There are various places in Asterisk - specifically in regards to
database integration - where having some kind of UTF-8 validation would
be beneficial. This patch adds:
* Functions to validate that a given string contains only valid UTF-8
sequences.
* A function to copy a string (similar to ast_copy_string) stopping when
an invalid UTF-8 sequence is encountered.
* A UTF-8 validator that allows for progressive validation.
All of this is based on the excellent UTF-8 decoder by Björn Höhrmann.
More information is available here:
https://bjoern.hoehrmann.de/utf-8/decoder/dfa/
The API was written in such a way that should allow us to replace the
implementation later should we determine that we need something more
comprehensive.
Change-Id: I3555d787a79e7c780a7800cd26e0b5056368abf9
fork before exec
Posix does only allow async-signal-safe syscalls after fork before exec.
As asterisk ignores this, functions like TrySystem or System sometimes
end up in a deadlocked child process. The patch prevents the use of
non-async-signal-safe syscalls.
ASTERISK-28776
Change-Id: Idc76365c0592ee3f3b3bd72a4f48f7a098978e8e
This patch fixes several issues reported by the lgtm code analysis tool:
https://lgtm.com/projects/g/asterisk/asterisk
Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:
* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards
Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25
There is enough MWI functionality to warrant it having its own 'c' and header
files. This patch moves all current core MWI data structures, and functions
into the following files:
main/mwi.h
main/mwi.c
Note, code was simply moved, and not modified. However, this patch is also in
preparation for core MWI changes, and additions to come.
Change-Id: I9dde8bfae1e7ec254fa63166e090f77e4d3097e0
This change adds statistics gathering to Stasis topics,
subscriptions, and message types. These can be viewed using
CLI commands and provide insight into how Stasis is used
and how long certain operations take to execute.
These are only available when Asterisk is compiled in
developer mode and do not have any impact under normal
operation.
ASTERISK-28117
Change-Id: I94411b53767f89ee01714daaecf0c2f1666e863f
We cannot use need_el_end and SIGURG when restarting. Instead we need
to run el_end within the SIGHUP restartnow handler.
ASTERISK-28158
Change-Id: Ia852276363c81bdcf1aa29eb4558c5c2fa1218a0
* Ignore console=yes configuration option in remote console processes.
* Use new flag to tell consolethread to run el_end and exit when needed.
ASTERISK-28158
Change-Id: I9e23b31d4211417ddc88c6bbfd83ea4c9f3e5438
This creates a separate source to 'own' symbols related to options.h and
paths.h. This significantly reduces the number of exports created by
main/asterisk.o. This change is required to eventually be able to
link unmodified Asterisk sources to utilities and/or stand-alone tests.
ASTERISK~26245
Change-Id: I5cf184f4757f9363b80c9e678bdc35c477122380
If the two formats on a channel are equal, we don't transcode and since
the generic plc needs slin to work, it doesn't get invoked.
* A new configuration option "genericplc_on_equal_codecs" was added
to the "plc" section of codecs.conf to allow generic packet loss
concealment even if no transcoding was originally needed.
Transcoding via SLIN is forced in this case.
ASTERISK-27743
Change-Id: I0577026a179dea34232e63123254b4e0508378f4
* Define CHAR_T_LIBEDIT and CHAR_TO_LIBEDIT based on
HAVE_LIBEDIT_IS_UNICODE. This avoids needing to repeatedly use
conditional blocks, eliminates having multiple function prototypes.
* Remove parenthesis from return values.
* Add missing code block brackets {}.
* Reduce use of 'else' conditional statements where possible.
Change-Id: I4315328ebea2f62641faf6881de2ac20a9f9d08e
The pool cache gets in the way of finding use after free errors of memory
pool contents. Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.
* Added the "cache_pools" option to pjproject.conf. Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the pool
contents are used after free and who freed it.
To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.
Sample pjproject.conf setting:
[startup]
cache_pools=no
* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.
ASTERISK-27704
Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828
The previous fix broke the case
HAVE_SYSINFO = no
HAVE_SYSCTL = yes
HAVE_SWAPCTL = no
which occurs on FreeBSD 11.1 for example.
