| Age | Commit message (Collapse) | Author |
|---|
|
Log a message to security events when an INVITE is received to an
invalid extension.
ASTERISK-25869 #close
Change-Id: I0da40cd7c2206c825c2f0d4e172275df331fcc8f
|
|
|
|
This is a partial fix for ASTERISK~25817 but does not address the
comments regarding RFC 5626.
Change-Id: I227e2d10c0035bbfa1c6e46ae2318fd1122d8420
|
|
Stripping the DNID in a SIP dial string can result in attempting to call
the argument parsing macros on an empty string, causing a crash.
ASTERISK-26131 #close
Reported by: Dwayne Hubbard
Patches:
dw-asterisk-master-dnid-crash.patch (license #6257) patch
uploaded by Dwayne Hubbard
Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
|
|
ASTERISK-27434
Change-Id: Iaeed89b4fa05d94c5f0ec2d3b7cd6e93d2d5a8f7
|
|
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
|
|
When chan_sip receives a SUBSCRIBE request with no "Expires" header it
processes the request as an unsubscribe. This is incorrect, per RFC3264
when the "Expires" header is missing a default expiry should be used.
ASTERISK-18140
Change-Id: Ibf6dcd4fdd07a32c2bc38be1dd557981f08188b5
|
|
This matches the behavior of the other SIP channel driver, chan_pjsip.
ASTERISK-27365
Change-Id: I8f23a51290a58b75816da2999ed1965441dfc5d6
|
|
When sip.conf contains 'sipdebug=yes' it is impossible to disable it
using CLI 'sip set debug off'. This corrects the output of that CLI
command to instruct the user to turn sipdebug off in the configuration
file.
ASTERISK-23462 #close
Change-Id: I1cceade9caa9578e1b060feb832e3495ef5ad318
|
|
Currently privacy requests are only granted if the Privacy header
value is exactly "id" (defined in RFC 3325). It ignores any other
possible value (or a combination there of). This patch reverses the
logic from testing for "id" to grant privacy, to testing for "none" and
granting privacy for any other value. "none" must not be used in
combination with any other value (RFC 3323 section 4.2).
ASTERISK-27284 #close
Change-Id: If438a21f31a962da32d7a33ff33bdeb1e776fe56
|
|
|
|
In handle_request_invite, when processing a pickup, a call
is made to get_sip_pvt_from_replaces to locate the pvt for
the subscription. The pvt is assumed to be valid when zero
is returned indicating no error, and is dereferenced which
can cause a crash if it was not found.
This change checks the not found case and returns -1 which
allows the calling code to fail appropriately.
ASTERISK-27217 #close
Reported-by: Bryan Walters
Change-Id: I6bee92b8b8b85fcac3fd66f8c00ab18bc1765612
|
|
If directmedia=yes is configured, when call is answered, Asterisk sends reINVITE
to both parties to set up media path directly between the endpoints.
In this reINVITE msg SDP origin line (o=) contains IP address of endpoint
instead of IP of asterisk. This behavior violates RFC3264, sec 8:
"When issuing an offer that modifies the session,
the "o=" line of the new SDP MUST be identical to that in the
previous SDP, except that the version in the origin field MUST
increment by one from the previous SDP."
This patch assures IP address of Asterisk is always sent in
SDP origin line.
ASTERISK-17540
Reported by: saghul
Change-Id: I533a047490c43dcff32eeca8378b2ba02345b64e
|
|
GCC 7 has added capability to produce warnings, this fixes most of those
warnings. The specific warnings are disabled in a few places:
* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().
ASTERISK-27156 #close
Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
|
|
|
|
|
|
This API was not actively maintained, was not added to new modules
(such as res_pjsip), and there exist better alternatives to acquire the
same information, such as the ARI.
Change-Id: I4b2185a83aeb74798b4ad43ff8f89f971096aa83
|
|
When sip.conf contained tcpenable=yes and autodomain=yes, the TCP domain was
added in any case, because of a local Boolean-negation error of the return value
of ast_sockaddr_cmp. After fixing this error for TCP and TLS, the TLS domain was
still always added with tlsenable=yes, because the domains were not compared
just on the address but also on the port – and TLS is always on a different port
than UDP/TCP.
