This change accommodates two methods by which calls can be directed to
a user's voicemail.
* Incoming calls can be redirected to any user's voicemail.
* Established calls can be blind transferred to any user's voicemail.
Digium phones indicate the desire to direct a call to voicemail by using
a Diversion header with a reason parameter of "send_to_vm".
This patch adds the "send_to_vm" reason as a valid redirecting reason. In
addition, chan_sip.c has been modified to update redirecting information
on the transferred channel by reading a Diversion header on a REFER request.
(closes issue AST-871)
Reported by Malcolm Davenport
Review: https://reviewboard.asterisk.org/r/1925
git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@367161 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r363102 | mjordan | 2012-04-23 08:37:55 -0500 (Mon, 23 Apr 2012) | 16 lines
AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling
When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue. When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue. The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun. This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.
(closes issue ASTERISK-19592)
Reported by: Russell Bryant
........
Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
r363106 | mjordan | 2012-04-23 09:05:02 -0500 (Mon, 23 Apr 2012) | 17 lines
AST-2012-006: Fix crash in UPDATE handling when no channel owner exists
If Asterisk receives a SIP UPDATE request after a call has been terminated and
the channel has been destroyed but before the SIP dialog has been destroyed, a
condition exists where a connected line update would be attempted on a
non-existing channel. This would cause Asterisk to crash. The patch resolves
this by first ensuring that the SIP dialog has an owning channel before
attempting a connected line update. If an UPDATE request is received and no
channel is associated with the dialog, a 481 response is sent.
(closes issue ASTERISK-19770)
Reported by: Thomas Arimont
Tested by: Matt Jordan
Patches:
ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)
........
r363141 | jrose | 2012-04-23 09:33:16 -0500 (Mon, 23 Apr 2012) | 20 lines
AST-2012-004: Fix an error that allows AMI users to run shell commands sans authorization.
As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
actions were able to run system commands by going through other AMI commands which did
not require that authorization. Specifically, GetVar and Status allowed users to do this
by setting their variable/s options to the SHELL or EVAL functions.
Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
allowed users with originate permission to run MixMonitor and supply a shell command
in the Data argument. That flaw is fixed in those versions of this patch.
(closes issue ASTERISK-17465)
Reported By: David Woolley
Patches:
162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
........
Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 363102,363106,363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@363161 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This merges fixes for the following issues into the 1.8-digiumphones branch:
* ASTERISK-19355 - Call transfer with consultation frequently fails in cross-
linked Asterisk scenario (directmedia & sendrpid active)
* ASTERISK 19365 - Remote SIP Call legs are frequently not released in a
cross-linked Asterisk scenario (directmedia & sendrpid)
* ASTERISK-19183 - Sporadically missing connectedline event to caller channel
in directed pickup app
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@362042 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r359656 | mjordan | 2012-03-15 13:35:59 -0500 (Thu, 15 Mar 2012) | 22 lines
Fix remotely exploitable stack overrun in Milliwatt
Milliwatt is vulnerable to a remotely exploitable stack overrun when using
the 'o' option. This occurs due to the milliwatt_generate function not
accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of
samples it can put in the output buffer.
This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET
when determining the maximum number of samples allowed. Note that at no
point is remote code execution possible. The data that is written into the
buffer is the pre-defined Milliwatt data, and not custom data.
(closes issue ASTERISK-19541)
Reported by: Russell Bryant
Tested by: Matt Jordan
Patches:
milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)
Note that this patch was written by Russell, even though Matt uploaded it
........
Merged revisions 359645 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
r359706 | mjordan | 2012-03-15 14:01:22 -0500 (Thu, 15 Mar 2012) | 16 lines
Fix remotely exploitable stack overflow in HTTP manager
There exists a remotely exploitable stack buffer overflow in HTTP digest
authentication handling in Asterisk. The particular method in question
is only utilized by HTTP AMI. When parsing the digest information, the
length of the string is not checked when it is copied into temporary buffers
allocated on the stack.
This patch fixes this behavior by parsing out pre-defined key/value pairs
and avoiding unnecessary copies to the stack.
(closes issue ASTERISK-19542)
Reported by: Russell Bryant
Tested by: Matt Jordan
........
r359979 | rmudgett | 2012-03-20 12:21:16 -0500 (Tue, 20 Mar 2012) | 28 lines
Allow AMI action callback to be reentrant.
