Commit Graph

27595 Commits

Author SHA1 Message Date
Travis Cross 9ea93c4c50 Avoid buffer over-read on null cipher AEAD
In the defined AEAD modes, SRTP packets must always be encrypted and
authenticated, but SRTCP packets may be only authenticated.  It's
possible, therefore, for us to end up in `srtp_protect_aead()` without
the `sec_serv_conf` bit being set.  We should just ignore this and
encrypt the RTP packet anyway.

What we are doing instead is encrypting the packet anyway, but setting
`enc_start` to NULL first.  This causes `aad_len` to underflow which
will cause us to over-read in `cipher_set_aad()`.

If we could get past that, we would try to read and write memory
starting at 0x0 down in `cipher_encrypt()`.

This commit causes us to not check the `sec_serv_conf` bit and never
set `enc_start` to NULL in `srtp_protect_aead()`.

`srtp_unprotect_aead()` does not contain a similar error.
2014-06-30 19:00:35 +00:00
Travis Cross 3bf2b9af75 Prevent buffer overflow from untrusted RTP/SRTP lengths
When computing the start address of the RTP data to encrypt or SRTP
data to decrypt (`enc_start`), we are using `hdr->cc` (the CSRC
count), which is untrusted data from the packet, and the length field
of an RTP header extension, which is also untrusted and unchecked data
from the packet.

This value then pollutes our calculation of how much data we'll be
encrypting or decrypting (`enc_octet_len`), possibly causing us to
underflow.

We'll then call `cipher_encrypt()` or `cipher_decrypt()` with these
two values, causing us to read from and write to arbitrary addresses
in memory.

(In the AEAD functions, we'd also pollute `aad_len`, which would cause
us to read undefined memory in `cipher_set_aad`.)

This commit adds checks to verify that the `enc_start` we calculate is
sane based on the actual packet length.
2014-06-30 19:00:35 +00:00
Travis Cross d2aaf15992 Fix misspelling in comment 2014-06-30 19:00:34 +00:00
Anthony Minessale 2423fc7d0f FS-6540 This should proxy all refers now, the param has changed to proxy-refer 2014-06-30 12:53:22 -05:00
Anthony Minessale 7f9348dbc3 fix volume adjustments in stereo conference 2014-06-30 23:39:42 +05:00
Anthony Minessale 41a7d1cf31 some refactoring to make new stereo stuff more stable 2014-06-30 23:00:45 +05:00
Anthony Minessale 591ea9e9ca tweaks 2014-06-30 04:39:46 +05:00
Anthony Minessale 0bb7f1659f check for member channel 2014-06-30 01:59:21 +05:00
Travis Cross c1f1f8b98e Check for too many SRTP errors before warning
We're checking whether we've hit the warning threshold before checking
whether we should just end the call.  This causes an off-by-one error
where we take one SRTP error more than intended.

This commit reverses the order of the tests.
2014-06-29 20:49:46 +00:00
Anthony Minessale 0ac78cacc3 add openal code to mod_conference 2014-06-30 01:23:08 +05:00
Anthony Minessale 810717cae0 check for proper openal symbol to enable functionality 2014-06-30 01:23:07 +05:00
Anthony Minessale 1a56298c53 add 44.1khz codec defs 2014-06-30 01:23:07 +05:00
Anthony Minessale 1ef5d114f5 adjust ringing var 2014-06-30 01:23:07 +05:00
Steve Underwood c3798dbb02 FAX tweaks 2014-06-29 02:11:25 +08:00
Steve Underwood ad1e7e9632 Fixed updating of the modem type after a FAX ECM CTC. 2014-06-28 16:43:05 +08:00
Travis Cross 7741f403f1 Handle SRTP_READ_ERROR in mod_rayo 2014-06-28 06:42:57 +00:00
Travis Cross f31641f4bf Allow more SRTP errors before killing call
In a carrier interop we saw the call get killed for SRTP failures
during a reinvite.  We're wondering if the SRTP errors may have been
transitory and if it may have recovered after a few more packets.

It's debatable whether we should kill calls at all for SRTP auth
failures; semantically the right thing to do when a MAC fails is to
ignore the packet completely.  So raising this limit to 100 packets
shouldn't do any harm.  With this change we still warn at 10 errors
and every 10 errors thereafter.
2014-06-28 03:57:20 +00:00
Travis Cross 7406be6927 Relay cause of hangup on SRTP failure
We hangup the channel after receiving 10 SRTP packets in a row with a
bad auth tag or that are replayed.  Prior to this commit we were
indicating a normal clearing.  When doing interop and looking first at
packet traces, this made freeswitch's behavior look surprising.  With
this commit we'll indicate more loudly what's happening.
2014-06-28 01:18:50 +00:00
Travis Cross 52892b312a Fix misspelled function
switch_rtp_set_invalid_handler has been misspelled as
switch_rtp_set_invald_handler going all the way back to the
beginning.  So while it's possible that someone somewhere could be
relying on this misspelling, I think it's more likely that no one has
used it much and that's why it wasn't spotted.  We don't even use it
ourselves anywhere anymore.