ASTERISK-26563
Change-Id: If77c39bc75f0b83a6c8a24ecb2fa69be8846160a
Apparently in OSX it's possible for OSX to HAVE_SYSCTL but not
HAVE_SYSINFO or HAVE_SWAPCTL. In this case freeswap caused an unused
variable error.
ASTERISK-26563 #close
Change-Id: I8ec5b1897b786cc1abaf62264aa75039eea05510
* listen uses the variable `s` for the result from ast_poll() then
overwrites it with the result of accept(). Create a separate variable
poll_result to avoid confusion since ast_poll does not return a file
descriptor.
* Resolve fd leak that would occur if setsockopt failed in listen.
* Reserve an extra byte while processing completion results from remote
daemon. This fixes a bug where completion processing used strstr() on
a string that was not '\0' terminated. This was no risk to the Asterisk
daemon, the bug was only reachable the remote console process.
* Resolve leak in handle_showchan when the channel is not found.
* Multiple leaks and a deadlock in pbx_config CLI completion.
* Fix leaks in "manager show command".
Change-Id: I8f633ceb1714867ae30ef4e421858f77c14485a9
rasterisk does not need to handle setting verbose levels locally, it
should just tell the daemon what it wants and print what it is given.
Just max out the verbose level on the local client so all filtering
happens on the daemon.
ASTERISK-20281 #close
Change-Id: Ia305f75f1fc424a9169bfa30ef70d626ace2c8a8
There are many places in the code base where we ignore the return value
of fcntl() when getting/setting file descriptior flags. This patch
introduces a convenience function that allows setting or clearing file
descriptor flags and will also log an error on failure for later
analysis.
Change-Id: I8b81901e1b1bd537ca632567cdb408931c6eded7
Duplicate checking was done incorrectly when parsing completion options
from a remote console causing all options to be ignored as duplicates.
Once fixed I had to separate processing of the best match to ensure it
was not identified as a duplicate when it is the only match.
ASTERISK-27465
Change-Id: Ibbdb29f88211742071836c9b3f4d2aa1221cd0f9
The sounds index is rebuilt each time a format is registered or
unregistered. This causes the index to be repeatedly rebuilt during
startup and shutdown.
This patch significantly reduces the work done by delaying sound index
initialization until after modules are loaded. This way a reindex only
occurs if a format module is loaded after startup. We also skip
reindexing when format modules are unloaded during shutdown.
Change-Id: I585fd6ee04200612ab1490dc804f76805f89cf0a
* Stop using "_COMMAND NUMMATCHES" on remote consoles. Using this
command had doubled the amount of work needed from the Asterisk
daemon for each completion request.
* Fix code formatting.
* Remove static buffer used to send the command, use the same buffer
that will receive the results.
* Move sort from ast_cli_display_match_list.
Change-Id: Ie2211b519a3d4bec45bf46e0095bdd01d384cb69
This rewrites ast_el_strtoarr to use vector's internally, but still
return the original NULL terminated array of strings.
Change-Id: Ibfe776cbe14f750effa9ca360930acaccc02e957
* Stop estimating line count, just print until we run out of matches.
* Stop freeing entries, the caller does that anyways.
* Stop calculating / returning numoutput, it was ignored.
Change-Id: I7f92afa8bea92241a95227587367424c8c32a5cb
The remote console socket path is the combination of asterisk.conf
settings astrundir from [directories] and astctl from [files].
Unconditionally combine the two strings after processing all values
to ensure we end up with the correct socket path.
ASTERISK-27415
Change-Id: Ib1e2805d55d6b0955c6430a1a2a93acbf9b091e8
The media frame cache gets in the way of finding use after free errors of
media frames. Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.
* Added the "cache_media_frames" option to asterisk.conf. Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the frame is
used after free and who freed it. NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.
To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.
Sample asterisk.conf setting:
[options]
cache_media_frames=no
ASTERISK-27413
Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
ASTERISK-27103
Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
GCC 7 has added capability to produce warnings, this fixes most of those
warnings. The specific warnings are disabled in a few places:
* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().
