asterisk/asterisk.git
2 years agores_pjsip_pubsub: Check for Content-Type header in rx_notify_request
George Joseph [Tue, 19 Sep 2017 15:38:30 +0000 (09:38 -0600)]
res_pjsip_pubsub:  Check for Content-Type header in rx_notify_request

pubsub_on_rx_notify_request wasn't checking for a null
Content-Type header before checking that it was
application/simple-message-summary.

ASTERISK-27279
Reported by: Ross Beer

Change-Id: Iec2a6c4d2e74af37ff779ecc9fd35644c5c4ea52

2 years agocdr_mysql.c: Apply cdrzone to start and answer
alex [Wed, 13 Sep 2017 08:46:27 +0000 (11:46 +0300)]
cdr_mysql.c: Apply cdrzone to start and answer

Change-Id: I7de0a5adc89824a5f2b696fc22c80fc22dff36b0

2 years agoMerge "res_pjsip: Filter out non SIP(S) requests"
Jenkins2 [Fri, 15 Sep 2017 20:37:04 +0000 (15:37 -0500)]
Merge "res_pjsip:  Filter out non SIP(S) requests"

2 years agoMerge "res_calendar: Various fixes"
Joshua Colp [Fri, 15 Sep 2017 13:20:45 +0000 (08:20 -0500)]
Merge "res_calendar: Various fixes"

2 years agores_pjsip: Filter out non SIP(S) requests
George Joseph [Wed, 13 Sep 2017 21:23:54 +0000 (15:23 -0600)]
res_pjsip:  Filter out non SIP(S) requests

Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416).  This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.

URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme.  Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.

Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460

2 years agoMerge "chan_rtp: Use μ-law by default instead of signed linear"
Jenkins2 [Thu, 14 Sep 2017 17:37:43 +0000 (12:37 -0500)]
Merge "chan_rtp: Use μ-law by default instead of signed linear"

2 years agoMerge "tcptls: Change error message to debug."
Joshua Colp [Thu, 14 Sep 2017 17:11:38 +0000 (12:11 -0500)]
Merge "tcptls: Change error message to debug."

2 years agotcptls: Change error message to debug.
Joshua Colp [Thu, 14 Sep 2017 12:54:40 +0000 (12:54 +0000)]
tcptls: Change error message to debug.

The Websocket implementation will steal the underlying stream of
TCP/TLS sessions. This results in an error message being output
about a stream not being present when in reality this is actually
fine.

This change moves it to a debug message instead.

Change-Id: I66cc639080b4b4599beadb4faa7d313f2721d094

2 years agores_calendar: Various fixes
Sean Bright [Wed, 13 Sep 2017 19:08:39 +0000 (15:08 -0400)]
res_calendar: Various fixes

* The way that we were looking at XML elements for CalDAV was extremely
  fragile, so use SAX2 for increased robustness.

* Don't complain about a 'channel' not be specified if autoreminder is
  not set. Assume that if 'channel' is not set, we don't want to be
  notified.

* Fix some truncated CLI output in 'calendar show calendar' and make the
  'Autoreminder' description a bit more clear

ASTERISK-24588 #close
Reported by: Stefan Gofferje

ASTERISK-25523 #close
Reported by: Jesper

Change-Id: I200d11afca6a47e7d97888f286977e2e69874b2c

2 years agochan_rtp: Use μ-law by default instead of signed linear
Sean Bright [Wed, 13 Sep 2017 14:38:11 +0000 (10:38 -0400)]
chan_rtp: Use μ-law by default instead of signed linear

Multicast/Unicast RTP do not use SDP so we need to use a format that
cleanly maps to one of the static RTP payload types. Without this
change, an Originate to a Multicast or Unicast channel without a format
specified would produce no audio on the receiving device.

ASTERISK-21399 #close
Reported by: Tzafrir Cohen

Change-Id: I97e332b566e85da04b0004b9b0daae746cfca0e3

2 years agores_pjsip: Add handling for incoming unsolicited MWI NOTIFY
George Joseph [Mon, 11 Sep 2017 10:46:35 +0000 (04:46 -0600)]
res_pjsip:  Add handling for incoming unsolicited MWI NOTIFY

A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.

res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.

Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c

2 years agoMerge "alembic: Fix typo in add_auto_info_to_endpoint_dtmf_mode"
Jenkins2 [Tue, 12 Sep 2017 19:30:41 +0000 (14:30 -0500)]
Merge "alembic:  Fix typo in add_auto_info_to_endpoint_dtmf_mode"

2 years agores_rtp_asterisk.c: Add doxygen to RTCP payload types.
Richard Mudgett [Sat, 9 Sep 2017 02:41:35 +0000 (21:41 -0500)]
res_rtp_asterisk.c: Add doxygen to RTCP payload types.

Change-Id: I3f20ce428777cc4ce9c13b2f808d29ff8c873998

2 years agoMerge "cdr_pgsql: Refactor magic number by definition for version"
Joshua Colp [Mon, 11 Sep 2017 12:22:59 +0000 (07:22 -0500)]
Merge "cdr_pgsql: Refactor magic number by definition for version"

2 years agoMerge "alembic: Add support for MS-SQL"
Jenkins2 [Mon, 11 Sep 2017 11:55:12 +0000 (06:55 -0500)]
Merge "alembic: Add support for MS-SQL"

2 years agoalembic: Fix typo in add_auto_info_to_endpoint_dtmf_mode
George Joseph [Mon, 11 Sep 2017 10:52:51 +0000 (04:52 -0600)]
alembic:  Fix typo in add_auto_info_to_endpoint_dtmf_mode

The downgrade function was missing "_v2" at the end of the
alter column type.

Change-Id: Iaa9bcef48d6f3590ce07a61342d8e66f00263d8e

2 years agores/res_pjsip: Fix localnet checks in pjsip, part 2.
Walter Doekes [Sun, 10 Sep 2017 11:17:27 +0000 (13:17 +0200)]
res/res_pjsip: Fix localnet checks in pjsip, part 2.

In 45744fc53, I mistakenly broke SDP media address rewriting by
misinterpreting which address was checked in the localnet comparison.

Instead of checking the remote peer address to decide whether we need
media address rewriting, we check our local media address: if it's
local, then we rewrite. This feels awkward, but works and even made
directmedia work properly if you set local_net. (For the record: for
local peers, the SDP media rewrite code is not called, so the
comparison does no harm there.)

ASTERISK-27248 #close

Change-Id: I566be1c33f4d0a689567d451ed46bab9c3861d4f

2 years agocdr_pgsql: Refactor magic number by definition for version
Rodrigo Ramírez Norambuena [Sat, 9 Sep 2017 02:19:28 +0000 (23:19 -0300)]
cdr_pgsql: Refactor magic number by definition for version

Change-Id: I43f25976aa3069793ddbe0086833965a6fb0a518

2 years agoalembic: Add support for MS-SQL
Florian Floimair [Tue, 5 Sep 2017 16:13:19 +0000 (18:13 +0200)]
alembic: Add support for MS-SQL

MS-SQL has no native Enum-type support and therefore
needs to work with constraints.
Since these constraints need unique names the suggested approach
referenced in the following alembic documentation has been applied:
http://bit.ly/2x9r8pb

ASTERISK-27255 #close

Change-Id: I8b579750dae0c549f1103ee50172644afb9b2f95

2 years agoMerge "chan_sip: when getting sip pvt return failure if not found"
Jenkins2 [Fri, 8 Sep 2017 15:24:08 +0000 (10:24 -0500)]
Merge "chan_sip: when getting sip pvt return failure if not found"

2 years agoMerge "app_waitforsilence: Cleanup & don't treat missing frames as 'noise'"
Jenkins2 [Fri, 8 Sep 2017 15:20:10 +0000 (10:20 -0500)]
Merge "app_waitforsilence: Cleanup & don't treat missing frames as 'noise'"

2 years agoMerge "res_srtp: Add support for libsrtp2.1."
Joshua Colp [Fri, 8 Sep 2017 10:40:04 +0000 (05:40 -0500)]
Merge "res_srtp: Add support for libsrtp2.1."