Fix AMI module reload deadlock regression from ASTERISK-18479 when it
tried to fix the race between calling an AMI action callback and
unregistering that action. Refixes ASTERISK-13784 broken by
ASTERISK-17785 change.
Locking the ao2 object guaranteed that there were no active callbacks that
mattered when ast_manager_unregister() was called. Unfortunately, this
causes the deadlock situation. The patch stops locking the ao2 object to
allow multiple threads to invoke the callback re-entrantly. There is no
way to guarantee a module unload will not crash because of an active
callback. The code attempts to minimize the chance with the registered
flag and the maximum 5 second delay before ast_manager_unregister()
returns.
The trunk version of the patch changes the API to fix the race condition
correctly to prevent the module code from unloading from memory while an
action callback is active.
* Don't hold the lock while calling the AMI action callback.
(closes issue ASTERISK-19487)
Reported by: Philippe Lindheimer
Review: https://reviewboard.asterisk.org/r/1818/
Review: https://reviewboard.asterisk.org/r/1820/
........
Merged revisions 359656,359706,359979 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@360826 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If an extension's 'app' field is NULL, then a "(null)" string
would be written into an ast_str due to the way that snprintf
works. When this is passed to ast_strlen_zero(), it fires up
a big warning indicating something is probably wrong.
There indeed was a problem, but luckily it wasn't a very big
problem. After the failed ast_strlen_zero() check and big
warning message, the very next if statement, checking to
see if the "(null)" matched a presence provider, would fail,
so no harm was done.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@360031 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In the change from 1.6.2 to 1.8, ast_sockaddr was introduced which changed the
behavior of ast_find_ourip such that port number was wiped out. This caused
the port in internip (which is used for Contact and Call-ID on NOTIFYs) to be
0. This change causes ast_find_ourip to be port-preserving again.
(closes issue ASTERISK-19430)
........
Merged revisions 357665 from http://svn.asterisk.org/svn/asterisk/branches/1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@358692 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Currently, when using res_srtp, once the SRTP policy has been added to the
current session the policy is locked into place. Any attempt to replace an
existing policy, which would be needed if the remote endpoint negotiated a new
cryptographic key, is instead rejected in res_srtp. This happens in particular
in transfer scenarios, where the endpoint that Asterisk is communicating with
changes but uses the same RTP session.
This patch modifies res_srtp to allow remote and local policies to be reloaded
in the underlying SRTP library. From the perspective of users of the SRTP API,
the only change is that the adding of remote and local policies are now added
in a single method call, whereas they previously were added separately. This
was changed to account for the differences in handling remote and local
policies in libsrtp.
Review: https://reviewboard.asterisk.org/r/1741/
(closes issue ASTERISK-19253)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
Patches:
srtp_renew_keys_2012_02_22.diff uploaded by Matt Jordan (license 6283)
(with some small modifications for this check-in)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@356604 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Custom parking extensions may not be coded such that the first and only
extension priority is the Park application. These custom parking
extensions will not be recognized as parking extensions. When a call is
blind transferred to an extension that is not recognized as a parking
extension, the normal blind transfer code causes the transferred channel
to start executing dialplan. Calls that get parked in this manner do not
know the original channel name that parked the call so the original parker
could never be called back if the parked call is not retrieved before the
timeout time. The parking space is also announced to the call being
parked as a side effect of not knowing the original parking channel.
* Fix handling of BLINDTRANSFER channel variable for call parking.
* Fixed SIP blind transfer using the wrong dialplan context variable to
check for the parking extension.
(closes issue ASTERISK-19322)
Reported by: aragon
Tested by: rmudgett, jparker
Review: https://reviewboard.asterisk.org/r/1730/
JIRA AST-766
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@356521 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If the res_calendar module was followed immediately by one of the
calendar tech modules and "core stop gracefully" was run, Asterisk
would crash.
This patch adds use count tracking for res_calendar so that it is
unloaded after the tech modules when shutting down gracefully. It
is now not possible to unload all the of the calendar modules via
"module unload res_calednar.so", but it is still possible to unload
them all via "module unload -h res_calendar.so".
Review: https://reviewboard.asterisk.org/r/1752/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@356291 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When I made this change initially, I was under the false impression that the
audiohooks structure remained on the channel after all of the hooks had been
detached. This is not the case, ast ast_read takes care of removing the
audiohooks structure if the lists are empty.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@355622 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The astman_get_header() never returns NULL so the check by the code for
NULL would never fail.