ASTERISK-27156 #close
Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
Setting maxfiles (maximum number of open files) has no practical
effect on a remote asterisk (rasterisk, rasterisk -x).
It has an ill effect of printing an extra message, which
may be annoying in case of -x.
ASTERISK-27105 #close
Change-Id: Iaf9eb344e4b4b517df91b736b27ec55f6a6921a2
In all non-pbx modules, AST_MODULE_LOAD_FAILURE has been changed
to AST_MODULE_LOAD_DECLINE. This prevents asterisk from exiting
if a module can't be loaded. If the user wishes to retain the
FAILURE behavior for a specific module, they can use the "require"
or "preload-require" keyword in modules.conf.
A new API was added to logger: ast_is_logger_initialized(). This
allows asterisk.c/check_init() to print to the error log once the
logger subsystem is ready instead of just to stdout. If something
does fail before the logger is initialized, we now print to stderr
instead of stdout.
Change-Id: I5f4b50623d9b5a6cb7c5624a8c5c1274c13b2b25
* app_minivm: Use built-in completion facilities to complete optional
arguments.
* app_voicemail: Use built-in completion facilities to complete
optional arguments.
* app_confbridge: Add missing colons after 'Usage' text.
* chan_alsa: Use built-in completion facilities to complete optional
arguments.
* chan_sip: Use built-in completion facilities to complete optional
arguments. Add completions for 'load' for 'sip show user', 'sip show
peer', and 'sip qualify peer.'
* chan_skinny: Correct and extend completions for 'skinny reset' and
'skinny show line.'
* func_odbc: Correct completions for 'odbc read' and 'odbc write'
* main/asterisk: Correct and extend completions for 'core show file
version.'
* main/astmm: Use built-in completion facilities to complete arguments
for 'memory' commands.
* main/bridge: Correct completions for 'bridge kick.'
* main/ccss: Use built-in completion facilities to complete arguments
for 'cc cancel' command.
* main/cli: Add 'all' completion for 'channel request hangup.' Correct
completions for 'core set debug channel.' Correct completions for 'core
show calls.'
* main/pbx_app: Remove redundant completions for 'core show
applications.'
* main/pbx_hangup_handler: Remove unused completions for 'core show
hanguphandlers all.'
* res_sorcery_memory_cache: Add completion for 'reload' argument of
'sorcery memory cache stale' and properly implement.
Change-Id: Iee58c7392f6fec34ad9d596109117af87697bbca
The mechanism used for detecting the maximum log level compiled into the
linked pjproject did not work. The API call simply stores the requested
level into an integer and does no range checking. Asterisk was assuming
that there was range checking and limited the new value to the allowable
range. To get the actual maximum log level compiled into the linked
pjproject we need to get and save off the initial set log level from
pjproject. This is the maximum log level supported.
* Get and save off the initial log level setting before altering it to the
desired level on startup. This has to be done by a macro rather than
calling a core function to avoid incorrectly linking pjproject.
* Split the initial log level warning messages to warn if the linked
pjproject cannot support the requested startup level and if it is too low
to get the pjproject buildopts for "pjproject show buildopts".
* Adjust the CLI "pjproject set log level" to check the saved max log
level and to generate normal output messages instead of a warning message.
ASTERISK-26743 #close
Change-Id: I40aa76653e2a1dece66c3f8734594b4f0471cfb4
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.
Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages. Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible. Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.
* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.
* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.
* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.
* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject. Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.
* In log_forwarder(), made always log enabled and mapped pjproject log
messages. DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.
* Removed RAII_VAR() from res_pjproject.c:get_log_level().
ASTERISK-26630 #close
Change-Id: I6dca12979f482ffb0450aaf58db0fe0f6d2e5389
If a TCP/TLS connection was pending (not accepted and not timed out) during
unload of chan_sip, Asterisk would segfault when trying to send a signal to
a thread whose thread ID hadn't been recorded yet. This commit fixes that by
recording the thread ID before calling the blocking connect() syscall.
