source. When the patch was made
for 1.8.11-cert5, those two functions were not re-defined back in. This caused
linking errors when sig_analog was loaded.
This patch properly restores those two methods, such that the fix for AST-891
works correctly.
(issue AST-891)
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@369964 65c4cc65-6c06-0410-ace0-fbb531ad65f3
------------------------------------------------------------------------
r365395 | qwell | 2012-05-04 16:17:08 -0500 (Fri, 04 May 2012) | 7 lines
Add support for folders in MixMonitor 'm' option. Backport manager actions.
The manager actions are needed, so MixMonitor can be executed on existing
channels.
(issue DPMA-68)
------------------------------------------------------------------------
r364761 | qwell | 2012-05-01 12:25:14 -0500 (Tue, 01 May 2012) | 6 lines
Remove folder_dir from voicemail snapshots API.
It was both unused (except in tests, where it was fudged) and unnecessary.
(closes issue AST-842)
------------------------------------------------------------------------
r367161 | mmichelson | 2012-05-21 14:05:52 -0500 (Mon, 21 May 2012) | 21 lines
Add "send to voicemail" Digium phone functionality to Asterisk.
This change accommodates two methods by which calls can be directed to
a user's voicemail.
* Incoming calls can be redirected to any user's voicemail.
* Established calls can be blind transferred to any user's voicemail.
Digium phones indicate the desire to direct a call to voicemail by using
a Diversion header with a reason parameter of "send_to_vm".
This patch adds the "send_to_vm" reason as a valid redirecting reason. In
addition, chan_sip.c has been modified to update redirecting information
on the transferred channel by reading a Diversion header on a REFER request.
(closes issue AST-871)
Reported by Malcolm Davenport
Review: https://reviewboard.asterisk.org/r/1925
------------------------------------------------------------------------
r368790 | mjordan | 2012-06-12 08:44:36 -0500 (Tue, 12 Jun 2012) | 18 lines
Fix deadlock in SIP transfers that involve a REFER request
In r367163, "send to voicemail" functionality was added to the SIP channel
driver. This required updating the party redirecting information for the
channel based on the headers provided in the REFER request. When the
redirecting party information is updated on the channel, a call to
ast_indicate_data occurs. Because handle_request_refer still had the sip_pvt
locked, a deadlock could occur between the pbx_thread and the do_monitor thread
servicing the REFER request.
This patch preserves the proper locking order between the channel and the
sip_pvt by ensuring that the sip_pvt is unlocked prior to updating the party
redirecting information on the channel.
(closes issue AST-903)
Reported by: Matt Jordan
patches:
jira_ast_903_trunk.patch by rmudgett (license 5621)
------------------------------------------------------------------------
r368962 | qwell | 2012-06-14 13:38:48 -0500 (Thu, 14 Jun 2012) | 11 lines
Remove global symbol requirement from app_voicemail.
This uses the existing "function installation" stuff that already existed for
other functions, like getting message counts.
(closes issue AST-807)
(issue AST-901)
(issue AST-908)
Review: https://reviewboard.asterisk.org/r/1965/
------------------------------------------------------------------------
r368964 | qwell | 2012-06-14 14:03:24 -0500 (Thu, 14 Jun 2012) | 8 lines
These functions that were moved need to be static.
Also wrap test functions in a #ifdef.
(issue AST-807)
(issue AST-901)
(issue AST-908)
------------------------------------------------------------------------
r368998 | qwell | 2012-06-15 10:31:43 -0500 (Fri, 15 Jun 2012) | 6 lines
Remove some symbol exports that got missed in the removal of global symbols.
(issue AST-807)
(issue AST-901)
(issue AST-908)
------------------------------------------------------------------------
r369024 | qwell | 2012-06-15 11:29:40 -0500 (Fri, 15 Jun 2012) | 2 lines
Fix voicemail API tests by using the correct argument order for create/destroy.
------------------------------------------------------------------------
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@369839 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Re-enable res_smdi/res_adsi by default, as they are both now considered
core supported modules.
(issue AST-900)
Reported by: Thomas Arimont
(issue AST-885)
Reported by: Denis Alberto Martinez
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368919 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Recently, various issues surrounding weak attributes have caused problems with
modules that rely on that feature to be enabled in menuselect. This includes
app_voicemail and chan_dahdi, as they both rely upon res_smdi and res_adsi,
which, in certain circumstances, may not be enabled by default in menuselect.
Because res_smdi/res_adsi are dependencies for chan_dahdi/app_voicemail, this
patch marks both as 'core' supported modules. This will allow both
app_voicemail and chan_dahdi to be enabled as well, regardless of whether or
not that system supports weak attributes.
(issue AST-900)
Reported by: Thomas Arimont
(issue AST-885)
Reported by: Denis Alberto Martinez
........
Merged revisions 368894 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368897 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In r367163, "send to voicemail" functionality was added to the SIP channel
driver. This required updating the party redirecting information for the
channel based on the headers provided in the REFER request. When the
redirecting party information is updated on the channel, a call to
ast_indicate_data occurs. Because handle_request_refer still had the sip_pvt
locked, a deadlock could occur between the pbx_thread and the do_monitor thread
servicing the REFER request.
