Some formats are able to handle short reads while others are not, so
restore the previous behavior for the format modules so that we don't
have spurious errors when playing back files.
ASTERISK-27232 #close
Reported by: Jens T.
Change-Id: Iab7f52b25a394f277566c8a2a4b15a692280a300
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.
For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.
Therefore, checks like this look wrong, but are right:
/* See if where we are sending this request is local or not, and if
not that we can get a Contact URI to modify */
if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
ast_debug(5, "Request is being sent to local address, "
"skipping NAT manipulation\n");
(In the list == localnet == DENY == skip NAT manipulation.)
And conversely, other checks that looked right, were wrong.
This change adds two macro's to reduce the confusion and uses those
instead:
ast_sip_transport_is_nonlocal(transport_state, addr)
ast_sip_transport_is_local(transport_state, addr)
ASTERISK-27248 #close
Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934
t38_reinvite_response_cb can get called by res_pjsip_session's
session_inv_on_tsx_state_changed in situations where session->channel
is NULL. If it is, the ast_log warning segfaults because it tries
to get the channel name from a NULL channel.
* Check session->channel and print "unknown channel" when it's NULL.
ASTERISK-27236
Reported by: Ross Beer
Change-Id: I4326e288d36327f6c79ab52226d54905cdc87dc7
sanitize_tdata was assuming all URIs were SIP URIs so when a non
SIP uri was in the From, To or Contact headers, the unconditional
cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused
a segfault when trying to access uri->other_param.
* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)
checks before attempting to cast or use the returned uri.
ASTERISK-27152
Reported-by: Ross Beer
Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
ASTERISK-27103
Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
This change moves the logic which learns a new source address
for RTP so it only occurs in the learning state. The learning
state is entered on initial allocation of RTP or if we are
told that the remote address for the media has changed. While
in the learning state if we continue to receive media from
the original source we restart the learning process. It is
only once we receive a sufficient number of RTP packets from
the new source that we will switch to it. Once this is done
the closed state is entered where all packets that do not
originate from the expected source are dropped.
The learning process has also been improved to take into
account the time between received packets so a flood of them
while in the learning state does not cause media to be switched.
Finally RTCP now drops packets which are not for the learned
SSRC if strict RTP is enabled.
ASTERISK-27013
Change-Id: I56a96e993700906355e79bc880ad9d4ad3ab129c
* Fix framehook to test frame type for control frame.
* Made framehook exit early if frame type is not a control frame.
* Eliminated RAII_VAR in framehook.
* Use switch instead of else-if ladder for control frame handling.
Change-Id: Ia555fc3600bd85470e3c0141147dbe3ad07c1d18
This prevents orphaned CBAnn channels from getting stuck in the bridge.
ASTERISK-26994 #close
Reported by: James Terhune
Change-Id: I5e43e832a9507ec3f2c59752cd900b41dab80457
Create local_tag and remote_tag in CHANNEL info to get tag from From and
To headers of a SIP dialog.
ASTERISK-27220
Change-Id: I59b16c4b928896fcbde02ad88f0e98922b15d524
mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.
In the case of app_minivm, we also now properly clean up any temporary
files that we create.
ASTERISK-20858 #close
Reported by: Walter Doekes
Change-Id: I30ad04f0e115f0b11693ff678ba5184d8b938e43
If the Record() application is called with a relative filename that
includes directories, we were not properly creating the intermediate
directories and Record() would fail.
Secondarily, updated the documentation for RECORDED_FILE to mention
that it does not include a filename extension.
Finally, rewrote the '%d' functionality to be a bit more straight
forward and less noisy.
ASTERISK-16777 #close
Reported by: klaus3000
Change-Id: Ibc2640cba3a8c7f17d97b02f76b7608b1e7ffde2
The ps_endpoints table was missing the dtls_fingerprint column
introduced with commit adba2a8d7f.
ASTERISK-27168 #close
Change-Id: I9cb5006f7f50718b5239919562773adabb334cfd
There is a little known feature in app_controlplayback that will cause the
specified offset to be used relative to the end of a file if a ':end' is
detected within the filename.
This feature is pretty bad, but okay.
However, a bug exists in this code where a ':' detected in the filename
will cause the end pointer to be non-NULL, even if the full ':end' isn't
specified. This causes us to treat an unspecified offset (0) as being
"start playing from the end of the file", resulting in no file playback
occurring.
This patch fixes this bug by resetting the end pointer if ':end' is not
found in the filename.
ASTERISK-23608 #close
Reported by: Jonathan White
Change-Id: Ib4c7b1b45283e4effd622a970055c51146892f35
(cherry picked from commit 13efea24f7)
Fixed to use correct initial value and fixed to use the
correct queue info to check the first value.
ASTERISK-27204
Change-Id: Ia9e36c828e566e1cc25c66f73307566e4acb8e73
If an SDP answer hasn't been sent yet, it's legal to change it.
This is required for PJSIP_DTMF_MODE to work correctly, and can
also have use in the future for updating codecs too.
ASTERISK-27209 #close
Change-Id: Idbbfb7cb3f72fbd96c94d10d93540f69bd51e7a1
fetch_access_token calls func_curl via ast_func_read. The latter returns 0 upon
success and -1 if the function is not available.
This commit inverts the return code check so that an error is printed if the
module is not loaded and not if it is loaded.
ASTERISK-27207 #close
Change-Id: I9ef903f80702d1218e8701f65a4e5e918e6548fb
When looking for recurring events, use the correct end time based on the
configured 'timeframe.'
ASTERISK-27174 #close
Reported by: Mark Thompson
Change-Id: Id90c3cfc79d561a5521d79be176683e225f2edef
The codec/dpma downloader wasn't handling curl correctly. The logic
that transforms makeopts into a bash-sourceable file wasn't
handling the make 'or' command in DOWNLOAD_TIMEOUT so bash was
looking for an 'or' command.
That logic has been eliminated. Instead of trying to transform
and source makeopts, the downloader now calls a make scriptlet
to print the value of a specific variable. This way, make handles
the ors (or any other make construct that happens to creep into
that file).
ASTERISK-27202
Reported by: Sean McCord
Change-Id: Iadfb6693528e4d4da7b8bb201fa66da2c71c7f99
On a fresh Asterisk source directory, the bundled pjproject tarball is
unconditionally downloaded even if the tarball is already in a specified
cache directory.
* Made check if the pjproject tarball is valid in the cache directory
before downloading the tarball on a fresh source directory.
Change-Id: Ic7ec842d3c97ecd8dafbad6f056b7fdbce41cae5
* Check that the contact's reg_server matches the host's name before
deleting any prune_on_boot contacts. We don't want to delete reliable
transport contacts made with other servers if the ps_contacts database
table is shared with other servers.
Thanks to Ross Beer for pointing out that the original prune logic would
delete reliable transport contacts from other servers.
ASTERISK-27147
Change-Id: I8e439d0d1c266ffdfd7b73d1e5e466180a689bd0
Add ability to use tokens instead of passwords according to Google OAuth 2.0
protocol.
ASTERISK-27169
Reported by: Andrey Egorov
Tested by: Andrey Egorov
Change-Id: I07f7052a502457ab55010a4d3686653b60f4c8db
