kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-02 20:08:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
70b976f084f624e2efbcfdb6a690f7ada9f151b0
asterisk/res
History
Kevin Harwell 870394c051 res_pjsip_pubsub: unauthenticated remote crash in PJSIP pub/sub framework 
A remotely exploitable crash vulnerability exists in the PJSIP channel driver's
pub/sub framework. If an attempt is made to unsubscribe when not currently
subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries
to create an expiration timer with zero seconds, which is not allowed, so an
assertion raised.

The fix was to reject a subscription that is attempting to unsubscribe when not
being already subscribed.  Asterisk now checks for this situation appropriately
and responds with a 400 instead of crashing.

AST-2014-005

ASTERISK-23489 #close
........

Merged revisions 415812 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415813 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2014-06-12 14:39:29 +00:00
..
ael
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
ari
TALK_DETECT: A channel function that raises events when talking is detected
2014-05-30 12:42:57 +00:00
parking
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
res_pjsip
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
snmp
Get the SNMP code to compile.
2013-08-02 15:01:37 +00:00
stasis
ARI: Add ability to raise arbitrary User Events
2014-05-22 16:09:51 +00:00
stasis_recording
Remove unused RAII_VAR() declarations.
2014-04-15 18:01:47 +00:00
ari.make
ARI: Add mailboxes resource for controlling and polling external MWI
2014-01-14 23:44:57 +00:00
Makefile
ARI: Implement /recordings/stored API's
2013-08-30 13:28:50 +00:00
res_adsi.c
Multiple revisions 369323-369324
2012-06-25 15:55:25 +00:00
res_ael_share.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
res_ael_share.exports.in
Allow symbol export filtering to work properly on platforms that have symbol prefixes.
2010-04-02 18:57:58 +00:00
res_agi.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_agi.exports.in
Allow symbol export filtering to work properly on platforms that have symbol prefixes.
2010-04-02 18:57:58 +00:00
res_ari_applications.c
ARI: Support channel variables in originate
2014-01-21 14:27:21 +00:00
res_ari_asterisk.c
ARI: Support channel variables in originate
2014-01-21 14:27:21 +00:00
res_ari_bridges.c
ARI: Make bridges/{bridgeID}/play queue sound files
2014-04-18 20:09:24 +00:00
res_ari_channels.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
res_ari_device_states.c
ARI: Support channel variables in originate
2014-01-21 14:27:21 +00:00
res_ari_endpoints.c
ari:Add application/json parameter support
2013-11-27 15:48:39 +00:00
res_ari_events.c
ARI: Add ability to raise arbitrary User Events
2014-05-22 16:09:51 +00:00
res_ari_mailboxes.c
ARI: Support channel variables in originate
2014-01-21 14:27:21 +00:00
res_ari_model.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_ari_model.exports.in
Rename everything Stasis-HTTP to ARI
2013-07-27 23:11:02 +00:00
res_ari_playbacks.c
ARI: Support channel variables in originate
2014-01-21 14:27:21 +00:00
res_ari_recordings.c
ari:Add application/json parameter support
2013-11-27 15:48:39 +00:00
res_ari_sounds.c
ARI: Support channel variables in originate
2014-01-21 14:27:21 +00:00
res_ari.c
ARI: Add debug logging for events and responses
2014-04-18 14:25:47 +00:00
res_ari.exports.in
Rename everything Stasis-HTTP to ARI
2013-07-27 23:11:02 +00:00
res_calendar_caldav.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_calendar_ews.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_calendar_exchange.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
res_calendar_icalendar.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_calendar.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_calendar.exports.in
Allow symbol export filtering to work properly on platforms that have symbol prefixes.
2010-04-02 18:57:58 +00:00
res_chan_stats.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
res_clialiases.c
res_clialiases: Fix crash when reloading and re-aliasing an alias that is in use.
2014-02-04 02:22:28 +00:00
res_clioriginate.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
res_config_curl.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
res_config_ldap.c
Add support for a realtime sorcery module.
2013-04-27 12:01:29 +00:00
res_config_odbc.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
res_config_pgsql.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
res_config_sqlite3.c
Add support for a realtime sorcery module.
