| Age | Commit message (Collapse) | Author |
|---|
|
overrun" into 15
|
|
|
|
A previous commit made it so when an invite session transitioned into a
disconnected state destruction of the Asterisk pjsip session object was
postponed until either a transport error occurred or the event timer
expired. However, if a call was rejected (for instance a 488) before the
session was fully established the event timer may not have been initiated,
or it was canceled without triggering either of the session finalizing states
mentioned above.
Really the only time destruction of the session should be delayed is when a
BYE is being transacted. This is because it's possible in some cases for the
session to be disconnected, but the BYE is still transacting.
This patch makes it so the session object always gets released (no more
memory leak) when the pjsip session is in a disconnected state. Except when
the method is a BYE. Then it waits until a transport error occurs or an event
timeout.
ASTERISK-27345 #close
Reported by: Corey Farrell
Change-Id: I1e724737b758c20ac76d19d3611e3d2876ae10ed
|
|
cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long. The long string could be supplied by
external means using the CDR(userfield) function.
This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.
ASTERISK-27337
Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
|
|
Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: I68ece0073ea79667ca41eb10405f516f1d30d482
|
|
Change-Id: I41e8d5183ace284095cc721f3b1fb32ade3f940f
|
|
* Pre-initialize cloned media state vectors to final size to ensure
vector errors cannot happen later in the clone initialization.
* Release session_media on vector replace failure in
ast_sip_session_media_state_add.
* Release clone and media_state in ast_sip_session_refresh if we fail to
append to the stream topology, return an error.
Change-Id: Ib5ffc9b198683fa7e9bf166d74d30c1334c23acb
|
|
into 15
|
|
|
|
|
|
into 15
|
|
|
|
|
|
into 15
|
|
|
|
|
|
One of the patches for ASTERISK_27147 introduced a deadlock regression.
When the connection oriented transport shut down, the code attempted to
remove the associated contact. However, that same transport had just
requested a registration that we hadn't responded to yet. Depending
upon timing we could deadlock.
* Made send the REGISTER response after we completed processing the
request contacts and released the AOR lock to avoid the deadlock.
ASTERISK-27391
Change-Id: I89a90f87cb7a02facbafb44c75d8845f93417364
|
|
|
|
Free memory and return error if ast_stream_topology_set_stream fails.
Change-Id: I9f4dbf44bed627243d2f1dd8aea2eab6c38a028d
|
|
Change-Id: I81b2587427c6982aa3e2a3f9ad69cce8d316eb10
|
|
ast_stream_topology_set_stream had suppressed error codes from
AST_VECTOR_APPEND. The result of AST_VECTOR_APPEND needs to be returned
to the caller so they can take appropriate action on the stream.
Change-Id: I6c0d12755743eadba1357f6153526cc055592856
|
|
* res/stasis/app.c JSON passed to app_send needs to be released.
* res/stasis_message.c: objects leak if vector append fails.
Change-Id: I8dd5385b9f50a5cadf2b1d16efecffd6ddb4db4a
|
|
|
|
Asterisk will crash if contact uri is invalid, so contact_apply_handler
should check if the uri is NULL or empty.
ASTERISK-27393 #close
Reported-by: Aaron An
Tested-by: AaronAn
Change-Id: Ia0309bdc6b697c73c9c736e1caec910b77ca69f5
|
|
|
|
|
|
|
|
|
|
Change-Id: I74688038e7afe3a279359cce53aadb28ade51ead
|
|
|
|
Change-Id: I774b88b3c9da41edd4dc8d78f095481f52f2bd46
|
|
Release reference to publisher if we fail to add it to the vector.
Change-Id: I64dff3f481b67b9884f37cadba7a5ccf23d084f3
|
|
wizard_apply_handler():
- Free host if we fail to add it to the vector.
wizard_mapped_observer():
- Check for otw allocation failure.
- Free otw if we fail to add it to the vector.
Change-Id: Ib5d3bcabbd9c24dd8a3c9cc692a794a5f60243ad
|
|
Free resources and return error if we fail to append the vector in
stasis_app_control_play_uri.
Change-Id: I22c4a90dd859b253f2850c6511de48b25609422b
|
|
Cleanup resources when we fail to append the vector and report test
failure.
Change-Id: I6eb41586fd11dee8c0dfe35e91cb465a4cab7298
|
|
Change-Id: Ib0fc7a18f3135ca8990c3984c9e15f6d26e556e8
|
|
Change-Id: I076c7bd207c7989a23005395ce1735392657be65
|
|
When stasis_app_message_handler needs to queue a message for a later
connection it needs to bump the message reference so it doesn't get
freed when the caller releases it's reference.
Change-Id: I82696df8fe723b3365c15c3f7089501da8daa892
|
|
Change-Id: I3e5cc669169aab6175ddfaf7486edeaeb4fdcfb1
|
|
Check for errors from AST_VECTOR_REPLACE and clean memory if needed.
Change-Id: I124d15cc1d645f85a72a1279f623c1993b304b0b
|
|
This resolves potentials leaks on AST_VECTOR_APPEND error in:
* ast_context_add_include2
* ast_context_add_switch2
* ast_context_add_ignorepat2
Change-Id: Ib60e95c4f622fa3b832d87227c0523a695d736b6
|
|
Message tech and handler registrations use a vector which could fail to
expand. If it does log and error and return error.
Change-Id: I593a8de81a07fb0452e9b0efd5d4018b77bca6f4
|
|
format_cap_framed_init can fail on AST_VECTOR_APPEND. This should
report failure to the caller and clean the newly allocated frame.
Change-Id: Ica0661235bf09497bf23d844ceb01f21b41a55b0
|
