The SuccessfulAuth using_password field was declared as a pointer to a
uint32_t when the field was later read as a uint32_t value. This resulted
in unnecessary casts and a non-portable field value reinterpret in
main/security_events.c:add_json_object(). i.e., It would work on a 32 bit
architecture but not on a 64 bit big endian architecture.
Change-Id: Ia08bc797613a62f07e5473425f9ccd8d77c80935
Some completion generators are very inefficent due to the way CLI
requests matches one at a time. ast_cli_completion_add can be called
multiple times during one invokation of a CLI generator to add all
results without having to reinitialize the search state for each match.
Change-Id: I73d26d270bbbe1e3e6390799cfc1b639e39cceec
The ability to add to localized storage cannot be supported by
ast_cli_generator. The only calls to ast_cli_generator should be by
functions that need to proxy the CLI generator, for example 'cli check
permissions' or 'core show help'.
* ast_cli_generatornummatches now retrieves the vector of matches and
reports the number of elements (not including 'best' match).
* test_substitution retrieves and iterates the vector.
Change-Id: I8cd6b93905363cf7a33a2d2b0e2a8f8446d9f248
This is a rewrite of ast_cli_completion_matches using a vector to build
the list. The original function calls the vector version, NULL
terminates the vector and extracts the elements array.
One change in behavior the results are now sorted and deduplicated. This
will solve bugs where some duplicate checking was done before the list
was sorted.
Change-Id: Iede20c5b4d965fa5ec71fda136ce9425eeb69519
Previously for PJSIP the local address of WebSocket connections
was set to the remote address. For logging purposes this is
not particularly useful.
The WebSocket API has been extended to allow the local
address to be queried and this is used in PJSIP to set the
local address to the correct value.
The PJSIP HEP support has also been tweaked so that reliable
transports always use the local address on the transport
and do not try to (wrongly) guess. As they are connection
based it is impossible for the source to be anything else.
ASTERISK-26758
ASTERISK-27363
Change-Id: Icd305fd038ad755e2682ab2786e381f6bf29e8ca
Some consumers of the sorcery API use ast_sorcery_retrieve_by_regex
only so that they can anchor the potential match as a prefix and not
because they truly need regular expressions.
Rather than using regular expressions for simple prefix lookups, add
a new operation - ast_sorcery_retrieve_by_prefix - that does them.
Patches against 13 and 15 have a compatibility layer needed to
maintain ABI that is not needed in master.
Change-Id: I56f4e20ba1154bd52281f995c27a429a854f6a79
* AST_VECTOR_STEAL_ELEMENTS - steal the array of elements for use
with non-vector code.
* struct ast_vector_string - a vector of 'char *'.
Change-Id: I104d1b204be03fccf67e02a195596adcb5ab1e42
This change causes the configure script to fail if the C compiler does
not support both function attributes constructor and destructor. These
were already required as modules cannot function without these attributes
and Asterisk requires modules.
This also has AST_GCC_ATTRIBUTE set a variable
ax_cv_have_func_attribute_$1. This is the same variable name used by
autoconf-archive's AX_GCC_FUNC_ATTRIBUTE, used for the same purpose.
Change-Id: Id68e8a1447f2a6d707c54b56350e7bfdb33fb663
The media frame cache gets in the way of finding use after free errors of
media frames. Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.
* Added the "cache_media_frames" option to asterisk.conf. Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the frame is
used after free and who freed it. NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.
To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.
Sample asterisk.conf setting:
[options]
cache_media_frames=no
ASTERISK-27413
Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00
When (v)asprintf() fails, the state of the allocated buffer is undefined.
The library had better not leave an allocated buffer as a result or no one
will know to free it. The most likely way it can return failure is for an
allocation failure. If the printf conversion fails then you actually have
a threading problem which is much worse because another thread modified
the parameter values.
* Made __ast_asprintf()/__ast_vasprintf() set the returned buffer to NULL
on failure. That is much more useful than either an uninitialized pointer
or a pointer that has already been freed. Many uses won't have to check
for failure to ensure that the buffer won't be double freed or prevent an
attempt to free an uninitialized pointer.
