If a channel creates an AST_TEXT_FRAME with datalen == 0, the ast_frdup()
and ast_frisolate() functions could create a clone frame with an invalid
data.ptr which would cause a crash. The proposed fix is to make sure that
for such empty text frames, ast_frdup() and ast_frisolate() return cloned
text frames with a valid data.ptr.
ASTERISK-28076
Reported by: Emmanuel BUU
Tested by: Emmanuel BUU
Change-Id: Ib882dd028598f13c4c233edbfdd7e54ad44a68e9
Declining the queue_member_status_type stasis message in stasis.conf
causes these messages to leak json objects.
* Add missing ast_json_unref() if the type is NULL in
queue_publish_member_blob().
ASTERISK-28084
Change-Id: I691ecf49bd1f7d9c29182e1eee8c4bb7103be9fc
Add a volatile flag to lock tracking structures so we only need to use
the global lock when first initializing tracking.
Additionally add support for DEBUG_THREADS_LOOSE_ABI. This is used by
astobj2.c to eliminate storage for tracking fields when DEBUG_THREADS is
not defined.
Change-Id: Iabd650908901843e9fff47ef1c539f0e1b8cb13b
When networks experience disruptions, there can be large gaps of time
between receiving packets. When strictrtp is enabled, this created
issues where a flood of packets could come in and be seen as an attack.
Another option - seqno - has been added to the strictrtp option that
ignores the time interval and goes strictly by sequence number for
validity.
Change-Id: I8a42b8d193673899c8fc22fe7f98ea87df89be71
Reduce options to 2-bit field, magic to 30 bit field. Move ref_counter
next to options the fields will pack.
This reduces memory overhead for every ao2 object by 8 bytes on x86_64.
Change-Id: Idc1baabb35ec3b3d8de463c4fa3011eaf7fcafb5
* In main/config.c, AST_INCLUDE_GLOB is fixed to '1' making the #ifdefs
pointless.
* In utils/extconf.c, AST_INCLUDE_GLOB is never defined so there is a
lot of dead code.
Change-Id: I1bad1a46d7466ddf90d52cc724e997195495226c
CLI command 'pjsip show contacts' inefficiently make a lot of DB requests.
For example if there are 10k aors then asterisk requests these 10k records
of aor and then does 10k requests of contact - one request per aor.
Even if use 'like <pattern>' the asterisk requests all aor's and contact's
records and then filters them by itself.
This patch gathers contact's container by
- retrieving all dynamic contacts by regex (filtered by reg_server)
- retrieving all aors with permanent contacts
- finally filters container by regex
ASTERISK-28077 #close
Change-Id: Id0ad65d14952a02fb213273a90f3f680a8149618
When REF_DEBUG and AO2_DEBUG are both enabled we closed the refs log
before we shutdown astobj2_container. This caused the AO2_DEBUG
container registration container to be reported as a leak.
Change-Id: If9111c4c21c68064b22c546d5d7a41fac430430e
Fixed an issue that resulted in "Allocation failed" each time an ARI
request was made to start playing MOH on a bridge.
In bridge_moh_create() we were attaching the after bridge callbacks to
chan which is the ;1 channel of the unreal channel pair. We should have
attached them to the ;2 channel which is pushed into the bridge by
ast_unreal_channel_push_to_bridge(). The callbacks are called when the
specific channel leaves the bridging system. Since the ;1 channel is
never put into a bridge the callbacks never get called. The callbacks
then never remove the moh_wrapper from the app_bridges_moh container. As
a result we cannot find the channel associated with the wrapper to start
MOH because it has hungup. This is the reason causing the reported issue.
* Rather than using after bridge callbacks to cleanup, we now have
moh_channel_thread() doing the cleanup when the channel hangs up.
* Fixed moh_channel_thread() accumulating control frames on the stasis
bridge MOH channel until MOH is stopped. Control frames are no longer
accumulated while MOH is playing.
* Fixed channel ref counting issue. stasis_app_bridge_moh_channel() may
or may not return a channel ref. As a result ast_ari_bridges_start_moh()
wouldn't know it may have a channel ref to release.
stasis_app_bridge_moh_channel() will now return a ref with the channel it
returns.
* Eliminated RAII_VAR in bridge_moh_create().
ASTERISK-26094 #close
Change-Id: Ibff479e167b3320c68aaabfada7e1d0ef7bd548c
This issue related to setting of holdtime, announcements, member delays.
It works well if we set the member delays to "0" and no announcements
and no holdtime.This issue will happen if we set member delays to "1",
"2"... or announcements or holdtime and hangs up the call during
processing it.
And here is the reason:
(At the step of answering a phone.)
It takes care any holdtime, announcements, member delays,
or other options after a call has been answered if it exists.
Normally, After the call has been aswered,
and we wait for the processing one of the cases of the member delays
or hold time or announcements finished, "if (ast_check_hangup(peer))"
will be not executed, then queue will be updated at update_queue().
Here, pending member will be removed.
However, after the call has been aswered,
if we hangs up the call during one of the cases of the member delays
or hold time or announcements, "if (ast_check_hangup(peer))"
will be executed.
outgoing = NULL and at hangupcalls, pending members will not be removed.
* This fixed patch will remove the pending member from container
before hanging up the call with outgoing is NULL.