This was a regression introduced by 776a14386a.
The above wasn't enough to fix the segfault, which was now delayed to the
point where connect() timed out. Therefore, it was necessary to also remove
the SA_RESTART flag from the SIGURG sigaction so that pthread_kill() could be
used to interruput the connect() syscall.
This was a regression introduced by 5d313f51b9.
ASTERISK-26586 #close
Change-Id: I76fd9d47d56e4264e2629bce8ec15fecba673e7b
Libedit 3.1 is not build with unicode on as a default and so the
prototype for the el_gets callback changed from expecting a char buffer
to accepting a wchar buffer. If ast_el_read_char isn't changed,
the cli reads garbage from teh terminal.
Added a configure test for (*el_rfunc_t)(EditLine *, wchar_t *) and
updated ast_el_read_char to use the HAVE_ define to detemrine whether
to use char or wchar.
ASTERISK-26592 #close
Change-Id: I9099b46f68e06d0202ff80e53022a2b68b08871a
The dynamic range (96-127) allows 32 RTP Payload Types. RFC 3551 section 3
allows to reassign other ranges. Consequently, when the dynamic range is
exhausted, you can go for "rtp_pt_dynamic = 35" (or 0) in asterisk.conf. This
enables the range 35-63 (or 0-63) giving room for another 29 (or 64) payload
types.
ASTERISK-26311 #close
Change-Id: I7bc96ab764bc30098a178b841cbf7146f9d64964
(cherry picked from commit 9ac53877f6)
It is only safe to run ast_register_cleanup callbacks when all modules
have been unloaded. Previously these callbacks were run during graceful
shutdown, making it possible to crash during shutdown.
ASTERISK-26513 #close
Change-Id: Ibfa635bb688d1227ec54aa211d90d6bd45052e21
sd_notify() is used to notify systemd of changes to the status of the
process. This allows the systemd daemon to know when the process
finished loading (and thus only start another program after Asterisk has
finished loading).
To use this, use a systemd unit with 'Type=notify' for Asterisk.
This commit also adds the function ast_sd_notify(), a wrapper around
sd_notify that does nothing if not built with systemd support.
Also adds support for libsystemd detection in the configure script.
Change-Id: Ied6a59dafd5ef331c5c7ae8f3ccd2dfc94be7811
(cherry picked from commit 07b95f7c65)
Without this change, a 'core restart' would kill the astcanary forever
if you're not running as root. Both with and without this patch, the
scheduling priority was still SCHED_RR after restart.
Additionally, the astcanary is now spawned if you start with high
priority and Asterisk doesn't get a chance to lower it. For example
through: `chrt -r 10 sudo -u asterisk asterisk -c`
Also reap killed astcanary processes on core restart.
ASTERISK-26352 #close
Change-Id: Iacb49f26491a0717084ad46ed96b0bea5f627a55
Previously only the canary checking thread itself had its priority set
to SCHED_OTHER. Now all threads are traversed and adjusted.
ASTERISK-19867 #close
Reported by: Xavier Hienne
Change-Id: Ie0dd02a3ec42f66a78303e9c1aac28f7ed9aae39
If sysinfo() is available, but not sysctl() or swapctl() the
printing code for swap buffer sizes is incorrectly omitted.
The above condition happens with musl c-library.
Fix #if rule to consider defined(HAVE_SYSINFO). And also
remove the redundant || defined(HAVE_SYSCTL) which was
incorrectly there to start with. Now swap information is
displayed only if an actual libc function to get it is
available.
This also fixes warnings previously seen with musl libc:
[CC] asterisk.c -> asterisk.o
asterisk.c: In function 'handle_show_sysinfo':
asterisk.c:773:6: warning: variable 'totalswap' set but not used
[-Wunused-but-set-variable]
int totalswap = 0;
^~~~~~~~~
asterisk.c:770:11: warning: variable 'freeswap' set but not used
[-Wunused-but-set-variable]
uint64_t freeswap = 0;
^~~~~~~~
Change-Id: I1fb21dad8f27e416c60f138c6f2bff03fb626eca
