Age | Commit message (Collapse) | Author |
|
Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
|
|
|
|
into 13
|
|
Change-Id: I68ece0073ea79667ca41eb10405f516f1d30d482
|
|
Change-Id: I41e8d5183ace284095cc721f3b1fb32ade3f940f
|
|
|
|
into 13
|
|
|
|
|
|
|
|
|
|
|
|
One of the patches for ASTERISK_27147 introduced a deadlock regression.
When the connection oriented transport shut down, the code attempted to
remove the associated contact. However, that same transport had just
requested a registration that we hadn't responded to yet. Depending
upon timing we could deadlock.
* Made send the REGISTER response after we completed processing the
request contacts and released the named AOR lock to avoid the deadlock.
ASTERISK-27391
Change-Id: I89a90f87cb7a02facbafb44c75d8845f93417364
|
|
|
|
* res/stasis/app.c JSON passed to app_send needs to be released.
* res/stasis_message.c: objects leak if vector append fails.
Change-Id: I8dd5385b9f50a5cadf2b1d16efecffd6ddb4db4a
|
|
|
|
Asterisk will crash if contact uri is invalid, so contact_apply_handler
should check if the uri is NULL or empty.
ASTERISK-27393 #close
Reported-by: Aaron An
Tested-by: AaronAn
Change-Id: Ia0309bdc6b697c73c9c736e1caec910b77ca69f5
|
|
|
|
|
|
|
|
Change-Id: I74688038e7afe3a279359cce53aadb28ade51ead
|
|
|
|
|
|
Change-Id: I774b88b3c9da41edd4dc8d78f095481f52f2bd46
|
|
wizard_apply_handler():
- Free host if we fail to add it to the vector.
wizard_mapped_observer():
- Check for otw allocation failure.
- Free otw if we fail to add it to the vector.
Change-Id: Ib5d3bcabbd9c24dd8a3c9cc692a794a5f60243ad
|
|
Cleanup resources when we fail to append the vector and report test
failure.
Change-Id: I6eb41586fd11dee8c0dfe35e91cb465a4cab7298
|
|
Change-Id: Ib0fc7a18f3135ca8990c3984c9e15f6d26e556e8
|
|
Change-Id: I076c7bd207c7989a23005395ce1735392657be65
|
|
Change-Id: I3e5cc669169aab6175ddfaf7486edeaeb4fdcfb1
|
|
Check for errors from AST_VECTOR_REPLACE and clean memory if needed.
Change-Id: I124d15cc1d645f85a72a1279f623c1993b304b0b
|
|
Message tech and handler registrations use a vector which could fail to
expand. If it does log and error and return error.
Change-Id: I593a8de81a07fb0452e9b0efd5d4018b77bca6f4
|
|
format_cap_framed_init can fail on AST_VECTOR_APPEND. This should
report failure to the caller and clean the newly allocated frame.
Change-Id: Ica0661235bf09497bf23d844ceb01f21b41a55b0
|
|
Change-Id: I46de4c968d40144d5b049966304ff66c1469fb65
|
|
The internal CLI command "_command complete" was last used by Asterisk
0.2.0. Since then we've been using "_command nummatches" and "_command
matchesarray".
Change-Id: I682fe1e21a24a3bb5bd04146e639f1c5866bcfce
|
|
Change-Id: Ib1181a36b317c86bff1ef2e44a17a0b1c73cfdc8
|
|
This change makes it so that any user of the pubsub
API that requests the remote URI receives only the URI.
Previously the entire string was returned, which could
contain a display name.
ASTERISK-27290
Change-Id: If1d0cd6630f0a264856d31d2a67933109187a017
|
|
Change-Id: I28b458b3c1a442c4ef0be7b4986a95ea4149e14f
|
|
* Eliminate RAII_VAR()
* Short circuit application name lookup if global debug enabled.
Change-Id: I5f78b7bd6ca7fd2c3b07cbbe036c6a93b4681123
|
|
When (v)asprintf() fails, the state of the allocated buffer is undefined.
The library had better not leave an allocated buffer as a result or no one
will know to free it. The most likely way it can return failure is for an
allocation failure. If the printf conversion fails then you actually have
a threading problem which is much worse because another thread modified
the parameter values.
* Made __ast_asprintf()/__ast_vasprintf() set the returned buffer to NULL
on failure. That is much more useful than either an uninitialized pointer
or a pointer that has already been freed. Many uses won't have to check
for failure to ensure that the buffer won't be double freed or prevent an
attempt to free an uninitialized pointer.
* stasis.c: Fixed memory leak in multi_object_blob_to_ami() allocated by
ast_asprintf().
* ari/resource_bridges.c:ari_bridges_play_helper(): Remove assignment to
the wrong thing which is now not needed even if assigning to the right
thing.
Change-Id: Ib5252fb8850ecf0f78ed0ee2ca0796bda7e91c23
|
|
|
|
|
|
|
|
|
|
|
|
When using realtime, fields that are not explicitly set by an
administrator are still presented to sorcery as empty strings. Handle
this case explicitly.
In this particular case, if any of these fields are required for TLS
support, their existence should be validated in the 'apply' handler once
we have a complete transport definition.
ASTERISK-27032 #close
Reported by: seanchann.zhou
Change-Id: Ie3b5fb421977ccdb33e415d4ec52c3fd192601b7
|
|
|
|
|
|
into 13
|
|
Asterisk can be compiled without a SSL/TLS library, without the Development
Headers of OpenSSL. However, if TLS (SIP) or Secure-WebSockets (WebRTC) was
enabled in a configuration file, Asterisk did not notice the user. Asterisk
failed silently, only the corresponding TCP ports were not open.
ASTERISK-27394
Reported-by: mossley74
Change-Id: Ib8b7539a5b2af8154c22e5f7a40fc68f95d95b93
|
|
This check is being added to make it easier for end-users of third party
open source Opus modules. This was removed by ASTERISK-26426 but only
the module needed to be removed.
Change-Id: I62b9cd0c4fa8a77596ab0e042948a643a1152677
|