2 years agoMerge "chan_sip: Do not change IP address in SDP origin line (o=) in SIP reINVITE"
Jenkins2 [Thu, 7 Sep 2017 18:04:35 +0000 (13:04 -0500)]
Merge "chan_sip: Do not change IP address in SDP origin line (o=) in SIP reINVITE"

2 years agoMerge "res_pjsip_session: Preserve stream name during renegotiation."
Jenkins2 [Thu, 7 Sep 2017 17:51:40 +0000 (12:51 -0500)]
Merge "res_pjsip_session: Preserve stream name during renegotiation."

2 years agoMerge "func_cdr: honour 'u' flag on dummy channel"
Jenkins2 [Thu, 7 Sep 2017 16:00:08 +0000 (11:00 -0500)]
Merge "func_cdr: honour 'u' flag on dummy channel"

2 years agoMerge "stasis/control.c: Fix set_interval_hook() ref leak."
Jenkins2 [Thu, 7 Sep 2017 15:46:43 +0000 (10:46 -0500)]
Merge "stasis/control.c: Fix set_interval_hook() ref leak."

2 years agofunc_cdr: honour 'u' flag on dummy channel
Jacek Konieczny [Tue, 5 Sep 2017 12:31:50 +0000 (14:31 +0200)]
func_cdr: honour 'u' flag on dummy channel

Fixes ${CDR(...,u)} when used in cdr_custom.conf

ASTERISK-27165 #close

Change-Id: Ia4e0b6ba93e03d27886354c279737790e2cd6a83

2 years agoapp_waitforsilence: Cleanup & don't treat missing frames as 'noise'
Sean Bright [Wed, 6 Sep 2017 15:50:53 +0000 (11:50 -0400)]
app_waitforsilence: Cleanup & don't treat missing frames as 'noise'

* WaitForSilence completes successfully if it receives no media in the
  specified timeout, but when acting as WaitForNoise that logic needs
  to be reversed.

* Use standard argument parsing macros and add some error checking for
  invalid values.

* The documentation indicated that the first argument to both
  WaitForSilence and WaitForNoise was required when it was not. Update
  the documentation to reflect that.

* Wrap up some behavior in structs to avoid boolean checks all over the
  place.

ASTERISK-24066 #close
Reported by: M vd S

Change-Id: I01d40adc5b63342bb5018a1bea2081a0aa191ef9

2 years agochan_sip: when getting sip pvt return failure if not found
Scott Griepentrog [Wed, 6 Sep 2017 21:05:32 +0000 (17:05 -0400)]
chan_sip: when getting sip pvt return failure if not found

In handle_request_invite, when processing a pickup, a call
is made to get_sip_pvt_from_replaces to locate the pvt for
the subscription. The pvt is assumed to be valid when zero
is returned indicating no error, and is dereferenced which
can cause a crash if it was not found.

This change checks the not found case and returns -1 which
allows the calling code to fail appropriately.

ASTERISK-27217 #close
Reported-by: Bryan Walters

Change-Id: I6bee92b8b8b85fcac3fd66f8c00ab18bc1765612

2 years agostasis/control.c: Fix set_interval_hook() ref leak.
Richard Mudgett [Wed, 6 Sep 2017 18:38:17 +0000 (13:38 -0500)]
stasis/control.c: Fix set_interval_hook() ref leak.

Change-Id: Ia0edb7dc0dbbb879c079ff7000f1b722d86ce7dc

2 years agostasis/control: Fix possible deadlock with swap channel
George Joseph [Fri, 1 Sep 2017 10:17:02 +0000 (04:17 -0600)]
stasis/control:  Fix possible deadlock with swap channel

If an error occurs during a bridge impart it's possible that
the "bridge_after" callback might try to run before
control_swap_channel_in_bridge has been signalled to continue.
Since control_swap_channel_in_bridge is holding the control lock
and the callback needs it, a deadlock will occur.

* control_swap_channel_in_bridge now only holds the control
  lock while it's actually modifying the control structure and
  releases it while the bridge impart is running.
* bridge_after_cb is now tolerant of impart failures.