2013-04-27 12:01:29 +00:00
res_config_sqlite.c
res_config_sqlite: Check for CDR unregistration failures
2013-12-08 05:59:46 +00:00
res_convert.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
res_corosync.c
res_corosync: Update module to work with Stasis (and compile)
2014-05-22 12:01:37 +00:00
res_crypto.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_crypto.exports.in
Remove built-in AES code and use optional_api instead
2010-07-21 19:11:32 +00:00
res_curl.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_fax_spandsp.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_fax.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
res_fax.exports.in
Log spandsp's fax debug output to the FAX logger level.
2010-05-21 15:15:58 +00:00
res_format_attr_celt.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_format_attr_h263.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_format_attr_h264.c
h264: Fix H264 SDP payload format.
2014-05-13 13:53:28 +00:00
res_format_attr_opus.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_format_attr_silk.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_hep_pjsip.c
res_hep_pjsip: Use the channel name instead of the call ID when it is available
2014-04-10 21:28:08 +00:00
res_hep.c
res_hep: Fix crash when hep.conf not available
2014-04-03 11:47:03 +00:00
res_hep.exports.in
res_hep/res_hep_pjsip: Add a HEPv3 capture agent module and a logger for PJSIP
2014-03-28 18:32:50 +00:00
res_http_post.c
Avoid cppcheck warnings; removing unused vars and a bit of cleanup.
2012-04-17 18:57:40 +00:00
res_http_websocket.c
res_http_websocket: Create a websocket client
2014-06-05 17:22:35 +00:00
res_http_websocket.exports.in
res_http_websocket: Create a websocket client
2014-06-05 17:22:35 +00:00
res_jabber.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
res_jabber.exports.in
Fix chan_jingle/gtalk load regression introduced in r346087
2011-12-05 14:47:11 +00:00
res_limit.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_manager_devicestate.c
Add DeviceStateChanged and PresenceStateChanged AMI events.
2014-04-28 14:40:21 +00:00
res_manager_presencestate.c
Add DeviceStateChanged and PresenceStateChanged AMI events.
2014-04-28 14:40:21 +00:00
res_monitor.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_monitor.exports.in
Allow symbol export filtering to work properly on platforms that have symbol prefixes.
2010-04-02 18:57:58 +00:00
res_musiconhold.c
res_musiconhold: Minor cleanup.
2014-05-14 15:41:42 +00:00
res_mutestream.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:21:44 +00:00
res_mwi_external_ami.c
External MWI AMI support.
2014-01-06 17:49:05 +00:00
res_mwi_external.c
Prevent duplicate sorcery wizards from being applied to sorcery object types.
2014-04-02 18:57:29 +00:00
res_mwi_external.exports.in
External MWI core support.
2014-01-06 17:45:25 +00:00
res_odbc.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
res_odbc.exports.in
Allow symbol export filtering to work properly on platforms that have symbol prefixes.
2010-04-02 18:57:58 +00:00
res_parking.c
Eliminate some more unnecessary RAII_VAR() uses.
2014-04-15 18:30:24 +00:00
res_phoneprov.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_pjsip_acl.c
sorcery: Create AST_SORCERY dialplan function.
2014-03-06 22:39:54 +00:00
res_pjsip_authenticator_digest.c
res_pjsip_authenticator_digest: Fix md5 hash buffer
2014-01-03 21:13:30 +00:00
res_pjsip_caller_id.c
PJSIP: Add Path header support
2014-01-15 13:16:10 +00:00
res_pjsip_diversion.c
PJSIP: Add Path header support
2014-01-15 13:16:10 +00:00
res_pjsip_dtmf_info.c
Prevent a crash in res_pjsip_dtmf_info.c
2013-09-03 18:09:02 +00:00
res_pjsip_endpoint_identifier_anonymous.c
The large GULP->PJSIP renaming effort.
2013-07-30 18:14:50 +00:00
res_pjsip_endpoint_identifier_ip.c
PJSIP: Allow for identify sections to be specified in sorcery.conf.
2014-03-19 17:27:57 +00:00
res_pjsip_endpoint_identifier_user.c
PJSIP: Add log messages when requests are received for non-existent endpoints
2013-10-25 17:41:38 +00:00
res_pjsip_exten_state.c
res_pjsip_pubsub: Persist subscriptions in sorcery so they are recreated on startup.