ASTERISK-27920
Reported by: Cao Minh Hiep
Tested by: Cao Minh Hiep
Change-Id: Ib780fbf48ace9d2d8eaa1270b9d530a4fc14c855
This change raises a testsuite event to provide what port
Asterisk has actually allocated for RTP. This ensures that
testsuite tests can remove any assumption of ports and instead
use the actual port in use.
ASTERISK-28070
Change-Id: I91bd45782e84284e01c89acf4b2da352e14ae044
Use json_vsprintf from versions which contain fix for va_copy leak.
Apply fixes from jansson master:
* va_copy leak fix.
* Avoid potential invalid memory read in json_pack.
* Rename variable that shadowed another.
Change-Id: I7522e462d2a52f53010ffa1e7d705c666ec35539
When writing an RTCP report to json the code attempts to pack the "ssrc" and
"source_ssrc" unsigned integer values as a signed int value type. This of course
means if the ssrc's unsigned value is greater than that which can fit into a
signed integer value it gets converted to a negative number. Subsequently, the
negative value goes out in the json report.
This patch now packs the value as a json_int_t, which is the widest integer type
available on a given system. This should make it so the value no longer
overflows.
Note, this was caught by two failing tests hep/rtcp-receiver/ and
hep/rtcp-sender.
Change-Id: I2af275286ee5e795b79f0c3d450d9e4b28e958b0
The append_mailbox function wasn't calculating the correct length
to pass to ast_alloca and it wasn't handling the case where context
might be empty.
Found by the Address Sanitizer.
Change-Id: I7eb51c7bd18a7a8dbdba261462a95cc69e84f161
does_id_conflict() was passing a pointer to an int to a callback
that expected a pointer to a size_t.
Found by the Address Sanitizer.
Change-Id: I0ff542067eef63a14a60301654d65d34fe2ad503
On SQL error there is not diagnostic information about this error.
There is only
WARNING res_odbc.c: SQL Execute error -1!
The function ast_odbc_print_errors calls a SQLGetDiagField to get the number
of available diagnostic records, but the SQLGetDiagField returns 0.
However SQLGetDiagRec could return one diagnostic records in this case.
Looking at many example of getting diagnostics error information
I found out that the best way it's to use only SQLGetDiagRec
while it returns SQL_SUCCESS.
Also this patch adds calls of ast_odbc_print_errors on SQL_ERROR
to res_config_odbc.
ASTERISK-28065 #close
Change-Id: Iba5ae5470ac49ecd911dd084effbe9efac68ccc1
'rtpchecksums' and 'rtcpinterval' are not being reset to their defaults
if they are not present in the updated configuration file.
Change-Id: I1162e40199314d46cf3225d5e1271c4c81176670
app_voicemail wasn't properly cleaning up the stasis cache or the
mwi topic pool when the module was unloaded or when a user was
deleted as a result of a reload. This resulted in leaks in both
areas.
* app_voicemail now calls ast_delete_mwi_state_full when it frees
a user structure and ast_delete_mwi_state_full in turn now calls
the new stasis_topic_pool_delete_topic function to clear the topic
from the pool.
Change-Id: Ide23144a4a810e7e0faad5a8e988d15947965df8
The HTTP request processing in res_http_websocket allocates additional
space on the stack for various headers received during an Upgrade request.
An attacker could send a specially crafted request that causes this code
to overflow the stack, resulting in a crash.
* No longer allocate memory from the stack in a loop to parse the header
values. NOTE: There is a slight API change when using the passed in
strings as is. We now require the passed in strings to no longer have
leading or trailing whitespace. This isn't a problem as the only callers
have already done this before passing the strings to the affected
function.
ASTERISK-28013 #close
Change-Id: Ia564825a8a95e085fd17e658cb777fe1afa8091a
There's been a long standing leak when using topic pools. The
topics in the pool get cleaned up when the last pool reference is
released but you can't remove a topic specifically. If you reloaded
app_voicemail for instance, and mailboxes went away, their topics
were left in the pool.
* Added stasis_topic_pool_delete_topic() so modules can clean up
topics from pools.
* Registered the topic pool containers so it can be examined from
the CLI when AO2_DEBUG is enabled. They'll be named
"<topic_pool_name>-pool".
Change-Id: Ib7957951ee5c9b9b4482af7b9b4349112d62bc25
Since app_voicemail no longer uses the cache to maintain its state
there is no longer a need to cache these messages.
ASTERISK-27121
Change-Id: I321c708505f5ad8d00e1b0afc4c27dc2ac12ecb4
Stasis message types are global ao2 objects and we make stasis messages
and cache entries hold references to them. Since there are currently
situations where cache objects are never deleted, the reference count on
the types can exceed 100000 and generate a FRACK assertion message. The
stasis message cache could conceivably also have that many messages
legitimately on large systems.
The only down side to not holding the message type ref in the stasis
message is it only makes a crash either at shutdown or when manually
unloading a busy module slightly more likely. However, this is more
exposing a pre-existing stasis shutdown ordering issue than a problem with
not holding a message type ref in stasis messages.
* Made stasis messages and cache entries no longer hold a ref to the
message type.
Change-Id: Ibaa28efa8d8ad3836f0c65957192424c7f561707
* Create the stasis message object without a lock as it is immutable.
* Create the stasis message type object without a lock as it is immutable.
* Creating the stasis message type could crash if the passed in type name
is NULL and REF_DEBUG is enabled. Added missing NULL check when passing
the ao2 object tag string.
Change-Id: I28763c58bb9f0b427c11971d0103bf94055e7b32