Change-Id: Ifd239aa93955b3eb475521f61e284fcb0da2c3b3

2 years agoMerge "alembic: Fix enum creation for dtls_fingerprint"
George Joseph [Wed, 6 Sep 2017 16:52:26 +0000 (11:52 -0500)]
Merge "alembic: Fix enum creation for dtls_fingerprint"

2 years agoMerge "alembic: fix erroneous commit for add_prune_on_boot"
Jenkins2 [Wed, 6 Sep 2017 15:55:35 +0000 (10:55 -0500)]
Merge "alembic: fix erroneous commit for add_prune_on_boot"

2 years agoMerge "res/res_pjsip: Standardize/fix localnet checks across pjsip."
Jenkins2 [Wed, 6 Sep 2017 15:17:06 +0000 (10:17 -0500)]
Merge "res/res_pjsip: Standardize/fix localnet checks across pjsip."

2 years agochan_sip: Do not change IP address in SDP origin line (o=) in SIP reINVITE
Vitezslav Novy [Wed, 6 Sep 2017 10:23:25 +0000 (12:23 +0200)]
chan_sip: Do not change IP address in SDP origin line (o=) in SIP reINVITE

If directmedia=yes is configured, when call is answered, Asterisk sends reINVITE
to both parties to set up media path directly between the endpoints.
In this reINVITE msg SDP origin line (o=) contains IP address of endpoint
instead of IP of asterisk. This behavior violates RFC3264, sec 8:
"When issuing an offer that modifies the session,
the "o=" line of the new SDP MUST be identical to that in the
previous SDP, except that the version in the origin field MUST
increment by one from the previous SDP."
This patch assures IP address of Asterisk is always sent in
SDP origin line.

ASTERISK-17540
Reported by:  saghul

Change-Id: I533a047490c43dcff32eeca8378b2ba02345b64e

2 years agoMerge "formats: Restore previous fread() behavior"
Joshua Colp [Wed, 6 Sep 2017 14:25:40 +0000 (09:25 -0500)]
Merge "formats: Restore previous fread() behavior"

2 years agoalembic: Fix enum creation for dtls_fingerprint
George Joseph [Wed, 6 Sep 2017 12:54:00 +0000 (06:54 -0600)]
alembic: Fix enum creation for dtls_fingerprint

Change-Id: Ic061c5066a146616a68376881c7e4cf6d6e7e7db

2 years agoMerge "res_pjsip_t38: Make t38_reinvite_response_cb tolerant of NULL channel"
Jenkins2 [Wed, 6 Sep 2017 11:48:45 +0000 (06:48 -0500)]
Merge "res_pjsip_t38:  Make t38_reinvite_response_cb tolerant of NULL channel"

2 years agoMerge "res_calendar*, res_smdi: Move to "extended" support"
Jenkins2 [Wed, 6 Sep 2017 11:44:30 +0000 (06:44 -0500)]
Merge "res_calendar*, res_smdi: Move to "extended" support"

2 years agoalembic: fix erroneous commit for add_prune_on_boot
Florian Floimair [Tue, 5 Sep 2017 16:08:02 +0000 (18:08 +0200)]
alembic: fix erroneous commit for add_prune_on_boot

Added include for postgresql ENUM type and
redefined values in the same way as in the
other migration scripts.

ASTERISK-27254 #close

Change-Id: Id667304cdf3891b1c2f7d35fab3e2a84026159fa

2 years agores_srtp: Add support for libsrtp2.1.
Alexander Traud [Wed, 6 Sep 2017 08:02:19 +0000 (10:02 +0200)]
res_srtp: Add support for libsrtp2.1.

Asterisk is able to use libSRTP 2.0.x. However since libSRTP 2.1.x, the macro
SRTP_AES_ICM got renamed to SRTP_AES_ICM_128. Beside to still compile with
previous versions of libSRTP, this change allows libSRTP 2.1.x as well.

ASTERISK-27253 #close

Change-Id: I2e6eb3c3bc844fee8a624060a2eb6f182dc70315

2 years agochan_pjsip: Suppress frame warnings.
Ben Ford [Tue, 5 Sep 2017 14:35:12 +0000 (09:35 -0500)]
chan_pjsip: Suppress frame warnings.

