Update for 15.1.4

When the RTCP code was transitioned over to Stasis a code change
was made to keep track of how many reports are present. This count
controlled where report blocks were placed in the RTCP report.

If a compound RTCP packet was received this logic would incorrectly
place a report block in the wrong location resulting in a write
to an invalid location.

This change removes this counting logic and always places the report
block at the first position. If in the future multiple reports are
supported the logic can be extended but for now keeping a count
serves no purpose.

ASTERISK-27382
ASTERISK-27429

Change-Id: Iad6c8a9985c4b608ef493e19c421211615485116
(cherry picked from commit 6b3bbba6dd)

.version

@@ -1 +1 @@
-15.1.1
+15.1.4

ChangeLog

@@ -1,3 +1,95 @@
+2017-12-13 14:33 +0000  Asterisk Development Team <asteriskteam@digium.com>
+
+	* asterisk 15.1.4 Released.
+
+2017-11-30 10:12 +0000 [7543397f50]  Joshua Colp <jcolp@digium.com>
+
+	* AST-2017-012: Place single RTCP report block at beginning of report.
+
+	  When the RTCP code was transitioned over to Stasis a code change
+	  was made to keep track of how many reports are present. This count
+	  controlled where report blocks were placed in the RTCP report.
+
+	  If a compound RTCP packet was received this logic would incorrectly
+	  place a report block in the wrong location resulting in a write
+	  to an invalid location.
+
+	  This change removes this counting logic and always places the report
+	  block at the first position. If in the future multiple reports are
+	  supported the logic can be extended but for now keeping a count
+	  serves no purpose.
+
+	  ASTERISK-27382
+	  ASTERISK-27429
+
+	  Change-Id: Iad6c8a9985c4b608ef493e19c421211615485116
+	  (cherry picked from commit 6b3bbba6dd04aead17472662b45c30906b439176)
+
+2017-12-01 19:42 +0000  Asterisk Development Team <asteriskteam@digium.com>
+
+	* asterisk 15.1.3 Released.
+
+2017-11-30 14:38 +0000 [f79ec1ccc8]  George Joseph <gjoseph@digium.com>
+
+	* AST-2017-013: chan_skinny: Call pthread_detach when sess threads end
+
+	  chan_skinny creates a new thread for each new session.  In trying
+	  to be a good cleanup citizen, the threads are joinable and the
+	  unload_module function does a pthread_cancel() and a pthread_join()
+	  on any sessions that are active at that time.  This has an
+	  unintended side effect though. Since you can call pthread_join on a
+	  thread that's already terminated, pthreads keeps the thread's
+	  storage around until you explicitly call pthread_join (or
+	  pthread_detach()).   Since only the module_unload function was
+	  calling pthread_join, and even then only on the ones active at the
+	  tme, the storage for every thread/session ever created sticks
+	  around until asterisk exits.
+
+	  * A thread can detach itself so the session_destroy() function
+	    now calls pthread_detach() just before it frees the session
+	    memory allocation.  The module_unload function still takes care
+	    of the ones that are still active should the module be unloaded.
+
+	  ASTERISK-27452
+	  Reported by: Juan Sacco
+
+	  Change-Id: I9af7268eba14bf76960566f891320f97b974e6dd
+
+2017-11-10 16:59 +0000  Asterisk Development Team <asteriskteam@digium.com>
+
+	* asterisk 15.1.2 Released.
+
+2017-11-01 11:12 +0000 [f0cebe2321]  Ben Ford <bford@digium.com>
+
+	* res_pjsip: Add to list of valid characters for from_user.
+
+	  Fixes a regression where some characters were unable to be used in
+	  the from_user field of an endpoint. Additionally, the backtick was
+	  removed from the list of valid characters, since it is not valid,
+	  and it was replaced with a single quote, which is a valid character.
+
+	  ASTERISK-27387
+
+	  Change-Id: Id80c10a644508365c87b3182e99ea49da11b0281
+	  (cherry picked from commit 5b13290522f0dc4312d5dca308bda3fdd636d613)
+
+2017-11-06 16:37 +0000 [7ebf5a9386]  Richard Mudgett <rmudgett@digium.com>
+
+	* res_pjsip_registrar.c: Fix AOR and pjproject group deadlock.
+
+	  One of the patches for ASTERISK_27147 introduced a deadlock regression.
+	  When the connection oriented transport shut down, the code attempted to
+	  remove the associated contact.  However, that same transport had just
+	  requested a registration that we hadn't responded to yet.  Depending
+	  upon timing we could deadlock.
+
+	  * Made send the REGISTER response after we completed processing the
+	  request contacts and released the AOR lock to avoid the deadlock.
+
+	  ASTERISK-27391
+
+	  Change-Id: I89a90f87cb7a02facbafb44c75d8845f93417364
+
 2017-11-08 16:28 +0000  Asterisk Development Team <asteriskteam@digium.com>
 