This patch preserves the proper locking order between the channel and the
sip_pvt by ensuring that the sip_pvt is unlocked prior to updating the party
redirecting information on the channel.
(closes issue AST-903)
Reported by: Matt Jordan
patches:
jira_ast_903_trunk.patch by rmudgett (license 5621)
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368790 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Certain branches, such as Certified Asterisk, may have a modifier added to
them that specifies the features available in that branch. For branches, this
modifier is expected to be reflected in the location of the branch in
subversion. For example, a subversion of URL of /certified/branches/1.8.11
would have a feature modifier of 'certified'. This is slightly different then
how features are determined for tags, where the feature is part of the actual
tag name, e.g., "10.5.0-digiumphones".
In keeping with the nomenclature used for tags, the feature specifier for
branches is translated and placed after the revision numbers. For the example
given previously, this would result in a branch version of
"Asterisk SVN-branch-1.8.11-cert-rXXXXXX".
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@368608 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Made schedule_delivery() set the received frame f->data.ptr to NULL if
the datalen is zero.
* Fix queue_signalling() memcpy() size error.
* Made queue_signalling() not use C++ keyword variable names.
(closes issue ASTERISK-19597)
Reported by: mgrobecker
Patches:
jira_asterisk_19597_v1.8.patch (license #5621) patch uploaded by rmudgett
Tested by: rmudgett, Michael L. Youngi
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@367847 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a skinny session is unregistered, the corresponding device pointer is set
to NULL in the channel private data. If the client was not in the on-hook state
at the time the connection was closed, the device pointer can later be
dereferened if a message or channel event attempts to use a line's pointer to
said device.
The patches prevent this from occurring by checking the line's pointer in
message handlers and channel callbacks that can fire after an unregistration
attempt.
(closes issue ASTERISK-19905)
Reported by: Christoph Hebeisen
Tested by: mjordan, Damien Wedhorn
Patches:
AST-2012-008-1.8.diff uploaded by mjordan (license 6283)
AST-2012-008-10.diff uploaded by mjordan (licesen 6283)
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@367846 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change accommodates two methods by which calls can be directed to
a user's voicemail.
* Incoming calls can be redirected to any user's voicemail.
* Established calls can be blind transferred to any user's voicemail.
Digium phones indicate the desire to direct a call to voicemail by using
a Diversion header with a reason parameter of "send_to_vm".
This patch adds the "send_to_vm" reason as a valid redirecting reason. In
addition, chan_sip.c has been modified to update redirecting information
on the transferred channel by reading a Diversion header on a REFER request.
(closes issue AST-871)
Reported by Malcolm Davenport
Review: https://reviewboard.asterisk.org/r/1925
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@367161 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r363102 | mjordan | 2012-04-23 08:37:55 -0500 (Mon, 23 Apr 2012) | 16 lines
AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling
When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue. When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue. The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun. This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.
(closes issue ASTERISK-19592)
Reported by: Russell Bryant
........
Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
r363106 | mjordan | 2012-04-23 09:05:02 -0500 (Mon, 23 Apr 2012) | 17 lines
AST-2012-006: Fix crash in UPDATE handling when no channel owner exists
If Asterisk receives a SIP UPDATE request after a call has been terminated and
the channel has been destroyed but before the SIP dialog has been destroyed, a
condition exists where a connected line update would be attempted on a
non-existing channel. This would cause Asterisk to crash. The patch resolves
this by first ensuring that the SIP dialog has an owning channel before
attempting a connected line update. If an UPDATE request is received and no
channel is associated with the dialog, a 481 response is sent.
(closes issue ASTERISK-19770)
Reported by: Thomas Arimont
Tested by: Matt Jordan
Patches:
ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)
........
r363141 | jrose | 2012-04-23 09:33:16 -0500 (Mon, 23 Apr 2012) | 20 lines
AST-2012-004: Fix an error that allows AMI users to run shell commands sans authorization.
As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
actions were able to run system commands by going through other AMI commands which did
not require that authorization. Specifically, GetVar and Status allowed users to do this
by setting their variable/s options to the SHELL or EVAL functions.
Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
allowed users with originate permission to run MixMonitor and supply a shell command
in the Data argument. That flaw is fixed in those versions of this patch.
(closes issue ASTERISK-17465)
Reported By: David Woolley
Patches:
162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
........
Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 363102,363106,363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@363161 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This merges fixes for the following issues into the 1.8-digiumphones branch:
* ASTERISK-19355 - Call transfer with consultation frequently fails in cross-
linked Asterisk scenario (directmedia & sendrpid active)
* ASTERISK 19365 - Remote SIP Call legs are frequently not released in a
cross-linked Asterisk scenario (directmedia & sendrpid)
* ASTERISK-19183 - Sporadically missing connectedline event to caller channel
in directed pickup app
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@362042 65c4cc65-6c06-0410-ace0-fbb531ad65f3
These were originally written while merging features into trunk, but
these tests apply just as much for the 1.8 version of Digium phones, so
might as well have them here, too.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@361283 65c4cc65-6c06-0410-ace0-fbb531ad65f3