When rtp_keepalive is on for a PJSIP endpoint dialing to another
Asterisk instance also using PJSIP, Asterisk will continue to print
warning messages about not being able to send frames of a certain
type. This suppresses that warning message.

Change-Id: I0332a05519d7bda9cacfa26d433909ff1909be67

2 years agoformats: Restore previous fread() behavior
Sean Bright [Tue, 5 Sep 2017 15:05:48 +0000 (11:05 -0400)]
formats: Restore previous fread() behavior

Some formats are able to handle short reads while others are not, so
restore the previous behavior for the format modules so that we don't
have spurious errors when playing back files.

ASTERISK-27232 #close
Reported by: Jens T.

Change-Id: Iab7f52b25a394f277566c8a2a4b15a692280a300

2 years agores/res_pjsip: Standardize/fix localnet checks across pjsip.
Walter Doekes [Tue, 5 Sep 2017 14:16:01 +0000 (16:16 +0200)]
res/res_pjsip: Standardize/fix localnet checks across pjsip.

In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.

For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.

Therefore, checks like this look wrong, but are right:

    /* See if where we are sending this request is local or not, and if
       not that we can get a Contact URI to modify */
    if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
        ast_debug(5, "Request is being sent to local address, "
                     "skipping NAT manipulation\n");

(In the list == localnet == DENY == skip NAT manipulation.)

And conversely, other checks that looked right, were wrong.

This change adds two macro's to reduce the confusion and uses those
instead:

    ast_sip_transport_is_nonlocal(transport_state, addr)
    ast_sip_transport_is_local(transport_state, addr)

ASTERISK-27248 #close

Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934

2 years agoMerge "app_directory: Handle a NULL mailbox without crashing"
Joshua Colp [Tue, 5 Sep 2017 13:41:19 +0000 (08:41 -0500)]
Merge "app_directory: Handle a NULL mailbox without crashing"

2 years agores_pjsip_session: Preserve stream name during renegotiation.
Joshua Colp [Tue, 5 Sep 2017 13:39:43 +0000 (13:39 +0000)]
res_pjsip_session: Preserve stream name during renegotiation.

Stream names within Asterisk can have meaning so when an externally
initiated renegotiation occurs we need to preserve the name of
the stream if it already exists.

Change-Id: I29f50d0cc7f3238287d6d647777e76e1bdf8c596

2 years agores_calendar*, res_smdi: Move to "extended" support
George Joseph [Tue, 5 Sep 2017 12:50:36 +0000 (06:50 -0600)]
res_calendar*, res_smdi: Move to "extended" support

Change-Id: I31eee8be30c6b0fc3dadb31111dd47742da8892d

2 years agoMerge "chan_ooh323: Fix confusing indentation warning"
Joshua Colp [Tue, 5 Sep 2017 12:16:41 +0000 (07:16 -0500)]
Merge "chan_ooh323: Fix confusing indentation warning"

2 years agores_pjsip_t38: Make t38_reinvite_response_cb tolerant of NULL channel
George Joseph [Tue, 5 Sep 2017 10:23:04 +0000 (04:23 -0600)]
res_pjsip_t38:  Make t38_reinvite_response_cb tolerant of NULL channel

t38_reinvite_response_cb can get called by res_pjsip_session's
session_inv_on_tsx_state_changed in situations where session->channel
is NULL.  If it is, the ast_log warning segfaults because it tries
to get the channel name from a NULL channel.

* Check session->channel and print "unknown channel" when it's NULL.

ASTERISK-27236
Reported by: Ross Beer

Change-Id: I4326e288d36327f6c79ab52226d54905cdc87dc7

2 years agortp_engine: Prevent possible double free with DTLS config
Sean Bright [Fri, 1 Sep 2017 21:17:38 +0000 (17:17 -0400)]
rtp_engine: Prevent possible double free with DTLS config

ASTERISK-27225 #close
Reported by: Richard Kenner

Change-Id: I097b81734ef730f8603c0b972909d212a3a5cf89

2 years agochan_ooh323: Fix confusing indentation warning
Sean Bright [Fri, 1 Sep 2017 18:15:40 +0000 (14:15 -0400)]
chan_ooh323: Fix confusing indentation warning