 	* asterisk 15.1.1 Released.

asterisk-15.1.1-summary.html

@@ -1,24 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-15.1.1</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-15.1.1</h3><h3 align="center">Date: 2017-11-08</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#closed_issues">Closed Issues</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2017-009,AST-2017-010,AST-2017-011.html">AST-2017-009,AST-2017-010,AST-2017-011</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-15.1.0.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Richard Mudgett <rmudgett@digium.com><br/>1 Kevin Harwell <kharwell@digium.com><br/>1 George Joseph <gjoseph@digium.com><br/></td><td width="33%"><td width="33%">1 Youngsung Kim at LINE Corporation<br/>1 Richard Mudgett <rmudgett@digium.com><br/>1 Kim youngsung <youngsung.kim@linecorp.com><br/>1 Corey Farrell <git@cfware.com><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27319">ASTERISK-27319</a>: (Security) Function in PJSIP 2.7 miscalculates the length of an unsigned long variable in 64bit machines<br/>Reported by: Kim youngsung<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=fd22ce2ed4f1f8116d2a4ba52c66977ff3eb78cb">[fd22ce2ed4]</a> George Joseph -- AST-2017-009: pjproject: Add validation of numeric header values</li>
-</ul><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27337">ASTERISK-27337</a>: chan_sip: Security vulnerability with client code header (revisited)<br/>Reported by: Richard Mudgett<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=6fce3fdedda97559a33c45f9efcaf27a5a492fc8">[6fce3fdedd]</a> Richard Mudgett -- AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun</li>
-</ul><br><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27345">ASTERISK-27345</a>: res_pjsip_session: RTP instances leak on 488 responses.<br/>Reported by: Corey Farrell<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=93e6dd60bb5dd87f2aa05c9260fb50c6fbefd69d">[93e6dd60bb]</a> Kevin Harwell -- AST-2017-011 - res_pjsip_session: session leak when a call is rejected</li>
-</ul><br><h4>Category: Resources/res_pjsip_sdp_rtp</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27345">ASTERISK-27345</a>: res_pjsip_session: RTP instances leak on 488 responses.<br/>Reported by: Corey Farrell<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=93e6dd60bb5dd87f2aa05c9260fb50c6fbefd69d">[93e6dd60bb]</a> Kevin Harwell -- AST-2017-011 - res_pjsip_session: session leak when a call is rejected</li>
-</ul><br><h4>Category: Resources/res_pjsip_session</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27345">ASTERISK-27345</a>: res_pjsip_session: RTP instances leak on 488 responses.<br/>Reported by: Corey Farrell<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=93e6dd60bb5dd87f2aa05c9260fb50c6fbefd69d">[93e6dd60bb]</a> Kevin Harwell -- AST-2017-011 - res_pjsip_session: session leak when a call is rejected</li>
-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>main/cdr.c                                                                                    |    6
-res/res_pjsip_session.c                                                                       |   80
-third-party/pjproject/patches/0090-sip_parser-Add-validity-checking-for-numeric-header-.patch |  828 ++++++++++
-3 files changed, 874 insertions(+), 40 deletions(-)</pre><br></html>

