841 Commits

Author SHA1 Message Date
Anthony Minessale
9e72c8477f fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto (missing code from last commit) 2014-09-24 01:09:44 +05:00
Anthony Minessale
59e71341db fix possible buffer overrun in websocket uri and sync the ws.c between sofia and verto 2014-09-23 20:17:20 +05:00
Travis Cross
3c32dd3bc9 Return NULL from sub_alloc for zero size
When zero was passed for the size to `sub_alloc`, we were passing this
size on to `malloc` or `calloc`, which is unusual enough that static
analyzers warn about this (POSIX says that either NULL or a pointer
will be returned).

We'll instead just return NULL right away.
2014-08-22 02:47:04 +00:00
Jeff Lenk
571cf932dc fix VS2010 build warning 2014-08-16 18:22:41 -05:00
Anthony Minessale
24413bfa11 copy changes from verto ws.c to sofia 2014-08-16 00:43:25 +05:00
Anthony Minessale
2411550727 add homer capture line to websocket transport 2014-08-11 21:02:25 +05:00
Travis Cross
8414c498cf Fix line endings per .gitattributes 2014-08-08 15:24:42 +00:00
Brian West
327146cecf Fix WS Compile on MSVC2012 2014-07-25 11:34:08 -05:00
Anthony Minessale
6c80281ce9 buffer websocket headers and body before sending to avoid fragmentation 2014-07-17 01:07:57 +05:00
Anthony Minessale
cc75547672 merge ws.c change to sofia 2014-07-12 04:39:41 +05:00
Brian West
fb92ebc8f2 FS-5223 and FS-6603, don't trust docs... sheesh 2014-06-18 08:33:57 -05:00
Brian West
311889634b FS-5223 FS-6603 on platforms that have SO_REUSEPORT it also implies SO_REUSEADDR, On platforms that only have SO_REUSEADDR it seems to imply both in the absence of SO_REUSEPORT. 2014-06-17 21:15:02 -05:00
Anthony Minessale
0685027bd8 FS-6574 --resolve 2014-06-09 14:29:08 -04:00
Michael Jerris
b5a223cd1b CID:1215201 Explicit null dereferenced 2014-05-22 15:39:59 +00:00
Anthony Minessale
f0aa0fc1d8 seek chain cert from wss.pem just cat together the cert, the key and the chain cert into wss.pem 2014-05-20 23:18:38 +05:00
Michael Jerris
77bddb9f9c FS-6538: silence gcc 4.9 throwing incorrect warning 2014-05-20 15:46:46 +00:00
Michael Jerris
f683ac2165 FS-6533: --resolve fix gcc 4.9 warning due to useless right-hand operand of comma expression 2014-05-19 10:36:02 -05:00
Anthony Minessale
88ce7dae1c minor tweak to make ws code work in blocking mode properly when used outside sofia 2014-05-07 06:13:27 +05:00
Natanael Copa
317f4b1442 Fix building with musl libc
POSIX says poll.h and signal.h should not be prefixed with sys/ (ie
poll.h instead of sys/poll.h)

limits.h also defines a TZNAME_MAX so we change name of the define for
spandsp.
2014-05-02 11:20:36 -04:00
Michael Jerris
906467b360 fix log message on sending tport ping over ws to log error in failure cases 2014-05-01 14:20:27 -04:00
Michael Jerris
cfd8d28bc8 silence clang unused function warnings and get rid of some unused functions 2014-05-01 09:03:19 -04:00
Michael Jerris
fc25bbc23c remove unused function 2014-05-01 08:32:23 -04:00
Michael Jerris
b55ba90def fix 2 potential use after free errors 2014-05-01 08:30:52 -04:00
Anthony Minessale
2cdae46b19 FS-6476 regression where sock would sometimes drop while reading logical frames 2014-04-29 18:25:05 -04:00
Anthony Minessale
61e22e8b50 FS-6476 --resolve 2014-04-22 23:25:41 +05:00
Anthony Minessale
bce51017fb FS-6462 --resolve
I found a problem here but it may not completely match your expectations.
I reviewed the RFC 4028 and checked against the code and I discovered we should not be putting a Min-SE in any response at all besides a 422:

section 5:

   The Min-SE header field MUST NOT be used in responses except for
   those with a 422 response code.  It indicates the minimum value of
   the session interval that the server is willing to accept.