ASTERISK-27177 #close
Reported by: Tzafrir Cohen

Change-Id: I40311c404edb2302a7543ad5ca7a06b2a38f2d97

2 years agoapp_directory: Handle a NULL mailbox without crashing
Sean Bright [Fri, 1 Sep 2017 14:51:06 +0000 (10:51 -0400)]
app_directory: Handle a NULL mailbox without crashing

ASTERISK-27241 #close
Reported by: David Moore

Change-Id: Ibbbca85517b04c315406ebfe3b6f7e0763daedc6

2 years agoMerge "chan_pjsip: Add tag info in CHANNEL function"
Jenkins2 [Thu, 31 Aug 2017 22:33:05 +0000 (17:33 -0500)]
Merge "chan_pjsip: Add tag info in CHANNEL function"

2 years agoMerge "res_rtp_asterisk: Allow remote SSRC to change on an RTP instance."
Joshua Colp [Thu, 31 Aug 2017 21:50:50 +0000 (16:50 -0500)]
Merge "res_rtp_asterisk: Allow remote SSRC to change on an RTP instance."

2 years agoMerge "res_rtp_asterisk: Only learn a new source in learn state."
Joshua Colp [Thu, 31 Aug 2017 13:34:48 +0000 (08:34 -0500)]
Merge "res_rtp_asterisk: Only learn a new source in learn state."

2 years agoMerge "pjsip_message_ip_updater: Fix issue handling "tel" URIs"
Jenkins2 [Thu, 31 Aug 2017 13:30:17 +0000 (08:30 -0500)]
Merge "pjsip_message_ip_updater:  Fix issue handling "tel" URIs"

2 years agopjsip_message_ip_updater: Fix issue handling "tel" URIs
George Joseph [Mon, 24 Jul 2017 15:48:14 +0000 (09:48 -0600)]
pjsip_message_ip_updater:  Fix issue handling "tel" URIs

sanitize_tdata was assuming all URIs were SIP URIs so when a non
SIP uri was in the From, To or Contact headers, the unconditional
cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused
a segfault when trying to access uri->other_param.

* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)
  checks before attempting to cast or use the returned uri.

ASTERISK-27152
Reported-by: Ross Beer

Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f

2 years agoAST-2017-006: Fix app_minivm application MinivmNotify command injection
Corey Farrell [Sun, 2 Jul 2017 00:24:27 +0000 (20:24 -0400)]
AST-2017-006: Fix app_minivm application MinivmNotify command injection

An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received.  The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.

* Add ast_safe_execvp() function.  This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding.  This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.

* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.

* Document code injection potential from untrusted data sources for other
shell commands that are under user control.

ASTERISK-27103

Change-Id: I7552472247a84cde24e1358aaf64af160107aef1

2 years agores_rtp_asterisk: Only learn a new source in learn state.
Joshua Colp [Mon, 22 May 2017 15:36:38 +0000 (15:36 +0000)]
res_rtp_asterisk: Only learn a new source in learn state.

This change moves the logic which learns a new source address
for RTP so it only occurs in the learning state. The learning
state is entered on initial allocation of RTP or if we are
told that the remote address for the media has changed. While
in the learning state if we continue to receive media from
the original source we restart the learning process. It is
only once we receive a sufficient number of RTP packets from
the new source that we will switch to it. Once this is done
the closed state is entered where all packets that do not
originate from the expected source are dropped.

The learning process has also been improved to take into
account the time between received packets so a flood of them
while in the learning state does not cause media to be switched.

Finally RTCP now drops packets which are not for the learned
SSRC if strict RTP is enabled.

ASTERISK-27013

Change-Id: I56a96e993700906355e79bc880ad9d4ad3ab129c

2 years agores_rtp_asterisk: Allow remote SSRC to change on an RTP instance.
Joshua Colp [Wed, 30 Aug 2017 12:28:58 +0000 (12:28 +0000)]
res_rtp_asterisk: Allow remote SSRC to change on an RTP instance.

When SDP renegotiation occurs it is possible for an RTP
instance to be reused for a new stream, resulting in the remote
SSRC changing if it is part of a bundle group. This change
allows this and updates its mapping in the current bundle
group.