asterisk-15.1.4-summary.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-15.1.4</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-15.1.4</h3><h3 align="center">Date: 2017-12-13</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2017-012.html">AST-2017-012</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-15.1.3.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">1 Joshua Colp <jcolp@digium.com><br/></td><td width="33%"><td width="33%">1 Tzafrir Cohen <tzafrir.cohen@xorcom.com><br/>1 Vitezslav Novy <a1@vnovy.net><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27382">ASTERISK-27382</a>: crash after an invalid rtcp packet from GT48 FXS gateway<br/>Reported by: Tzafrir Cohen<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=7543397f50872a854255e842fc33a8d3cf634cc6">[7543397f50]</a> Joshua Colp -- AST-2017-012: Place single RTCP report block at beginning of report.</li>
+</ul><br><h4>Category: Resources/res_rtp_asterisk</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27429">ASTERISK-27429</a>: res_rtp_asterisk: Multiple reports in an RTCP packet will write past where it should<br/>Reported by: Vitezslav Novy<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=7543397f50872a854255e842fc33a8d3cf634cc6">[7543397f50]</a> Joshua Colp -- AST-2017-012: Place single RTCP report block at beginning of report.</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>

asterisk-15.1.4-summary.txt

@@ -1,8 +1,8 @@
                                 Release Summary
 
-                                asterisk-15.1.1
+                                asterisk-15.1.4
 
-                                Date: 2017-11-08
+                                Date: 2017-12-13
 
                            <asteriskteam@digium.com>
 
@@ -30,10 +30,10 @@
 
    Security Advisories:
 
-     * AST-2017-009,AST-2017-010,AST-2017-011
+     * AST-2017-012
 
    The data in this summary reflects changes that have been made since the
-   previous release, asterisk-15.1.0.
+   previous release, asterisk-15.1.3.
 
      ----------------------------------------------------------------------
 
@@ -50,11 +50,9 @@
    issues that they reported that were affected by commits that went into
    this release.
 
-   Coders                   Testers       Reporters                           
-   1 Richard Mudgett                      1 Youngsung Kim at LINE Corporation 
-   1 Kevin Harwell                        1 Richard Mudgett                   
-   1 George Joseph                        1 Kim youngsung                     
-                                          1 Corey Farrell                     
+   Coders                   Testers                  Reporters                
+   1 Joshua Colp                                     1 Tzafrir Cohen          
+                                                     1 Vitezslav Novy         
 
      ----------------------------------------------------------------------
 
@@ -69,37 +67,18 @@
 
     Category: General
 
-   ASTERISK-27319: (Security) Function in PJSIP 2.7 miscalculates the length
-   of an unsigned long variable in 64bit machines
-   Reported by: Kim youngsung
-     * [fd22ce2ed4] George Joseph -- AST-2017-009: pjproject: Add validation
-       of numeric header values
-   ASTERISK-27337: chan_sip: Security vulnerability with client code header
-   (revisited)
-   Reported by: Richard Mudgett
-     * [6fce3fdedd] Richard Mudgett -- AST-2017-010: Fix
-       cdr_object_update_party_b_userfield_cb() buf overrun
+   ASTERISK-27382: crash after an invalid rtcp packet from GT48 FXS gateway
+   Reported by: Tzafrir Cohen
+     * [7543397f50] Joshua Colp -- AST-2017-012: Place single RTCP report
+       block at beginning of report.
 
