This is a fun one.
Given the following attended transfer scenario:
1. Transfer target is called
2. Transferer hangs up
3. Transfer target call attempt reaches timeout
4. Transfer target is told to hang up
5. Transfer target answers before channel is hung up
6. Transferer recall target is called
A crash would occur. This is because the transfer target call
attempt, despite being told to hang up, would raise a recall
target answer before the recall target had been answered. As it
had not answered there would be no recall target channel and it
would implode.
This change makes it so that if the transfer target has been
hung up we don't tell the attended transfer code that it has
answered. We also clear out the stimulus that the recall target
has been answered after telling the transfer target to hang up,
in case it was able to raise the information before we told it
to hangup.
ASTERISK-27361
Change-Id: Ifb8b255a9c4d2c5c1b8ad77bf54f659ed286df99
We were not \0 terminating this string, so any attempt to print it would
in the best case show an empty string and in the worst case potentially
crash.
Change-Id: I63d96ef8f7516ac02a0f91e22dfa8acdc615042c
Memory corruption happened to the media frame caches when an audio hook
freed a frame when it shouldn't. I think the freed frame was because a
jitter buffer interpolated a missing frame and the audio hook
unconditionally freed it.
* Made audiohook.c:audio_audiohook_write_list() not free an interpolated
frame if it is the same frame as what was passed into the routine.
* Made plc.c:normalise_history() use memmove() instead of memcpy() on a
memory block that could overlap. Found by valgrind investigating this
issue.
ASTERISK-27238
ASTERISK-27412
Change-Id: I548d86894281fc4529aefeb9f161f2131ecc6fde
We've been calling pbx_builtin_setvar_helper to set the
RECORD_STATUS variable before actually closing the recorded file.
If a client is watching VarSet events and tries to do something with
the file when a RECORD_STATUS event is seen, they might attempt to
do so while the file it's still open.
We now delay calling pbx_builtin_setvar_helper until after we close
the file.
ASTERISK-27423
Change-Id: I7fe9de99953e46b4bafa2b38cf151fe8f6488254
The OUTPUTDIR environment variable can now be set either in the
environment itself or in ast_debug_tools.conf. If set, it's used
for all work products instead of /tmp.
Also added the --tarball-config option that includes the contents
of /etc/asterisk when either --tarball-coredumps or --tarball-results
are used.
Change-Id: I66b2553319df61caea5b313d084f51978f730b4c
Previously for PJSIP the local address of WebSocket connections
was set to the remote address. For logging purposes this is
not particularly useful.
The WebSocket API has been extended to allow the local
address to be queried and this is used in PJSIP to set the
local address to the correct value.
The PJSIP HEP support has also been tweaked so that reliable
transports always use the local address on the transport
and do not try to (wrongly) guess. As they are connection
based it is impossible for the source to be anything else.
ASTERISK-26758
ASTERISK-27363
Change-Id: Icd305fd038ad755e2682ab2786e381f6bf29e8ca
The remote console socket path is the combination of asterisk.conf
settings astrundir from [directories] and astctl from [files].
Unconditionally combine the two strings after processing all values
to ensure we end up with the correct socket path.
ASTERISK-27415
Change-Id: Ib1e2805d55d6b0955c6430a1a2a93acbf9b091e8
The default return code for pjsip_find_msg was PJ_SUCCESS so if
a Content-Length header wasn't found at all, pjsip_find_msg was
returning PJ_SUCCESS instead of PJSIP_EMISSINGHDR.
Also added the volatile keyword to a few variables that are used
both inside and outside the PJ_TRY/PJ_CATCH block.
Partial fix for ASTERISK_27408
Change-Id: If82ba9de921e3d57df9c68cf96ee45ccc1491f7a
Update from 2.7 to 2.7.1 for bundled pjproject. Changed version
and removed patch files included in the update.
Change-Id: I55cea8e734b318c2df9daf86aa0802c559ec8357
Some consumers of the sorcery API use ast_sorcery_retrieve_by_regex
only so that they can anchor the potential match as a prefix and not
because they truly need regular expressions.
Rather than using regular expressions for simple prefix lookups, add
a new operation - ast_sorcery_retrieve_by_prefix - that does them.
Patches against 13 and 15 have a compatibility layer needed to
maintain ABI that is not needed in master.
Change-Id: I56f4e20ba1154bd52281f995c27a429a854f6a79
* AST_VECTOR_STEAL_ELEMENTS - steal the array of elements for use
with non-vector code.
* struct ast_vector_string - a vector of 'char *'.
Change-Id: I104d1b204be03fccf67e02a195596adcb5ab1e42
This change causes the configure script to fail if the C compiler does
not support both function attributes constructor and destructor. These
were already required as modules cannot function without these attributes
and Asterisk requires modules.
This also has AST_GCC_ATTRIBUTE set a variable
ax_cv_have_func_attribute_$1. This is the same variable name used by
autoconf-archive's AX_GCC_FUNC_ATTRIBUTE, used for the same purpose.
Change-Id: Id68e8a1447f2a6d707c54b56350e7bfdb33fb663
The media frame cache gets in the way of finding use after free errors of
media frames. Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.
* Added the "cache_media_frames" option to asterisk.conf. Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the frame is
used after free and who freed it. NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.
To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.
Sample asterisk.conf setting:
[options]
cache_media_frames=no
ASTERISK-27413
Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00
If a transport is created with the same transport type, source
IP address, and source port as one that already exists the old
transport is moved into a linked list called "tp_list".
If this old transport is later shutdown it will not be destroyed
as the process checks whether the transport is valid or not. This
check does not look at the "tp_list" when making the determination
causing the transport to not be destroyed.
This change updates the logic to query not just the main storage
method for transports but also the "tp_list".
Upstream issue https://trac.pjsip.org/repos/ticket/2061
ASTERISK-27411
Change-Id: Ic5c2bb60226df0ef1c8851359ed8d4cd64469429
This ensures that the root Makefile runs only a single target at a time.
SUBMAKE will still honor requested parallelism, so 'make -j8' will build
one directory at a time but allow 8 jobs at once when building a sub
directory.
This will fix some display glitches related to rebuild of XML
documentation. It will also prevent some edge case errors where
bundled pjproject needs to be rebuild before other parts of Asterisk.
Change-Id: I4f2ec6fbbec1ada0ccb1109a28ea303524239b1e
A previous commit made it so when an invite session transitioned into a
disconnected state destruction of the Asterisk pjsip session object was
postponed until either a transport error occurred or the event timer
expired. However, if a call was rejected (for instance a 488) before the
session was fully established the event timer may not have been initiated,
or it was canceled without triggering either of the session finalizing states
mentioned above.
Really the only time destruction of the session should be delayed is when a
BYE is being transacted. This is because it's possible in some cases for the
session to be disconnected, but the BYE is still transacting.
This patch makes it so the session object always gets released (no more
memory leak) when the pjsip session is in a disconnected state. Except when
the method is a BYE. Then it waits until a transport error occurs or an event
timeout.
ASTERISK-27345 #close
Reported by: Corey Farrell
Change-Id: I1e724737b758c20ac76d19d3611e3d2876ae10ed
cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long. The long string could be supplied by
external means using the CDR(userfield) function.
This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.
ASTERISK-27337
Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