ASTERISK-27231

Change-Id: I6e3703974f236bc024c5dbe9bd43adae0c6fb490

2 years agoMerge "bridge_native_rtp.c: Fixup native_rtp_framehook()"
Jenkins2 [Wed, 30 Aug 2017 13:58:35 +0000 (08:58 -0500)]
Merge "bridge_native_rtp.c: Fixup native_rtp_framehook()"

2 years agochan_pjsip: Add tag info in CHANNEL function
Andre Nazario [Sat, 26 Aug 2017 02:06:10 +0000 (23:06 -0300)]
chan_pjsip: Add tag info in CHANNEL function

Create local_tag and remote_tag in CHANNEL info to get tag from From and
To headers of a SIP dialog.

ASTERISK-27220

Change-Id: I59b16c4b928896fcbde02ad88f0e98922b15d524

2 years agobridge_native_rtp.c: Fixup native_rtp_framehook()
Richard Mudgett [Tue, 29 Aug 2017 19:22:15 +0000 (14:22 -0500)]
bridge_native_rtp.c: Fixup native_rtp_framehook()

* Fix framehook to test frame type for control frame.
* Made framehook exit early if frame type is not a control frame.
* Eliminated RAII_VAR in framehook.
* Use switch instead of else-if ladder for control frame handling.

Change-Id: Ia555fc3600bd85470e3c0141147dbe3ad07c1d18

2 years agoconfbridge: Handle user hangup during name recording
Sean Bright [Tue, 29 Aug 2017 14:26:17 +0000 (10:26 -0400)]
confbridge: Handle user hangup during name recording

This prevents orphaned CBAnn channels from getting stuck in the bridge.

ASTERISK-26994 #close
Reported by: James Terhune

Change-Id: I5e43e832a9507ec3f2c59752cd900b41dab80457

2 years agoMerge "core: Reduce video update queueing."
Jenkins2 [Tue, 29 Aug 2017 11:13:09 +0000 (06:13 -0500)]
Merge "core: Reduce video update queueing."

2 years agoMerge "app_record: Resolve some absolute vs. relative filename bugs"
Jenkins2 [Tue, 29 Aug 2017 10:57:07 +0000 (05:57 -0500)]
Merge "app_record: Resolve some absolute vs. relative filename bugs"

2 years agoMerge "voicemail: Fix various abuses of mkstemp"
Jenkins2 [Tue, 29 Aug 2017 10:17:21 +0000 (05:17 -0500)]
Merge "voicemail: Fix various abuses of mkstemp"

2 years agocore: Reduce video update queueing.
Joshua Colp [Thu, 24 Aug 2017 16:45:08 +0000 (13:45 -0300)]
core: Reduce video update queueing.

A video update frame is used to indicate that a channel
with video negotiated should provide a full frame so the
decoder decoding the stream is able to do so. In situations
where a queue is used to store frames it makes no sense
for the queue to contain multiple video update frames. One
is sufficient to have a full frame be sent.

ASTERISK-27222

Change-Id: Id3f40a6f51b740ae4704003a1800185c0c658ee7

2 years agoMerge "res/res_pjsip_session: allow SDP answer to be regenerated"
Joshua Colp [Mon, 28 Aug 2017 12:34:47 +0000 (07:34 -0500)]
Merge "res/res_pjsip_session: allow SDP answer to be regenerated"

2 years agoMerge "alembic: Add dtls_fingerprint column in ps_endpoints table"
Jenkins2 [Mon, 28 Aug 2017 11:47:40 +0000 (06:47 -0500)]
Merge "alembic: Add dtls_fingerprint column in ps_endpoints table"

2 years agovoicemail: Fix various abuses of mkstemp
Sean Bright [Fri, 25 Aug 2017 18:44:35 +0000 (14:44 -0400)]
voicemail: Fix various abuses of mkstemp

mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.

In the case of app_minivm, we also now properly clean up any temporary
files that we create.