(closes issue ASTERISK-16974)
Reported by: Nuno Borges
Patches:
0018325.patch (license #6116) patch uploaded by Nuno Borges (modified)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@354835 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The config parser in Asterisk does not currently remove a backslash that is
used to escape a semicolon which would otherwise be interpreted as the start
of a comment.
The change here causes that backslash to be removed, but does not create a
real escape system in the config parser. The biggest complication with a real
escape system would be breaking existing configs everywhere (parsing \\ as \
and breaking on escaped non-semicolon characters) even though it would be the
"right" way to do things.
(closes issue ASTERISK-17121)
Review: https://reviewboard.asterisk.org/r/1724/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@354655 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This change makes it so computational cost is not taken into account
when deciding if a multistep path is better than a single-step path. This
means that the only time a multistep path will be chosen is if no single-step
path exists. This ensures a better quality translation even if it turns out
to be slightly slower.
(closes issue ASTERISK-16821)
reported by Andrew Lindh
Review: https://reviewboard.asterisk.org/r/1715
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@354594 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch removes some unnecessary locking of the channels container in
ast_hangup(). The reason this came up is that this lock can very quickly block
the entire system. If any of the channel cleanup code decides to block, it
causes a problem for the whole system. For example, when audiohooks get
destroyed, if that blocks for a while waiting on the mixmonitor thread to exit
because it's busy blocking on some I/O, it causes a problem for many other
threads in the meantime.
Review: https://reviewboard.asterisk.org/r/1712/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@354492 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The AMI UnParkedCall event was missing the Parkinglot and Uniqueid headers
that the AMI ParkedCall event contains.
(closes issue ASTERISK-19240)
Reported by: Michael Yara
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@354116 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Removes references to tlsbindport from http.conf.sample and manager.conf.sample
* Properly bind to port specified in tlsbindaddr, using the default port if specified.
* On a reload, properly close socket if the service has been disabled.
A note has been added to UPGRADE.txt to indicate how ports must be set for TLS.
(closes issue ASTERISK-16959)
reported by Olaf Holthausen
(closes issue ASTERISK-19201)
reported by Chris Mylonas
(closes issue ASTERISK-19204)
reported by Chris Mylonas
Review: https://reviewboard.asterisk.org/r/1709
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353770 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Fix memory leak of vars in error paths for action_originate().
* Moved struct fast_originate_helper tech and data members to stringfields.
* Simplified ActionID header handling for fast_originate().
* Added doxygen note to ast_request() and ast_call() and the associated
channel callbacks that the data/addr parameters should be treated as const
char *.
Review: https://reviewboard.asterisk.org/r/1690/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353454 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk's dnsmgr currently takes a pointer to an ast_sockaddr and updates it
anytime an address resolves to something different. There are a couple of
issues with this. First, the ast_sockaddr is usually the address of an
ast_sockaddr inside a refcounted struct and we never bump the refcount of those
structs when using dnsmgr. This makes it possible that a refresh could happen
after the destructor for that object is called (despite ast_dnsmgr_release
being called in that destructor). Second, the module using dnsmgr cannot be
aware of an address changing without polling for it in the code. If an action
needs to be taken on address update (like re-linking a SIP peer in the
peers_by_ip table), then polling for this change negates many of the benefits
of having dnsmgr in the first place.
This patch adds a function to the dnsmgr API that calls an update callback
instead of blindly updating the address itself. It also moves calls to
ast_dnsmgr_release outside of the destructor functions and into cleanup
functions that are called when we no longer need the objects and increments the
refcount of the objects using dnsmgr since those objects are stored on the
ast_dnsmgr_entry struct. A helper function for returning the proper default SIP
port (non-tls vs tls) is also added and used.
This patch also incorporates changes from a patch posted by Timo Teräs to
ASTERISK-19106 for related dnsmgr issues.
(closes issue ASTERISK-19106)
Review: https://reviewboard.asterisk.org/r/1691/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353371 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The previous change made the code look for emN and pciN in addition to what
it did originally, which was search for ethN. However, it needed to be looking
for pciN#N, so that's what it does now.
This also moves the memset() to be before every ioctl().