2014-06-12 11:34:36 +00:00
res_pjsip_exten_state.exports.in
The large GULP->PJSIP renaming effort.
2013-07-30 18:14:50 +00:00
res_pjsip_header_funcs.c
chan_pjsip: Fix bug where custom SIP headers could be duplicated on outgoing INVITEs.
2014-06-09 20:21:42 +00:00
res_pjsip_log_forwarder.c
res_pjsip: Forward PJSIP logging to Asterisk logging
2013-09-13 14:22:07 +00:00
res_pjsip_logger.c
res_pjsip: Updates and adds more PJSIP CLI commands.
2014-02-06 17:55:45 +00:00
res_pjsip_messaging.c
chan_sip.c: Fixed off-nominal message iterator ref count and alloc fail issues.
2014-04-30 21:03:29 +00:00
res_pjsip_multihomed.c
res_pjsip_multihomed: Make address replacement less aggressive.
2014-03-17 22:46:56 +00:00
res_pjsip_mwi_body_generator.c
Decouple subscription handling from NOTIFY/PUBLISH body generation.
2014-01-31 22:27:07 +00:00
res_pjsip_mwi.c
res_pjsip_pubsub: Persist subscriptions in sorcery so they are recreated on startup.
2014-06-12 11:34:36 +00:00
res_pjsip_nat.c
PJSIP: Fix address for ACK in NAT situations
2014-01-31 15:08:49 +00:00
res_pjsip_notify.c
PJSIP: PJSIPNotify - Strip content-length headers and add documentation
2014-06-10 16:06:12 +00:00
res_pjsip_one_touch_record_info.c
The large GULP->PJSIP renaming effort.
2013-07-30 18:14:50 +00:00
res_pjsip_outbound_authenticator_digest.c
Switch PJSIP auth to use a vector.
2013-12-09 16:10:05 +00:00
res_pjsip_outbound_registration.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_pjsip_path.c
PJSIP: Add Path header support
2014-01-15 13:16:10 +00:00
res_pjsip_pidf_body_generator.c
Decouple subscription handling from NOTIFY/PUBLISH body generation.
2014-01-31 22:27:07 +00:00
res_pjsip_pidf_digium_body_supplement.c
Improve XML sanitization in NOTIFYs, especially for presence subtypes and messages.
2014-05-07 15:29:18 +00:00
res_pjsip_pidf_eyebeam_body_supplement.c
Decouple subscription handling from NOTIFY/PUBLISH body generation.
2014-01-31 22:27:07 +00:00
res_pjsip_pubsub.c
res_pjsip_pubsub: unauthenticated remote crash in PJSIP pub/sub framework
2014-06-12 14:39:29 +00:00
res_pjsip_pubsub.exports.in
res_pjsip_pubsub: Persist subscriptions in sorcery so they are recreated on startup.
2014-06-12 11:34:36 +00:00
res_pjsip_refer.c
PJSIP: Prevent crash on blind transfer
2014-05-30 14:53:44 +00:00
res_pjsip_registrar_expire.c
sorcery, bucket: Change observer remove calls to take const callbacks struct.
2013-12-03 17:35:54 +00:00
res_pjsip_registrar.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_pjsip_rfc3326.c
The large GULP->PJSIP renaming effort.
2013-07-30 18:14:50 +00:00
res_pjsip_sdp_rtp.c
PJSIP: Remove premature write of raw formats
2014-06-06 19:13:08 +00:00
res_pjsip_send_to_voicemail.c
res_pjsip_send_to_voicemail: transferring to voicemail for digium phones
2014-02-25 17:47:06 +00:00
res_pjsip_session.c
res_pjsip_session: Add debug statement for session refreshes
2014-06-04 14:12:00 +00:00
res_pjsip_session.exports.in
The large GULP->PJSIP renaming effort.
2013-07-30 18:14:50 +00:00
res_pjsip_t38.c
res_pjsip_session: Fix leaked video RTP ports.
2014-05-28 16:56:07 +00:00
res_pjsip_transport_websocket.c
res_pjsip_transport_websocket: Fix security events and simplify implementation.
2013-12-01 19:58:08 +00:00
res_pjsip_xpidf_body_generator.c
Decouple subscription handling from NOTIFY/PUBLISH body generation.