ASTERISK-27106
Change-Id: I14fe9e319e238320b094016980445ef3a5b3337c
|
|
Because of a copy-and-paste error when the struct ast_sockaddr changed,
tlsbindaddr was not added, when sip.conf contained autodomain=yes; see
"show sip domains" on the command-line interface (CLI) of Asterisk.
ASTERISK-27106
Change-Id: I3d0957150017c223136968ef1266f275d0d6695e
|
|
If we are offered or are offering RTCP-MUX, don't consider RTCP ICE
candidates. This confuses certain browsers (current Firefox for
example) and causes intial audio setup delays.
ASTERISK-26982 #close
Change-Id: Ifeaf47e83972fe8dbe58b7fb3d6d1823400cfb91
|
|
Return cahnnel nativeformats to fix bridge technology selection process.
Same approach as in pjsip module.
ASTERISK-26143
Reported-by: Henning Holtschneider
Change-Id: I64e863753954d6ad67a9e722df2ebc328705ad48
|
|
connections"
|
|
|
|
|
|
For outgoing TCP connections, Asterisk uses the first IP address of the
interface instead of the IP address we asked him to bind to.
ASTERISK-26922 #close
Reported-by: Ksenia
Change-Id: I43c71ca89211dbf1838e5bcdb9be8d06d98e54eb
|
|
Some equipments may send a re-INVITE containing an SDP in the final ACK
request. If this happens in the context of direct media, the remote end
should be updated with a re-INVITE.
This patch queues an "update RTP peer" frame to trigger the re-INVITE,
instead of the "source change" frame wich was used previously.
ASTERISK-26951
Change-Id: I3644d2025f20e086ea9f8f62b486172c52b5b2e6
|
|
This saves around 100 bytes when G.711, G.722, G.729, and GSM are advertised in
SDP. This reduces the chance to hit the MTU bearer of 1300 bytes for SIP over
UDP, if many codecs are allowed in Asterisk. This new feature is enabled
together with the optional feature compact_headers=yes via the file pjsip.conf.
ASTERISK-26932 #close
Change-Id: Iaa556ab4c8325cd34c334387ab2847fab07b1689
|
|
In all non-pbx modules, AST_MODULE_LOAD_FAILURE has been changed
to AST_MODULE_LOAD_DECLINE. This prevents asterisk from exiting
if a module can't be loaded. If the user wishes to retain the
FAILURE behavior for a specific module, they can use the "require"
or "preload-require" keyword in modules.conf.
A new API was added to logger: ast_is_logger_initialized(). This
allows asterisk.c/check_init() to print to the error log once the
logger subsystem is ready instead of just to stdout. If something
does fail before the logger is initialized, we now print to stderr
instead of stdout.
Change-Id: I5f4b50623d9b5a6cb7c5624a8c5c1274c13b2b25
|
|
SIP user-agents indicate which protocol extensions are allowed in headers
like Supported and Required. Such protocol extensions are Session Timers
(RFC 4028) for example. Session Timers are supported since Mantis-10665.
Since ASTERISK-21721, not only the first but multiple Supported/Required
headers in a message are parsed. In that change, an existing variable was
re-used within a newly added do-loop. Currently, at the end of that loop,
that variable is an empty string always. Previously, that variable was used
within log output. However, the log output was not changed.
ASTERISK-26915 #close
Change-Id: I09315f31b4d78fb214bb2a9fb6c0f5e143eae990
|
|
ASTERISK-26846 #close
Change-Id: I541a1602ff55ab73684e9f8002edb9e0e745d639
|
|
When receiving a 422 response, the invitestate variable must be reset to
INV_CALLING.
ASTERISK-26841
Change-Id: Ia0502d6b02192664cefa4e75bafdd2645ce56099
|
|
* manager.c:manager_state_cb() Fix potential use of uninitialized hint[]
if a hint does not exist for the requested extension. Ran into this when
developing a testsuite test. The AMI event ExtensionStatus came out with
the hint header value containing garbage. The AMI event PresenceStatus
also had the same issue.
* manager.c:action_extensionstate() no need to completely initialize the
hint[]. Only initialize the first element.
* pbx.c:ast_add_hint() Remove unnecessary assignment.
* chan_sip.c: Eliminate an unneeded hint[] local variable. We only care
about the return value of ast_get_hint() there.