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353175 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Asterisk has supported the 'L16' MIME subtype for 16kHz signed linear (PCM)
audio for quite some time, but some endpoints refer to it as 'L16-256'. This
commit adds this as an alias for the existing format.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353126 65c4cc65-6c06-0410-ace0-fbb531ad65f3
As of Fedora 15, ethN is not the name of ethernet interfaces. The names
are emN or pciN. Update some code that searched for interfaces named
ethN to look for the new names, as well. For more information about why
this change was made, see this page:
http://domsch.com/blog/?p=455
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353077 65c4cc65-6c06-0410-ace0-fbb531ad65f3
main/test.c includes "asterisk/version.h", when it should include
"asterisk/ast_version.h" instead (and it should use the ast_get_version()
and ast_get_version_num() functions). This commit modifies it to extract
the Asterisk version information using the proper APIs, and as a result means
that main/test.c no longer needs to be rebuilt when a Subversion checkout
is updated or modified.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@352612 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This prevents the 'h' extension from being run on the transferee
channel when it is transferred via a native transfer mechanism such
as SIP REFER.
(closes ASTERISK-19173)
Reported by: Ross Beer
Tested by: Kristjan Vrban
Patches:
ASTERISK-19173 by Mark Michelson (license 5049)
Review: https://reviewboard.asterisk.org/r/1685
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@352199 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Note: Noone calls ast_app_dtget() with the timeout parameter of zero so
the bad code normally will never get executed.
* Fix unnecessary floating point division in func_timeout.c
timeout_write() when all other values are integers.
(closes issue ASTERISK-16817)
Reported by: Dmitry Andrianov
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@352029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
OpenBSD defines SO_PEERCRED, but it returns a 'struct sockpeercred', not
'struct ucred', which causes compilation of main/asterisk.c to fail in
read_credentials(). This allows configure to check for sockpeercred and
asterisk to deal with it properly.
(closes issue ASTERISK-18929)
Reported-by: Barry Miller
Patch-by: Barry Miller
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@350730 65c4cc65-6c06-0410-ace0-fbb531ad65f3
* Add missing eventextra to cel_psql.c and cel_odbc.c.
* Add missing PeerAccount and EventExtra to cel_manager.c.
* Add missing userdeftype support for cel_custom.conf.sample and
cel_sqlite3_custom.conf.sample.
(closes issue ASTERISK-17190)
Reported by: Bryant Zimmerman
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@350555 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The Asterisk -x command line parameter is documented inconsistently.
* Made the -x documentation and behavior consistent.
* Since this is also a new year, updated the copyright notices while here.
(closes issue ASTERISK-19094)
Reported by: Eugene
Patches:
issueA19094_correct_asterisk_option_x.patch (license #5674) patch uploaded by Walter Doekes (modified)
Tested by: Eugene
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@350075 65c4cc65-6c06-0410-ace0-fbb531ad65f3
ast_streamfile previously did unconditional seeking on files that broke
playback of formats that don't support that functionality. This patch avoids
the seek that was causing the problem. This regression was introduced in
r158062.
(closes issue ASTERISK-18994)
Patch-by: Timo Teras
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@349731 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When receiving calls from a mobile phone into a DISA system on a connection with
significant interference, the reporter's Asterisk system would interpret DTMF incorrectly
and replicate digits received. This patch resolves that by increasing the number of
frames a mismatch has to be detected before assuming the DTMF is over by 1 frame and
adjusts dtmf_detect function to reset hits and misses only when an edge is detected.
(closes issue ASTERISK-17493)
Reported by: Alec Davis
Patches:
bug18904-refactor.diff.txt uploaded by Alec Davis (license 5546)
Review: https://reviewboard.asterisk.org/r/1130/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@349728 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When catching a signal, in no fork mode the console thread is identical to the thread
responsible for catching the signal and closing Asterisk, which requires it to first
dispense with the console thread. Prior to this patch, if these threads were identical,
upon receiving a killing signal, the thread will send an URG signal to itself, which
we also catch and then promptly do nothing with. Obviously this isn't useful behavior.
(closes issue ASTERISK-19127)
Reported By: Bryon Clark
Patches:
quit_on_signals.patch uploaded by Bryon Clark (license 6157)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@349672 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(issue ASTERISK-19040)
(issue ASTERISK-19128)
(issue ASTERISK-17725)
(issue ASTERISK-18340)
(closes issue ASTERISK-19095)
Reported by: Stefan Schmidt
Tested by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1640/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@349339 65c4cc65-6c06-0410-ace0-fbb531ad65f3