2014-01-31 22:27:07 +00:00
res_pjsip.c
Fix potential deadlock situation in res_pjsip.
2014-06-12 14:15:51 +00:00
res_pjsip.exports.in
res_pjsip: AMI commands and events.
2013-11-23 17:26:57 +00:00
res_pktccops.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_pktccops.exports.in
Allow symbol export filtering to work properly on platforms that have symbol prefixes.
2010-04-02 18:57:58 +00:00
res_realtime.c
Cleanup references to sipusers and sipfriends dynamic realtime families
2011-11-01 19:53:26 +00:00
res_rtp_asterisk.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_rtp_multicast.c
res_rtp_multicast: Ensure SSRC is set properly
2013-10-03 18:32:59 +00:00
res_security_log.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
res_smdi.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_smdi.exports.in
Allow symbol export filtering to work properly on platforms that have symbol prefixes.
2010-04-02 18:57:58 +00:00
res_snmp.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_sorcery_astdb.c
json: Fix off-nominal json ref counting issues.
2014-02-21 18:04:54 +00:00
res_sorcery_config.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_sorcery_memory.c
Pass the sorcery instance to wizards for CUD operations as well as retrieve.
2013-03-20 14:52:23 +00:00
res_sorcery_realtime.c
Handle the return values of realtime updates and stores more accurately.
2014-03-14 18:11:55 +00:00
res_speech.c
Add support for retrieving engine specific settings using the speech API and from dialplan.
2012-10-01 12:29:04 +00:00
res_speech.exports.in
app_speech_utils: Fix unresolved symbol ast_speech_get_setting().
2013-09-16 18:00:32 +00:00
res_srtp.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_srtp.exports.in
Add SRTP support for Asterisk
2010-06-08 05:29:08 +00:00
res_stasis_answer.c
Replace __ast_answer with ast_raw_answer in app_control_answer
2014-05-19 19:52:34 +00:00
res_stasis_answer.exports.in
Add missing exports file
2013-05-20 14:21:39 +00:00
res_stasis_device_state.c
ARI: Make double subscribe respond with success
2014-01-28 19:19:08 +00:00
res_stasis_device_state.exports.in
ARI: Implement device state API
2013-11-23 17:48:28 +00:00
res_stasis_mailbox.c
ARI: Add mailboxes resource for controlling and polling external MWI
2014-01-14 23:44:57 +00:00
res_stasis_mailbox.exports.in
ARI: Add mailboxes resource for controlling and polling external MWI
2014-01-14 23:44:57 +00:00
res_stasis_playback.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_stasis_playback.exports.in
This patch implements the REST API's for POST /channels/{channelId}/play
2013-05-23 20:11:35 +00:00
res_stasis_recording.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_stasis_recording.exports.in
ARI - channel recording support
2013-07-03 17:58:45 +00:00
res_stasis_snoop.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_stasis_snoop.exports.in
ari: Add Snoop operation for spying/whispering on channels.
2013-11-23 12:40:46 +00:00
res_stasis_test.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
res_stasis_test.exports.in
Initial support for endpoints.
2013-05-08 13:39:08 +00:00
res_stasis.c
ARI: Add ability to raise arbitrary User Events
2014-05-22 16:09:51 +00:00
res_stasis.exports.in
Moved core logic from app_stasis to res_stasis
2013-04-15 16:43:47 +00:00
res_statsd.c
Rename everything Stasis-HTTP to ARI
2013-07-27 23:11:02 +00:00
res_statsd.exports.in
Example of how to use the Stasis message bus
2013-04-26 20:05:15 +00:00
res_stun_monitor.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_timing_dahdi.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_timing_kqueue.c
timing: Improve performance for most timing implementations.
2014-02-07 20:01:45 +00:00
res_timing_pthread.c
timing: Improve performance for most timing implementations.
2014-02-07 20:01:45 +00:00
res_timing_timerfd.c
timing: Improve performance for most timing implementations.
2014-02-07 20:01:45 +00:00
res_xmpp.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
res_xmpp.exports.in
Add a new unified Jingle, Google Jingle, and Google Talk channel driver written from scratch called chan_motif.
2012-07-07 17:06:51 +00:00