chan_skinny creates a new thread for each new session. In trying
to be a good cleanup citizen, the threads are joinable and the
unload_module function does a pthread_cancel() and a pthread_join()
on any sessions that are active at that time. This has an
unintended side effect though. Since you can call pthread_join on a
thread that's already terminated, pthreads keeps the thread's
storage around until you explicitly call pthread_join (or
pthread_detach()). Since only the module_unload function was
calling pthread_join, and even then only on the ones active at the
tme, the storage for every thread/session ever created sticks
around until asterisk exits.
* A thread can detach itself so the session_destroy() function
now calls pthread_detach() just before it frees the session
memory allocation. The module_unload function still takes care
of the ones that are still active should the module be unloaded.
ASTERISK-27452
Reported by: Juan Sacco
Change-Id: I9af7268eba14bf76960566f891320f97b974e6dd
Fixes a regression where some characters were unable to be used in
the from_user field of an endpoint. Additionally, the backtick was
removed from the list of valid characters, since it is not valid,
and it was replaced with a single quote, which is a valid character.
ASTERISK-27387
Change-Id: Id80c10a644508365c87b3182e99ea49da11b0281
(cherry picked from commit 5b13290522)
One of the patches for ASTERISK_27147 introduced a deadlock regression.
When the connection oriented transport shut down, the code attempted to
remove the associated contact. However, that same transport had just
requested a registration that we hadn't responded to yet. Depending
upon timing we could deadlock.
* Made send the REGISTER response after we completed processing the
request contacts and released the AOR lock to avoid the deadlock.
ASTERISK-27391
Change-Id: I89a90f87cb7a02facbafb44c75d8845f93417364
Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
A previous commit made it so when an invite session transitioned into a
disconnected state destruction of the Asterisk pjsip session object was
postponed until either a transport error occurred or the event timer
expired. However, if a call was rejected (for instance a 488) before the
session was fully established the event timer may not have been initiated,
or it was canceled without triggering either of the session finalizing states
mentioned above.
Really the only time destruction of the session should be delayed is when a
BYE is being transacted. This is because it's possible in some cases for the
session to be disconnected, but the BYE is still transacting.
This patch makes it so the session object always gets released (no more
memory leak) when the pjsip session is in a disconnected state. Except when
the method is a BYE. Then it waits until a transport error occurs or an event
timeout.
ASTERISK-27345 #close
Reported by: Corey Farrell
Change-Id: I1e724737b758c20ac76d19d3611e3d2876ae10ed
cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long. The long string could be supplied by
external means using the CDR(userfield) function.
This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.
ASTERISK-27337
Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
Users of the API that res_xmpp provides expect that a
filter be available on the client at all times. When
OAuth authentication support was added this requirement
was not maintained.
This change merely moves the OAuth authentication to
after the filter is created, ensuring users of res_xmpp
can add things to the filter as needed.
ASTERISK-27346
Change-Id: I4ac474afe220e833288ff574e32e2b9a23394886
(cherry picked from commit 0efeb7885a)
Currently ast_http_send barricades a portion of the content that
needs to be sent in order to establish a connection for things
like the ARI client. The conditional and contents have been changed
to ensure that everything that needs to be sent, will be sent.
ASTERISK-27372
Change-Id: I8816d2d8f80f4fefc6dcae4b5fdfc97f1e46496d
Bump the AMI patch number since the following new addition was made:
* Added a new CancelAtxfer action that cancels an attended transfer.
Change-Id: I9bac528791bd62ef0e99243903b6bc7a6c7ab182
Move ast_sip_add_usereqphone to be called after anonymization of URIs,
to prevent the user_eq_phone adding "user=phone" to URIs containing a
username that is not a phonenumber (RFC3261 19.1.1). An extra call to
ast_sip_add_usereqphone on the saved version before anonymization is
added to add user=phone" to the PAI.
ASTERISK-27047 #close
Change-Id: Ie5644bc66341b86dc08b1f7442210de2e6acdec6
ast_sip_add_usereqphone adds "user=phone" to the header every time is is
called without checking whether the param already exists. Preventing
this by searching to string representation of header for "user=phone".
ASTERISK-26988 #close
Change-Id: Ib84383b07254de357dc6a98d91fc1d2c2c3719e6
Fixes a memory corruption issue after a reload of cdr_mysql.
Issue was accidentally included in 747beb1ed1 .
ASTERISK-27270 #close
Change-Id: I90b6a9d18710c0f9009466370bd5f4bac5d5d12e
chan_vpb was trying to use sizeof(*p->play_dtmf), where
p->play_dtmf is defined as char[16], to get the length of the array
but since p->play_dtmf is an actual array, sizeof(*p->play_dtmf)
returns the size of the first array element, which is 1. gcc7
validly complains because the context in which it's used could
cause an out-of-bounds condition.
Change-Id: If9c4bfdb6b02fa72d39e0c09bf88900663c000ba
This function finds a weak proxy in an ao2_container and returns the
real object associated with it.
Change-Id: I9da822049747275f5961b5c0a7f14e87157d65d8
Copy the list of weakproxy callbacks to temporary memory so they can be
run without holding the weakproxy lock.
Change-Id: Ib167622a8a0f873fd73938f7611b2a5914308047
We were ignoring the return value from ast_pbx_outgoing_exten() and
ast_pbx_outgoing_app() which could fail before setting the reason code.
This resulted in failures being reported as success.
ASTERISK-25266 #close
Reported by: Allen Ford
Change-Id: Idf16237b7e41b527d2c69c865829128686beeb3b
