In Asterisk 16+, there are a few places in ast_rtp_read where we've
allocated a frame list but return a null frame instead of the list.
In these cases, any frames left in the list won't be freed. In the
vast majority of the cases, the list is empty when we return so
there's nothing to free but there have been leaks reported in the
wild that can be traced back to frames left in the list before
returning.
The escape paths now all have logic to free frames left in the
list.
ASTERISK-28609
Reported by: Ted G
Change-Id: Ia1d7075857ebd26b47183c44b1aebb0d8f985f7a
A previous review, 13174, made a change whereby on an incoming offer SDP
the pending topology was initialized to the configured. This caused a problem
for bundle with WebRTC where bundle could reference a stream that did not
actually exist if the configuration had both audio and video but the
offer SDP only contained audio.
This change undoes that review and instead fixes the original problem it
sought to solve by setting the state of created streams based on the
contents of the offer SDP. This way the stream state is not inactive
until negotiation later completes.
ASTERISK-28659
Change-Id: Ic5ae5a86437d3e686ac5afd91d133cc916198355
The simple fix here is simply to NULL out username and password after we call
ast_free on them. Unfortunately, I noticed that we weren't checking for
allocation failures for username and password, and adding those checks made
things noisy and cumbersome.
So instead we partially rollback the recent LGTM patch, and move the alloca
calls into find_aor_name().
ASTERISK-28641 #close
Reported by: Ross Beer
Change-Id: Ic9d01624e717a020be0b0aee31f0814e7f1ffbe2
We're appropriately sizing the id_domain_alias buffer, but then copying the data
into the id_domain one. We were then using the uninitialized id_domain_alias
buffer we just allocated.
This is ASTERISK~28641 adjacent, but significant enough to warrant its own
patch.
Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9
We need to copy the endpoint name before we call ao2_cleanup() on it,
otherwise we might try to access memory that has been reclaimed.
ASTERISK-28445 #close
Reported by: Bernhard Schmidt
Change-Id: I404b952608aa606e0babd3c4108346721fb726b3
if asterisk offer T38 SDP with none error correction scheme and
the endpoint respond with redundancy EC scheme, asterisk switch
to that mode. Since we configure the endpoint as none EC mode
we should not switch to any other mode except none.
following logic implemented in code.
1. If asterisk offer none, and anything except none in answer
will be ignored.
2. If asterisk offer fec, answer with fec, redundancy and none will
be accepted.
3. If asterisk offer redundancy, answer with redundancy and none
will be accepted.
ASTERISK-28621
Change-Id: I343c62253ea4c8b7ee17abbfb377a4d484a14b19
Fixes: error: ‘domain_name’ may be used uninitialized in this function
Found with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008
Change-Id: I44413b49ea1205aa25538142161deb73883c79e8
OpenSSL can not tolerate if the packet sent out does not
match the length that it provided to the sender. This change
lies and says that each time the full packet was sent. If
a problem does occur then a retransmission will occur as
appropriate.
ASTERISK-28576
Change-Id: Id42455b15c9dc4eb987c8c023ece6fbf3c22a449
This patch fixes several issues reported by the lgtm code analysis tool:
https://lgtm.com/projects/g/asterisk/asterisk
Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:
* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards
Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25
There exists a scenario where a thread can hold a lock on the
channels container while trying to lock a bridge. At the same
time another thread can hold the lock for said bridge while
attempting to retrieve a channel. This causes a deadlock.
This change fixes this scenario by retrieving a channel snapshot
instead of a channel, as information present in the snapshot
is all that is needed.
ASTERISK-28616
Change-Id: I68ceb1d62c7378addcd286e21be08a660a7cecf2
Found during some testing, there is a race condition between selecting an
appropriate bridge type for a call versus the applying of media on the callee's
session. In some instances a native bridge type would have been chosen, but
due to the callee's media not yet being established at bridge compatibility
check time the simple bridge type is picked instead.