Introduced in commit: 828e03715f
2014-06-28 00:32:41 +00:00
Travis Cross fc247a223f Add editor footer to core files missing it 2014-06-27 23:55:27 +00:00
Travis Cross 52fb53cba4 Allow reincarnation from mod_sofia's shutdown-on-fail
mod_sofia's parameter shutdown-on-fail now accepts the value
"reincarnate-now".  This will cause the switch to exit immediately
with a non-zero exit code so that the supervisor can recover the
switch.  For this to work you have to pass in -reincarnate or
-reincarnate-reexec to freeswitch.
2014-06-27 22:18:39 +00:00
Travis Cross 80ed14ab3e Ensure mod_sofia params can be unset or reset
This is the result of auditing each mod_sofia profile parameter to
ensure that it can be unset or reset after being set.  One use-case
for this being done correctly is so a later parameter in a
configuration file can reliably override an earlier one, which is
useful for setups with layered include files.
2014-06-26 09:04:56 +00:00
Travis Cross 75feed68fc Avoid leaking memory on sofia profile reload
We were leaking the string values of apply-candidate-acl parameters.
2014-06-26 08:39:55 +00:00
Travis Cross 63351a1061 Terminate format_cdr json files with newline
In UNIX, text files by definition end with a newline.
2014-06-25 23:30:54 +00:00
Travis Cross d5fa28417e Allow setting format of log filename in format_cdr
This commit allows you to set a `log-file` string parameter in a
format_cdr profile.  This string is a template that may (and should!)
contain variables.  This template will be expanded and used as the
file name of the CDR to be written.  This parameter should contain
only the template for the file name itself; the path is relative to
the `log-dir`.
2014-06-25 23:22:34 +00:00
Travis Cross f7b4ec617a Allow SIP UPDATE messages without display updates
Previously if send-display-update was set to false we would also
remove UPDATE from our Allow: headers.  This is unnecessary.  The
UPDATE message is useful in SIP transactions even if we're not sending
display updates.

With this commit, we add a new boolean profile flag, allow-update.  If
set to true we'll send Allow: UPDATE.  If set to false, we will not.
If there is a conflict with another setting that requires UPDATE
support, the allow-update parameter will win and a warning will be
printed.

ref: RFC 3311
2014-06-25 20:43:29 +00:00
Anthony Minessale ba784f2548 skip update on member channels with no json 2014-06-25 13:40:50 -05:00
Anthony Minessale b9a51bbf91 FS-6632 Trying to actually use opus in stereo broke pretending to use it in stereo 2014-06-25 21:19:07 +05:00
Anthony Minessale 062b7c6e3d duh, the code to parse the codec params from the config file wasn't there 2014-06-25 21:19:07 +05:00
Anthony Minessale c71f89a39b FS-6627 2014-06-24 15:42:07 -05:00
Brian West 1a58f05891 FS-6621 2014-06-24 14:13:10 -05:00
Seven Du 6540068faa fix compiler warning 2014-06-24 09:10:34 +08:00
Travis Cross af4f1045b8 Create freeswitch-timezones debian package
This installs the timezone file such that configurations can reference
it rather than copying it.
2014-06-24 00:39:14 +00:00
Anthony Minessale 25c0f7d00c FS-6440 regression from this patch on single CPU or VM machines causes startup race 2014-06-23 23:55:52 +05:00
William King 985ce5729b Change to ncwait so that the service start script will block until FS is actually started 2014-06-23 10:03:53 -05:00
Steve Underwood 557f1d05ac Fixed issue handling modem renegotiation when a T.30 CTC message is received.
Please enter the commit message for your changes. Lines starting
2014-06-23 08:51:41 +08:00
Eliot Gable b21f34bffc Clarify error message. 2014-06-21 19:16:50 +00:00
Anthony Minessale 918c68accf -rp is not an ok default option it should not be used in normal circumstances it forces an unsafe environment with realtime threads on single cpu systems. Real time mode will enable by default on systems with enough cpus 2014-06-21 21:42:46 +05:00
Brian West 058ef6923b FS-6617 fix compile error 2014-06-21 11:04:53 -05:00
Anthony Minessale 47891d5caa swap 2014-06-21 05:32:22 +05:00
Anthony Minessale f95acb5a53 check in raw verto js files and directory structure for development 2014-06-21 05:26:06 +05:00
Anthony Minessale 011e069652 fix recording in stereo conferences 2014-06-20 23:53:22 +05:00
Brian West 8f47f403fd FS-6612: Don't use rport in tcp or tls 2014-06-20 10:23:05 -05:00
Brian West 0293d58406 Exclude ftmod_ as those are submodules of mod_freetdm 2014-06-20 10:23:05 -05:00
Anthony Minessale ffa09cd1e7 various verto cleanups and fix a race in double event delivery thread creation 2014-06-20 19:21:56 +05:00
Anthony Minessale faeb00368e verto bug fixing in codec negotiation and some stereo codec stuff 2014-06-20 01:41:28 +05:00
Steve Underwood b15f373cd9 Tweaks 2014-06-20 02:58:33 +08:00
Anthony Minessale f7c6c90749 fix null strcmp 2014-06-19 23:37:39 +05:00
Michael Jerris e9633a8b60 FS-6609: use config.status to reconf srtp so it doesn't loose the settings from the initial configure 2014-06-19 13:16:57 -04:00
Steve Underwood b780371943 Improved TSB85 tests, which now check call clearing.
FAX now differentiates properly between <page result code> and <image> <page resuly code> when deciding how to retry.
2014-06-20 00:24:10 +08:00