* stasis.c: Fixed memory leak in multi_object_blob_to_ami() allocated by
ast_asprintf().
* ari/resource_bridges.c:ari_bridges_play_helper(): Remove assignment to
the wrong thing which is now not needed even if assigning to the right
thing.
Change-Id: Ib5252fb8850ecf0f78ed0ee2ca0796bda7e91c23
This check is being added to make it easier for end-users of third party
open source Opus modules. This was removed by ASTERISK-26426 but only
the module needed to be removed.
Change-Id: I62b9cd0c4fa8a77596ab0e042948a643a1152677
Replace 'needsreload' argument with a 'type' argument to specify which
type of modules you want completion. This provides more accurate CLI
completion for load and unload commands.
* 'module unload' now excludes modules that have active references or are
not running.
* 'module load' now excludes modules that are already running.
* 'core set debug [atleast] <level> [module]' shows running modules only.
ASTERISK-27378
Change-Id: Iea3e00054461484196c46f688f02635cc886bad1
When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.
ASTERISK-27206
Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
The configure option to disable XML documentation does not currently
work. This patch makes it effective, but also causes an ABI change by
removing the ast_xmldoc_* symbols. Disabling xmldoc also prevents docs
from being automatically generated, but they can still be manually
generated with 'make doc/core-en_US.xml'.
ASTERISK-26639
Change-Id: Ifac562340c09f80c83e0203de098fcac93bf8c44
Bump the AMI patch number since the following new addition was made:
* Added a new CancelAtxfer action that cancels an attended transfer.
Change-Id: I9bac528791bd62ef0e99243903b6bc7a6c7ab182
When "rewrite_contact" is enabled, the "max_contacts" count option can
block re-registrations because the source port from the endpoint can be
random. When the re-registration is blocked, the endpoint may give up
re-registering and require manual intervention.
* The "remove_existing" option now allows a registration to succeed by
displacing any existing contacts that now exceed the "max_contacts" count.
Any removed contacts are the next to expire. The behaviour change is
beneficial when "rewrite_contact" is enabled and "max_contacts" is greater
than one. The removed contact is likely the old contact created by
"rewrite_contact" that the device is refreshing.
ASTERISK-27192
Change-Id: I64c107a10b70db1697d17136051ae6bf22b5314b
res_pjsip and res_pjsip_session had circular references, preventing both
modules from shutting down.
* Move session supplement registration to res_pjsip.
* Use create internal functions for use by pjsip_message_filter.c.
ASTERISK-27306
Change-Id: Ifbd5c19ec848010111afeab2436f9699da06ba6b
Use temporary variable to prevent multiple evaluations of elem argument.
This resolves a memory leak in res_pjproject startup.
ASTERISK-27317 #close
Change-Id: Ib960d7f5576f9e1a3c478ecb48995582a574e06d
Somewhere along the way we lost the ability to debug individual
source files. For modules, this wasn't a big deal but all the
source files in ./main are in the one "core" module so debugging
individual core capabilities was almost impossible.
* Added a test to DEBUG_ATLEAST that also checks __FILE__ instead
of just module name. Any source file will work even if it's in
a module subdirectory.
Change-Id: Icc0af41837f3b1679dec7af21fa32cd1f7469f6e
When two channels were early bridged in a native_rtp bridge, the RTP description
on one side was not updated when the other side answered.
This patch forbids non-answered channels to enter a native_rtp bridge, and
triggers a bridge reconfiguration when an ANSWER frame is received.
ASTERISK-27257
Change-Id: If1aaee1b4ed9658a1aa91ab715ee0a6413b878df
This changes the behavior of res_calendar to drop all existing calendars
and re-create them whenever a reload is done. The Calendar API provides
no way for configuration information to be pushed down to calendar
'techs' so updated settings would not take affect until a module
unload/load was done or Asterisk was restarted.
Asterisk 15+ already has a configuration option 'fetch_again_at_reload'
that performs a similar function.