-    Category: Resources/res_pjsip
+    Category: Resources/res_rtp_asterisk
 
-   ASTERISK-27345: res_pjsip_session: RTP instances leak on 488 responses.
-   Reported by: Corey Farrell
-     * [93e6dd60bb] Kevin Harwell -- AST-2017-011 - res_pjsip_session:
-       session leak when a call is rejected
-
-    Category: Resources/res_pjsip_sdp_rtp
-
-   ASTERISK-27345: res_pjsip_session: RTP instances leak on 488 responses.
-   Reported by: Corey Farrell
-     * [93e6dd60bb] Kevin Harwell -- AST-2017-011 - res_pjsip_session:
-       session leak when a call is rejected
-
-    Category: Resources/res_pjsip_session
-
-   ASTERISK-27345: res_pjsip_session: RTP instances leak on 488 responses.
-   Reported by: Corey Farrell
-     * [93e6dd60bb] Kevin Harwell -- AST-2017-011 - res_pjsip_session:
-       session leak when a call is rejected
+   ASTERISK-27429: res_rtp_asterisk: Multiple reports in an RTCP packet will
+   write past where it should
+   Reported by: Vitezslav Novy
+     * [7543397f50] Joshua Colp -- AST-2017-012: Place single RTCP report
+       block at beginning of report.
 
      ----------------------------------------------------------------------
 
@@ -110,7 +89,4 @@
    This is a summary of the changes to the source code that went into this
    release that was generated using the diffstat utility.
 
- main/cdr.c                                                                                    |    6
- res/res_pjsip_session.c                                                                       |   80
- third-party/pjproject/patches/0090-sip_parser-Add-validity-checking-for-numeric-header-.patch |  828 ++++++++++
- 3 files changed, 874 insertions(+), 40 deletions(-)
+ 0 files changed

channels/chan_skinny.c

@@ -7426,6 +7426,11 @@ static void destroy_session(struct skinnysession *s)
 	}
 	ast_mutex_unlock(&s->lock);
 	ast_mutex_destroy(&s->lock);
+
+	if (s->t != AST_PTHREADT_NULL) {
+		pthread_detach(s->t);
+	}
+
 	ast_free(s);
 }
 
@@ -7512,11 +7517,6 @@ static void *skinny_session(void *data)
 	int eventmessage = 0;
 	struct pollfd fds[1];
 
-	if (!s) {
-		ast_log(LOG_WARNING, "Bad Skinny Session\n");
-		return 0;
-	}
-
 	ast_log(LOG_NOTICE, "Starting Skinny session from %s\n", ast_inet_ntoa(s->sin.sin_addr));
 
 	pthread_cleanup_push(skinny_session_cleanup, s);
@@ -7682,6 +7682,7 @@ static void *accept_thread(void *ignore)
 		s->keepalive_timeout_sched = -1;
 
 		if (ast_pthread_create(&s->t, NULL, skinny_session, s)) {
+			s->t = AST_PTHREADT_NULL;
 			destroy_session(s);
 		}
 	}

res/res_pjsip/pjsip_configuration.c

@@ -1135,11 +1135,11 @@ static int from_user_handler(const struct aco_option *opt,
 {
 	struct ast_sip_endpoint *endpoint = obj;
 	/* Valid non-alphanumeric characters for URI */
-	char *valid_uri_marks = "-_.!~*`()";
+	char *valid_uri_marks = "-._~%!$&'()*+,;=:";
 	const char *val;
 
 	for (val = var->value; *val; val++) {
-		if (!strchr(valid_uri_marks, *val) && !isdigit(*val) && !isalpha(*val)) {
+		if (!isalpha(*val) && !isdigit(*val) && !strchr(valid_uri_marks, *val)) {
 			ast_log(LOG_ERROR, "Error configuring endpoint '%s' - '%s' field "
 			"contains invalid character '%c'\n",
 			ast_sorcery_object_get_id(endpoint), var->name, *val);

res/res_pjsip_registrar.c

@@ -447,11 +447,19 @@ static void remove_excess_contacts(struct ao2_container *contacts, unsigned int
 	AST_VECTOR_FREE(&contact_vec);
 }
 