Change-Id: Ia9a8786f01f93f1f917200f0a50bead0319af97b
|
|
|
|
* app_minivm: Use built-in completion facilities to complete optional
arguments.
* app_voicemail: Use built-in completion facilities to complete
optional arguments.
* app_confbridge: Add missing colons after 'Usage' text.
* chan_alsa: Use built-in completion facilities to complete optional
arguments.
* chan_sip: Use built-in completion facilities to complete optional
arguments. Add completions for 'load' for 'sip show user', 'sip show
peer', and 'sip qualify peer.'
* chan_skinny: Correct and extend completions for 'skinny reset' and
'skinny show line.'
* func_odbc: Correct completions for 'odbc read' and 'odbc write'
* main/astmm: Use built-in completion facilities to complete arguments
for 'memory' commands.
* main/bridge: Correct completions for 'bridge kick.'
* main/ccss: Use built-in completion facilities to complete arguments
for 'cc cancel' command.
* main/cli: Add 'all' completion for 'channel request hangup.' Correct
completions for 'core set debug channel.' Correct completions for 'core
show calls.'
* main/pbx_app: Remove redundant completions for 'core show
applications.'
* main/pbx_hangup_handler: Remove unused completions for 'core show
hanguphandlers all.'
* res_sorcery_memory_cache: Add completion for 'reload' argument of
'sorcery memory cache stale' and properly implement.
Change-Id: Iee58c7392f6fec34ad9d596109117af87697bbca
|
|
We shouldn't unlock the channel after starting a snapshot staging because
another thread may interfere and do its own snapshot staging.
* app_dial.c:dial_exec_full() made hold the channel lock while setting up
the outgoing channel staging. Made hold the channel lock after the called
party answers while updating the caller channel staging.
* chan_sip.c:sip_new() completed the channel staging on off-nominal exit.
Also we need to use ast_hangup() instead of ast_channel_unref() at that
location.
* channel.c:__ast_channel_alloc_ap() added a comment about not needing to
complete the channel snapshot staging on off-nominal exit paths.
* rtp_engine.c:ast_rtp_instance_set_stats_vars() made hold the channel
locks while staging the channels for the stats channel variables.
Change-Id: Iefb6336893163f6447bad65568722ad5d5d8212a
|
|
The escalator works by creating a set of startup commands in cli.conf
that set up logger channels and issue the debug commands for the
subsystems specified. If asterisk is running when it is executed,
the same commands will be issued to the running instance. The original
cli.conf is saved before any changes are made and can be restored by
executing '$prog --reset'.
The log output will be stored in...
$astlogdir/message.$uniqueid
$astlogdir/debug.$uniqueid
$astlogdir/dtmf.$uniqueid
$astlogdir/fax.$uniqueid
$astlogdir/security.$uniqueid
$astlogdir/pjsip_history.$uniqueid
$astlogdir/sip_history.$uniqueid
Some minor tweaks were made to chan_sip, and res_pjsip_history
so their history output could be send to a log channel as packets
are captured.
A minor tweak was also made to manager so events are output to verbose
when "manager set debug on" is issued.
Change-Id: I799f8e5013b86dc5282961b27383d134bf09e543
|
|
After a SIP_CODEC_INBOUND in the dialplan, do not continue with cached formats
but remember the joint format. Cached formats contain default parameters,
often create an empty fmtp line. However, a joint format might have passed
format_get_joint(.) in a res_format_attr_* module (like Opus Codec) and
contain the resulting format parameters from a SDP negotiation.
ASTERISK-26691 #close
Change-Id: I35712d98a793d4c3efdd156cec57deab9014b1dc
|
|
In some situations TCP threads may become frozen. This creates the
possibility that Asterisk could segfault if they become unfrozen after
chan_sip has been dlclose'd. This reorders the unload_module process to
allow abort if threads do not exit within 5 seconds.
High level order as follows:
1) Unregister from the core to stop new requests.
2) Signal threads to stop
3) Clear config based tables (but do not free the table itself).
4) Verify that threads have shutdown, cancel unload if not.
5) Clean all remaining resources.
ASTERISK-26586
Change-Id: Ie23692041d838fbd35ece61868f4c640960ff882
|
|
|
|
|
|
The conditional expressions of the 'if' operators
situated alongside each other are identical.