When using chan_pjsip this initiates a topology change event. The topologies
are then compared for the two sessions. However, when the topology was created
for the caller its streams are initialized to "inactive". This topology is then
used as a base when creating the callee's topology, and streams. Soon after
the caller's topology's stream(s) get updated based on the sdp (get set to
sendrecv in the failing scenario).
Now when the topology change event is raised, and the two topologies are
compared, the comparison fails due to a stream state mismatch (sendrecv vs
inactive). And since they differ a reinvite is sent out (to the caller in
this case).
This patch makes it such that when the caller's topology is initially created
it gets created based on its configured endpoint's media topology. When the
endpoint's topology is created its stream's state(s) are initialized to
sendrecv instead of inactive. Subsequently, now when the callee's topology is
created its topology streams are now initialized to sendrecv. Thus when the
topology change event occurs due to the mentioned scenario the stream states
match for the given sessions, and the reinvite is not sent unless due to some
other valid mismatch.
Note, this patch only changes one pending media state's creation point. It's
possible other places *could* be changed, however for now it was deemed best
to only alter what's here.
Change-Id: I6ba3a6a75f64824a1b963044c37acbe951c389c7
resource_events:stasis_app_message_handler() was locking the session,
then attempting to determine if the app had debug enabled which
locked the app_registry container. res_stasis:__stasis_app_register
was locking the app_registry container then calling app_update
which caused app_handler (which locks the session) to run.
The result was a deadlock.
* Updated resource_events:stasis_app_message_handler() to determine
if debug was set (which locks the app_registry) before obtaining the
session lock.
* Updated res_stasis:__stasis_app_register to release the app_registry
container lock before calling app_update (which locks the sesison).
ASTERISK-28423
Reported by Ross Beer
Change-Id: I58c69d08cb372852a63933608e4d6c3e456247b4
If the "max_retries" option is set to 0 then upon failure no
further attemps are made, so explicitly document the behavior.
ASTERISK-28602
Change-Id: I1e30daae9dd6c49ce18744164214d3def505acbf
Calling ne_uri_parse allocates memory that needs to be freed with a
corresponding call to ne_uri_free.
ASTERISK-28572 #close
Change-Id: I8a6834da27000a6807d89cb7a157b2a88fcb5e61
This change ensures that the module isn't unloaded when a
WebSocket is open. Previously it was possible to unload the
module manually or during shutdown which could cause a crash
when any active WebSockets were terminated.
ASTERISK-28585
Change-Id: I85c71ab112f99875b586419a34c08c8b34c14c5c
When we created the External Media addition to ARI we created an
ExternalMedia object to be returned from the channels/externalMedia
REST endpoint. This object contained the channel object that was
created plus local_address and local_port attributes (which are
also in the Channel variables). At the time, we thought that
creating an ExternalMedia object would give us more flexibility
in the future but as we created the sample speech to text
application, we discovered that it doesn't work so well with ARI
client libraries that a) don't have the ExternalMedia object
defined and/or b) can't promote the embedded channel structure
to a first-class Channel object.
This change causes the channels/externalMedia REST endpoint to
return a Channel object (like channels/create and channels/originate)
instead of the ExternalMedia object.
Change-Id: If280094debd35102cf21e0a31a5e0846fec14af9
PostgreSQL 12 finally removed column adsrc from table pg_catalog.pg_attrdef
(column default values), which has been deprecated since version 8.0.
Since then, the official/correct/supported way to retrieve the column
default value from the catalog is function pg_catalog.pg_get_expr().
This change breaks compatibility with pre-8.0 PostgreSQL servers,
but has reached end-of-support more than a decade ago.
cdr_pgsql and res_config_pgsql still have support for pre-7.3
servers, but cleaning that up is perhaps a topic for a major release,
not this bugfix.
ASTERISK-28571
Change-Id: I834cb3addf1937e19e87ede140bdd16cea531ebe
When creating an unsolicited MWI aggregate subscription it was possible for
the subscription object to be double unref'ed. This patch removes the explicit
unref as it is not needed since the RAII_VAR will handle it at function end.
