This fixes a for loop (in realtime_peer) to check all the ast_variables the loop was intending to test rather than just the first one. The change exposed the problem of calling memcpy on a NULL pointer, in this case the passed in sockaddr_in struct which is now checked.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@113240 65c4cc65-6c06-0410-ace0-fbb531ad65f3
(closes issue #12372)
Reported by: vinsik
Tested by: tecnoxarxa
This one line change makes an if inside a for loop (in realtime_peer) check all the ast_variables the loop was intending to test rather than just the first one.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@113012 65c4cc65-6c06-0410-ace0-fbb531ad65f3
to see what would happen. It passed the compile test, and I didn't notice I had
left this change in too.
So this is a revert of a revert...sort of.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@110635 65c4cc65-6c06-0410-ace0-fbb531ad65f3
was not for an actual bug fix per se, and so it really should not have been in 1.4 in
the first place. Plus, people who compile with DO_CRASH are more likely
to encounter a crash due to this change. While I think the usage of DO_CRASH
in ast_sched_del is a bit absurd, this sort of change is beyond the scope of 1.4
and should be done instead in a developer branch based on trunk
so that all scheduler functions are fixed at once.
I also am reverting the change to trunk and 1.6 since they also suffer from
the DO_CRASH potential.
(closes issue #12272)
Reported by: qq12345
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@110618 65c4cc65-6c06-0410-ace0-fbb531ad65f3
https://origsvn.digium.com/svn/asterisk/branches/1.2
........
r110335 | russell | 2008-03-20 16:53:27 -0500 (Thu, 20 Mar 2008) | 6 lines
Fix some very broken code that was introduced in 1.2.26 as a part of the security
fix. The dnsmgr is not appropriate here. The dnsmgr takes a pointer to an address
structure that a background thread continuously updates. However, in these cases,
a stack variable was passed. That means that the dnsmgr thread would be continuously
writing to bogus memory.
........
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@110336 65c4cc65-6c06-0410-ace0-fbb531ad65f3
chan_sip uses the scheduler API in order to schedule retransmission of reliable
packets (such as INVITES). If a retransmission of a packet is occurring, then the
packet is removed from the scheduler and retrans_pkt is called. Meanwhile, if
a response is received from the packet as previously transmitted, then when we
ACK the response, we will remove the packet from the scheduler and free the packet.
The problem is that both the ACK function and retrans_pkt attempt to acquire the
same lock at the beginning of the function call. This means that if the ACK function
acquires the lock first, then it will free the packet which retrans_pkt is about to
read from and write to. The result is a crash.
The solution:
1. If the ACK function fails to remove the packet from the scheduler and the retransmit
id of the packet is not -1 (meaning that we have not reached the maximum number of
retransmissions) then release the lock and yield so that retrans_pkt may acquire the
lock and operate.
2. Make absolutely certain that the ACK function does not recursively lock the lock in
question. If it does, then releasing the lock will do no good, since retrans_pkt will
still be unable to acquire the lock.
(closes issue #12098)
Reported by: wegbert
(closes issue #12089)
Reported by: PTorres
Patches:
12098-putnopvutv3.patch uploaded by putnopvut (license 60)
Tested by: jvandal
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@108737 65c4cc65-6c06-0410-ace0-fbb531ad65f3
has been subscribed to goes on hold. Otherwise, they just stay on like it does
when an extension is in use.
(closes issue #11263)
Reported by: russell
Patches:
notify_hold.rev1.txt uploaded by russell (license 2)
Tested by: russell
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@108530 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The scheduler callback will always return 0. This means that this id
is never rescheduled, so it makes no sense to loop trying to delete
the id from the scheduler queue. If we fail to remove the item from the
queue once, it will fail every single time.
(Yes I realize that in this case, the macro would exit early because the
id is set to -1 in the callback, but it still makes no sense to use
that macro in favor of calling ast_sched_del once and being done with it)
This is the first of potentially several such fixes.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@108288 65c4cc65-6c06-0410-ace0-fbb531ad65f3
in bridge code. When that happens, we crash. Delay the RTP destruction until
the bridge is ended.
(closes issue #11960)
Reported by: norman
Patches:
20080215__bug11960__2.diff.txt uploaded by Corydon76 (license 14)
Tested by: norman
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@103780 65c4cc65-6c06-0410-ace0-fbb531ad65f3
it is supposed to specified as 8 kHz in the RTP, and RTP timestamps are supposed
to be calculated based on 8 kHz. (Apparently this is due to a bug in a spec, but
people follow it anyway, because it's the spec ...)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@101989 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: MVF
Patches:
bug11736-2.diff uploaded by oej (license 306)
Tested by: oej, MVF, revolution
(russellb: This was the showstopper for the release.)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@100740 65c4cc65-6c06-0410-ace0-fbb531ad65f3
possibly cause memory to be accessed after it is freed, which causes all
sorts of random memory corruption. Instead, if a deletion fails, wait a
bit and try again (noting that another thread could change our taskid
value).
(closes issue #11386)
Reported by: flujan
Patches:
20080124__bug11386.diff.txt uploaded by Corydon76 (license 14)
Tested by: Corydon76, flujan, stuarth`
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@100465 65c4cc65-6c06-0410-ace0-fbb531ad65f3
over 20 years ago... Resetting chan_sip to the size of BUFSIZ that I expected in my old
head to avoid to heavy memory allocations on some systems.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@99652 65c4cc65-6c06-0410-ace0-fbb531ad65f3
buffer, instead of a massive buffer on the stack. This fixes a crash reported
by Qwell due to running out of stack space when building with LOW_MEMORY defined.
On a very related note, the usage of BUFSIZ in various places in chan_sip is
arbitrary and careless. BUFSIZ is a system specific define. On my machine,
it is 8192, but by definition (according to google) could be as small as 256.
So, this buffer in check_auth was 16 kB. We don't even support SIP messages
larger than 4 kB! Further usage of this define should be avoided, unless it
is used in the proper context.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@98946 65c4cc65-6c06-0410-ace0-fbb531ad65f3