Change-Id: I652b6dcddb3be007e669a6aa8107edb31a1ddafb
|
|
P is always true. We check it before
Change-Id: Iee61cda002a9f61aee26b9f66c5f9b59e3389efb
|
|
The conditional expressions of the 'if' operators situated
alongside each other are identical.
Change-Id: I2cf7c317b106ec14440c7f1b5dcfbf03639f748a
|
|
RFC says SIP headers look like:
HCOLON = *( SP / HTAB ) ":" SWS
SWS = [LWS] ; sep whitespace
LWS = [*WSP CRLF] 1*WSP ; linear whitespace
WSP = SP / HTAB ; from rfc2234
chan_sip implemented this:
HCOLON = *( LOWCTL / SP ) ":" SWS
LOWCTL = %x00-1F ; CTL without DEL
This discrepancy meant that SIP proxies in front of Asterisk with
chan_sip could pass on unknown headers with \x00-\x1F in them, which
would be treated by Asterisk as a different (known) header. For
example, the "To\x01:" header would gladly be forwarded by some proxies
as irrelevant, but chan_sip would treat it as the relevant "To:" header.
Those relying on a SIP proxy to scrub certain headers could mistakenly
get unexpected and unvalidated data fed to Asterisk.
This change fixes so chan_sip only considers SP/HTAB as valid tokens
before the colon, making it agree on the headers with other speakers of
SIP.
ASTERISK-26433 #close
AST-2016-009
Change-Id: I78086fbc524ac733b8f7f78cb423c91075fd489b
|
|
|
|
Per RFC 7118 5.2, the SIP URI 'transport' parameter should advertise
'ws' when WebSockets are to be used as the transport. This applies to
both secure and insecure WebSockets.
There were two bugs in Asterisk with respect to this:
(1) The most egregious occurs in res_pjsip. There, we advertise 'ws' for
insecure websockets and 'wss' for secure websockets. While this
would seem to make sense - since 'WS' and 'WSS' are used for the Via
Transport parameter - this is not the case for the SIP URI. This
patch corrects that by registering the secure websockets with
pjproject using the shorthand 'WS', and by returning 'ws' when asked
for the transport parameter. Note that in pjproject, it is perfectly
valid to have multiple transports use the same shorthand.
(2) In chan_sip, we return an upper-case version of the transport 'WS'
instead of 'ws'. Since we should be strict in what we send and
liberal in what we accept (within reason), this patch lower-cases
the transport before appending it to the parameter.
ASTERISK-24330 #close
Reported by: cervajs, Inaki Baz Castillo
Change-Id: Iff77b645f8cc3b7cd35168a6676c26b147f22f42
|
|
If a TCP/TLS connection was pending (not accepted and not timed out) during
unload of chan_sip, Asterisk would segfault when trying to send a signal to
a thread whose thread ID hadn't been recorded yet. This commit fixes that by
recording the thread ID before calling the blocking connect() syscall.
This was a regression introduced by 776a14386a55b5425c7e9617eff8af8b45427144.
The above wasn't enough to fix the segfault, which was now delayed to the
point where connect() timed out. Therefore, it was necessary to also remove
the SA_RESTART flag from the SIGURG sigaction so that pthread_kill() could be
used to interruput the connect() syscall.
This was a regression introduced by 5d313f51b982a18f7321adcf7c7a4e822d8b2714.
ASTERISK-26586 #close
Change-Id: I76fd9d47d56e4264e2629bce8ec15fecba673e7b
|
|
|
|
fopencookie/funclose is a non-standard API and should not be used
in portable software. Additionally, the way FILE's fd is used in
non-blocking mode is undefined behaviour and cannot be relied on.
This introduces internal abstraction for io streams, that allows
implementing the desired virtualization of read/write operations
with necessary timeout handling.
ASTERISK-24515 #close
ASTERISK-24517 #close
Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85
|
|
Correct typo of end-pints to end-points
Re-wrap session timer parameter docs to max 80 chars wide; this
eases reading on terminals with lower resolution, commonly the case
for those with visual impairments.
ASTERISK-26573
Change-Id: I22c94459f4bb6b8a2f6713cfd22e87c32f204e6b
Signed-off-by: C.J. Collier <cjcollier@linuxfoundation.org>
|