Also fix a tiny memory leak in res_calendar_caldav while we're at it.
ASTERISK-25524 #close
Reported by: Jesper
Change-Id: Ib0f8057642e9d471960f1a79fd42e5a3ce587d3b
A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.
res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.
Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c
If an error occurs during a bridge impart it's possible that
the "bridge_after" callback might try to run before
control_swap_channel_in_bridge has been signalled to continue.
Since control_swap_channel_in_bridge is holding the control lock
and the callback needs it, a deadlock will occur.
* control_swap_channel_in_bridge now only holds the control
lock while it's actually modifying the control structure and
releases it while the bridge impart is running.
* bridge_after_cb is now tolerant of impart failures.
Change-Id: Ifd239aa93955b3eb475521f61e284fcb0da2c3b3
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.
For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.
Therefore, checks like this look wrong, but are right:
/* See if where we are sending this request is local or not, and if
not that we can get a Contact URI to modify */
if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
ast_debug(5, "Request is being sent to local address, "
"skipping NAT manipulation\n");
(In the list == localnet == DENY == skip NAT manipulation.)
And conversely, other checks that looked right, were wrong.
This change adds two macro's to reduce the confusion and uses those
instead:
ast_sip_transport_is_nonlocal(transport_state, addr)
ast_sip_transport_is_local(transport_state, addr)
ASTERISK-27248 #close
Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
ASTERISK-27103
Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
If an SDP answer hasn't been sent yet, it's legal to change it.
This is required for PJSIP_DTMF_MODE to work correctly, and can
also have use in the future for updating codecs too.
ASTERISK-27209 #close
Change-Id: Idbbfb7cb3f72fbd96c94d10d93540f69bd51e7a1
The fix for the issue is broken up into three parts.
This is part two which handles the server side of REGISTER requests when
rewrite_contact is enabled. Any registered reliable transport contact
becomes invalid when the transport connection becomes disconnected.
* Monitor the rewrite_contact's reliable transport REGISTER contact for
shutdown. If it is shutdown then the contact must be removed because it
is no longer valid. Otherwise, when the client attempts to re-REGISTER it
may be blocked because the invalid contact is there. Also if we try to
send a call to the endpoint using the invalid contact then the endpoint is
not likely to see the request. The endpoint either won't be listening on
that port for new connections or a NAT/firewall will block it.
* Prune any rewrite_contact's registered reliable transport contacts on
boot. The reliable transport no longer exists so the contact is invalid.
* Websockets always rewrite the REGISTER contact address and the transport
needs to be monitored for shutdown.
* Made the websocket transport set a unique name since that is what we use
as the ao2 container key. Otherwise, we would not know which transport we
find when one of them shuts down. The names are also used for PJPROJECT
debug logging.
* Made the websocket transport post the PJSIP_TP_STATE_CONNECTED state
event. Now the global keep_alive_interval option, initially idle shutdown
timer, and the server REGISTER contact monitor can work on wetsocket
transports.
* Made the websocket transport set the PJSIP_TP_DIR_INCOMING direction.
Now initially idle websockets will automatically shutdown.
ASTERISK-27147
Change-Id: I397a5e7d18476830f7ffe1726adf9ee6c15964f4
The fix for the issue is broken up into three parts.
This is part one which refactors the transport state monitor code to allow
more modules to be able to monitor transports.
* Pull the management of PJPROJECT's transport state callback code from
res_pjsip_transport_management.c into res_pjsip. Now other modules can
dynamically add and remove themselves from transport monitoring without
worrying about breaking PJPROJECT's callback chain.
* Add the ability for other modules to get a callback whenever a specific
transport is shutdown.
ASTERISK-27147
Change-Id: I7d9a31371eb1487c9b7050cf82a9af5180a57912
Introduce a new property to rtp-engine to make it aware of
the desire for assymetric codecs or not. If asymmetric codecs
is not allowed, the bridge will compare read/write formats
and shut down the p2p bridge if needed
ASTERISK-26745 #close
Change-Id: I0d9c83e5356df81661e58d40a8db565833501a6f