I corrected this problem and implemented the 422 response so if you request a value lower than the minimum specified for the profile.
If the value is equal or higher to the minimum, it will be reflected in the Session-Expires header in the response and no Min-SE will be present.
2014-04-17 04:26:43 +05:00
Anthony Minessale
180282cd9a FS-6287 2014-04-04 13:42:13 -05:00
Anthony Minessale
7ea4acaece FS-6426 --resolve 2014-04-03 23:25:48 +05:00
Michael Jerris
f50f04be51 FS-6356: --resolve fix assert when you set the time > 15 days in the future during operation while things are in queue to be processeed 2014-03-28 14:33:47 -04:00
Brian West
74ab9515a4 FS-6294 DragonFly requires this also. 2014-03-21 11:14:15 -05:00
Brian West
16577339be FS-6387 don't fail if your openssl package has been compiled without EC support...LOOKING AT YOU GENTOO 2014-03-20 08:07:53 -05:00
Brian West
c4c0f38aab FS-6294 FS-6308 NetBSD support should work test and report back please. 2014-03-19 14:34:07 -05:00
Brian West
f6d9027282 FS-6375 ifdef for sun in this case 2014-03-18 17:43:46 -05:00
Anthony Minessale
bd1492e43e FS-6287 --resolve 2014-03-17 16:16:42 -05:00
Anthony Minessale
1d28639cac revert revert 2014-03-17 16:15:59 -05:00
Brian West
be1efcc1fa Revert 6e818216e2e615f3241a34253cdea8ee316d9e88, from FS-6287 as it breaks challenge to invites we don't come back and respond 2014-03-17 15:03:08 -05:00
Michael Jerris
340b697e1b FS-6341: --resolve add 3pcc invite w/o sdp support for 100rel/PRACK 2014-03-17 12:27:42 -04:00
Travis Cross
19fc943f59 Mitigate the CRIME TLS flaw
If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.

This is CVE-2012-4929.

FS-6360 --resolve

Thanks-to: Brian West <brian@freeswitch.org>
2014-03-16 16:24:58 +00:00
Anthony Minessale
6e818216e2 FS-6287 --resolve When a broken registrar sends a 401 unauth then replies with a subsequent 401 unauth without the stale=true attribute, sofia tries to invalidate the auth handle and get stuck in a state where it cannot recover until the reg handle is destroyed. In this case, the provider in question has a bug on thier end when the nonce count rolls from nc=000000ff to nc=00000100 they start sending several consecitive 401 rather than a 401 with stale=true or a 403. This change will allow it to reset properly and try again with nc=00000001 on the next try. 2014-03-14 12:25:48 -05:00
Anthony Minessale
9fd30a2cd9 FS-6339 --resolve 2014-03-11 18:16:23 -05:00
Michael Jerris
2513388d8a clean up some bootstrap warnings 2014-03-07 18:36:26 -05:00
Travis Cross
1990d10057 Reword the websocket TLS cipher list
This generates an identical list of cipher suites, but this commit
restates the cipher spec to be more similar to the way we state it
elsewhere.
2014-03-05 21:37:30 +00:00
Travis Cross
6a3dcc9e0f Drop null-auth suites from our default TLS cipher list
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites.  In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
2014-03-05 21:37:30 +00:00
Anthony Minessale
4cf14bce50 FS-5814 2014-03-06 00:31:10 +05:00
Anthony Minessale
fe2a4bfa53 FS-5814 2014-03-05 13:12:02 -06:00
Anthony Minessale
7cb91467e0 FS-5814 --resolve 2014-03-06 00:02:40 +05:00
Anthony Minessale
066de4b378 Port commit from gitorious copy of sofia-sip our code now differs but this issue would still be a concern for OS X
commit ee51fa4e2993ab71339e29691aec8b924c810c53
Author: Frode Isaksen <frode.isaksen@bewan.com>
Date:   Thu Aug 18 16:40:58 2011 +0300

    su: fix su_time() on 64-bit OS X

        The field tv_sec in struct timeval is 64bits instead of 32bits as in
	    su_time_t, so you cannot cast su_time_t to struct timeval.
2014-03-05 10:25:39 -06:00
Travis Cross
d5760e0d6a Show TLS cipher suite selected in sofia debug
This shows the cipher name, TLS version, the number of cipher bits and
algorithm bits, and a description of the cipher in Sofia's debug
logging output on level 9.
2014-02-28 20:46:34 +00:00
Anthony Minessale
55901ae0f1 FS-6168 --resolve 2014-02-28 23:30:42 +05:00
Moises Silva
461f94870f Merge remote-tracking branch 'origin/master' into moy/tport-log-fix 2014-02-24 19:39:17 -05:00