Less concerning there was also a bug that could potentially allow the aggregate
subscription object to be added to the unsolicited container twice. This patch
ensures it is added only once.
ASTERISK-28575
Change-Id: I9ccfdb5ea788bc0c3618db183aae235e53c12763
On shutdown it's possible for the unsolicited mwi container to be freed before
other dependent threads are done using it. This patch ensures this can no
longer happen by wrapping the container in an ao2_global object. The solicited
container was also changed too.
ASTERISK-28552
Change-Id: I8f812286dc19a34916acacd71ce2ec26e1042047
Both res_pjsip and res_pjsip_mwi made use of serializer pools. However, they
both implemented their own serializer pool functionality that was pretty much
identical in each of the source files. This patch removes the duplicated code,
and uses the new 'ast_serializer_pool' object instead.
Additionally res_pjsip_mwi enables a shutdown group on the pool since if the
timing was right the module could be unloaded while taskprocessor threads still
needed to execute, thus causing a crash.
Change-Id: I959b0805ad024585bbb6276593118be34fbf6e1d
Add a new dialplan function PJSIP_MOH_PASSTHROUGH that allows
the on-hold behavior to be controlled on a per-call basis
ASTERISK-28542 #close
Change-Id: Iebe905b2ad6dbaa87ab330267147180b05a3c3a8
There are some warning messages which are not informative without endpoint:
"No registered subscribe handler for event presence.winfo"
"No registered publish handler for event presence"
This patch adds an endpoint name to these messages.
Change-Id: Ia2811ec226d8a12659b4f9d4d224b48289650827
Allow the list of files to be played to be provided explicitly in the
music class's configuration. The primary driver for this change is to
allow URLs to be used for MoH.
Change-Id: I9f43b80b43880980b18b2bee26ec09429d0b92fa
If a permanent contact URI associated with an AOR is invalid, we add a
Contact header to REGISTER responses with a NULL URI, causing a crash.
ASTERISK-28463 #close
Change-Id: Id2b643e58b975bc560aab1c111e6669d54db9102
The following message:
"Subscription request from endpoint <blah> rejected. Expiration of 0 is invalid"
Would sometimes spam the log with warnings if Asterisk restarted and a bunch
of clients sent unsubscribes. This patch changes it from a warning to a debug
message.
Change-Id: I841ec42f65559f3135e037df0e55f89b6447a467
When a stale item was being updated the object was being retrieved, but its
reference was not being decremented after the update. This patch makes it so
the object is now appropriately de-referenced.
ASTERISK-28523
Change-Id: I9d8173d3a0416a242f4eba92fa0853279c500ec7
This change adds support to the JITTERBUFFER dialplan function
for audio and video synchronization. When enabled the RTCP SR
report is used to produce an NTP timestamp for both the audio and
video streams. Using this information the video frames are queued
until their NTP timestamp is equal to or behind the NTP timestamp
of the audio. The audio jitterbuffer acts as the leader deciding
when to shrink/grow the jitterbuffer when adaptive is in use. For
both adaptive and fixed the video buffer follows the size of the
audio jitterbuffer.
ASTERISK-28533
Change-Id: I3fd75160426465e6d46bb2e198c07b9d314a4492
According to RFC3550, ALL RTCP packets must be sent in a compond packet
of at least two individual packets, including SR/RR and SDES. REMB,
FIR, and NACK were not following this format, and as a result, would
fail the packet check in ast_rtcp_interpret. This was found from writing
unit tests for RTCP. The browser would accept the way we were
constructing these RTCP packets, but when sending directly from one
Asterisk instance to another, the above mentioned problem would occur.
Change-Id: Ieb140e9c22568a251a564cd953dd22cd33244605
When modifying an already defined variable in some channel drivers they
add a new variable with the same name to the list, but that value is
never used, only the first one found.
Introduce ast_variable_list_replace() and use it where appropriate.
ASTERISK-23756 #close
Patches:
setvar-multiplie.patch submitted by Michael Goryainov
Change-Id: Ie1897a96c82b8945e752733612ee963686f32839