-static int register_aor_core(pjsip_rx_data *rdata,
+struct aor_core_response {
+	/*! Tx data to use for statefull response.  NULL for stateless response. */
+	pjsip_tx_data *tdata;
+	/*! SIP response code to send in stateless response */
+	int code;
+};
+
+static void register_aor_core(pjsip_rx_data *rdata,
 	struct ast_sip_endpoint *endpoint,
 	struct ast_sip_aor *aor,
 	const char *aor_name,
-	struct ao2_container *contacts)
+	struct ao2_container *contacts,
+	struct aor_core_response *response)
 {
 	static const pj_str_t USER_AGENT = { "User-Agent", 10 };
 
@@ -480,19 +488,19 @@ static int register_aor_core(pjsip_rx_data *rdata,
 
 	if (registrar_validate_contacts(rdata, contacts, aor, &added, &updated, &deleted)) {
 		/* The provided Contact headers do not conform to the specification */
-		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 400, NULL, NULL, NULL);
 		ast_sip_report_failed_acl(endpoint, rdata, "registrar_invalid_contacts_provided");
 		ast_log(LOG_WARNING, "Failed to validate contacts in REGISTER request from '%s'\n",
 				ast_sorcery_object_get_id(endpoint));
-		return PJ_TRUE;
+		response->code = 400;
+		return;
 	}
 
 	if (registrar_validate_path(rdata, aor, &path_str)) {
 		/* Ensure that intervening proxies did not make invalid modifications to the request */
-		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 420, NULL, NULL, NULL);
 		ast_log(LOG_WARNING, "Invalid modifications made to REGISTER request from '%s' by intervening proxy\n",
 				ast_sorcery_object_get_id(endpoint));
-		return PJ_TRUE;
+		response->code = 420;
+		return;
 	}
 
 	if (aor->remove_existing) {
@@ -504,18 +512,18 @@ static int register_aor_core(pjsip_rx_data *rdata,
 	}
 	if (contact_count > aor->max_contacts) {
 		/* Enforce the maximum number of contacts */
-		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 403, NULL, NULL, NULL);
 		ast_sip_report_failed_acl(endpoint, rdata, "registrar_attempt_exceeds_maximum_configured_contacts");
 		ast_log(LOG_WARNING, "Registration attempt from endpoint '%s' to AOR '%s' will exceed max contacts of %u\n",
 				ast_sorcery_object_get_id(endpoint), aor_name, aor->max_contacts);
-		return PJ_TRUE;
+		response->code = 403;
+		return;
 	}
 
 	details.pool = pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(),
 		"Contact Comparison", 256, 256);
 	if (!details.pool) {
-		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 500, NULL, NULL, NULL);
-		return PJ_TRUE;
+		response->code = 500;
+		return;
 	}
 
 	user_agent_hdr = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &USER_AGENT, NULL);
@@ -730,8 +738,8 @@ static int register_aor_core(pjsip_rx_data *rdata,
 	/* Re-retrieve contacts.  Caller will clean up the original container. */
 	contacts = ast_sip_location_retrieve_aor_contacts_nolock(aor);
 	if (!contacts) {
-		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 500, NULL, NULL, NULL);
-		return PJ_TRUE;
+		response->code = 500;
+		return;
 	}
 	response_contact = ao2_callback(contacts, 0, NULL, NULL);
 
@@ -739,7 +747,8 @@ static int register_aor_core(pjsip_rx_data *rdata,
 	if (ast_sip_create_response(rdata, 200, response_contact, &tdata) != PJ_SUCCESS) {
 		ao2_cleanup(response_contact);
 		ao2_cleanup(contacts);
-		return PJ_TRUE;
+		response->code = 500;
+		return;
 	}
 	ao2_cleanup(response_contact);
 
@@ -754,9 +763,7 @@ static int register_aor_core(pjsip_rx_data *rdata,
 		pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr*)expires_hdr);
 	}
 
-	ast_sip_send_stateful_response(rdata, tdata, endpoint);
-
-	return PJ_TRUE;
+	response->tdata = tdata;
 }
 
 static int register_aor(pjsip_rx_data *rdata,
@@ -764,21 +771,32 @@ static int register_aor(pjsip_rx_data *rdata,
 	struct ast_sip_aor *aor,
 	const char *aor_name)
 {
-	int res;
+	struct aor_core_response response = {
+		.code = 500,
+	};
 	struct ao2_container *contacts = NULL;
 
 	ao2_lock(aor);
 	contacts = ast_sip_location_retrieve_aor_contacts_nolock(aor);
 	if (!contacts) {
 		ao2_unlock(aor);
+		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(),
+			rdata, response.code, NULL, NULL, NULL);
 		return PJ_TRUE;
 	}
 
-	res = register_aor_core(rdata, endpoint, aor, aor_name, contacts);
+	register_aor_core(rdata, endpoint, aor, aor_name, contacts, &response);
 	ao2_cleanup(contacts);
 	ao2_unlock(aor);
 
-	return res;
+	/* Now send the REGISTER response to the peer */
+	if (response.tdata) {
+		ast_sip_send_stateful_response(rdata, response.tdata, endpoint);
+	} else {
+		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(),
+			rdata, response.code, NULL, NULL, NULL);
+	}
+	return PJ_TRUE;
 }
 
 static int match_aor(const char *aor_name, const char *id)

res/res_rtp_asterisk.c

@@ -4918,7 +4918,6 @@ static struct ast_frame *ast_rtcp_interpret(struct ast_rtp_instance *instance, c
 	unsigned int first_word;
 	/*! True if we have seen an acceptable SSRC to learn the remote RTCP address */
 	unsigned int ssrc_seen;
-	int report_counter = 0;
 	struct ast_rtp_rtcp_report_block *report_block;
 	struct ast_frame *f = &ast_null_frame;
 
@@ -5162,7 +5161,7 @@ static struct ast_frame *ast_rtcp_interpret(struct ast_rtp_instance *instance, c
 					}
 					return &ast_null_frame;
 				}
-				rtcp_report->report_block[report_counter] = report_block;
+				rtcp_report->report_block[0] = report_block;
 				report_block->source_ssrc = ntohl(rtcpheader[i]);
 				report_block->lost_count.packets = ntohl(rtcpheader[i + 1]) & 0x00ffffff;
 				report_block->lost_count.fraction = ((ntohl(rtcpheader[i + 1]) & 0xff000000) >> 24);
@@ -5199,7 +5198,6 @@ static struct ast_frame *ast_rtcp_interpret(struct ast_rtp_instance *instance, c
 					ast_verbose("  DLSR: %4.4f (sec)\n",(double)report_block->dlsr / 65536.0);
 					ast_verbose("  RTT: %4.4f(sec)\n", rtp->rtcp->rtt);
 				}
-				report_counter++;
 			}
 			/* If and when we handle more than one report block, this should occur outside
 			 * this loop.
@@ -5224,9 +5222,9 @@ static struct ast_frame *ast_rtcp_interpret(struct ast_rtp_instance *instance, c
 				/* There's always a single report block stored, here */
 				struct ast_rtp_rtcp_report *rtcp_report2;
 				report_block = transport_rtp->f.data.ptr + transport_rtp->f.datalen + sizeof(struct ast_rtp_rtcp_report_block *);
-				memcpy(report_block, rtcp_report->report_block[report_counter-1], sizeof(struct ast_rtp_rtcp_report_block));
+				memcpy(report_block, rtcp_report->report_block[0], sizeof(struct ast_rtp_rtcp_report_block));
 				rtcp_report2 = (struct ast_rtp_rtcp_report *)transport_rtp->f.data.ptr;
-				rtcp_report2->report_block[report_counter-1] = report_block;
+				rtcp_report2->report_block[0] = report_block;
 				transport_rtp->f.datalen += sizeof(struct ast_rtp_rtcp_report_block);
 			}
 			transport_rtp->f.offset = AST_FRIENDLY_OFFSET;