ASTERISK-20858 #close
Reported by: Walter Doekes

Change-Id: I30ad04f0e115f0b11693ff678ba5184d8b938e43

2 years agoapp_record: Resolve some absolute vs. relative filename bugs
Sean Bright [Fri, 25 Aug 2017 17:20:16 +0000 (13:20 -0400)]
app_record: Resolve some absolute vs. relative filename bugs

If the Record() application is called with a relative filename that
includes directories, we were not properly creating the intermediate
directories and Record() would fail.

Secondarily, updated the documentation for RECORDED_FILE to mention
that it does not include a filename extension.

Finally, rewrote the '%d' functionality to be a bit more straight
forward and less noisy.

ASTERISK-16777 #close
Reported by: klaus3000

Change-Id: Ibc2640cba3a8c7f17d97b02f76b7608b1e7ffde2

2 years agoMerge "app_queue: Evaluate realtime queues when running dialplan functions"
Jenkins2 [Fri, 25 Aug 2017 14:32:28 +0000 (09:32 -0500)]
Merge "app_queue: Evaluate realtime queues when running dialplan functions"

2 years agoMerge "chan_pjsip.c: Fix topology refresh response code accuracy."
Joshua Colp [Fri, 25 Aug 2017 13:32:43 +0000 (08:32 -0500)]
Merge "chan_pjsip.c: Fix topology refresh response code accuracy."

2 years agoMerge "app_voicemail: Honor escape digits in "greeting only" mode"
Joshua Colp [Fri, 25 Aug 2017 13:28:11 +0000 (08:28 -0500)]
Merge "app_voicemail: Honor escape digits in "greeting only" mode"

2 years agoalembic: Add dtls_fingerprint column in ps_endpoints table
Florian Floimair [Wed, 23 Aug 2017 15:01:09 +0000 (17:01 +0200)]
alembic: Add dtls_fingerprint column in ps_endpoints table

The ps_endpoints table was missing the dtls_fingerprint column
introduced with commit adba2a8d7fd.

ASTERISK-27168 #close

Change-Id: I9cb5006f7f50718b5239919562773adabb334cfd

2 years agores/res_pjsip_session: allow SDP answer to be regenerated
Torrey Searle [Mon, 21 Aug 2017 09:28:52 +0000 (11:28 +0200)]
res/res_pjsip_session: allow SDP answer to be regenerated

If an SDP answer hasn't been sent yet, it's legal to change it.
This is required for PJSIP_DTMF_MODE to work correctly, and can
also have use in the future for updating codecs too.

ASTERISK-27209 #close

Change-Id: Idbbfb7cb3f72fbd96c94d10d93540f69bd51e7a1

2 years agoapp_queue: Evaluate realtime queues when running dialplan functions
Sean Bright [Thu, 24 Aug 2017 14:42:24 +0000 (10:42 -0400)]
app_queue: Evaluate realtime queues when running dialplan functions

ASTERISK-19103 #close
Reported by: Jim Van Meggelen

Change-Id: I4bd32a9d1fcebb8ac56bff0e084d4f53e31b692b

2 years agoapp_voicemail: Honor escape digits in "greeting only" mode
Sean Bright [Wed, 23 Aug 2017 14:19:35 +0000 (10:19 -0400)]
app_voicemail: Honor escape digits in "greeting only" mode

ASTERISK-21241 #close
Reported by: Eelco Brolman
Patches:
Patch uploaded by Eelco Brolman (License 6442)

Change-Id: Icbe39b5c82a49b46cf1d168dc17766f3d84f54fe

2 years agores_smdi: Clean up memory leak
Sean Bright [Thu, 24 Aug 2017 13:35:45 +0000 (09:35 -0400)]
res_smdi: Clean up memory leak

Change-Id: I1e33290929e1aa7c5b9cb513f8254f2884974de8

2 years agoMerge "res_pjsip_session.c: Fix crash when declining an active stream."
Joshua Colp [Wed, 23 Aug 2017 19:49:26 +0000 (14:49 -0500)]
Merge "res_pjsip_session.c: Fix crash when declining an active stream."

2 years agoMerge changes from topic 'ASTERISK-27212'
Jenkins2 [Wed, 23 Aug 2017 19:45:52 +0000 (14:45 -0500)]
Merge changes from topic 'ASTERISK-27212'

* changes:
  bridge_channel.c: Fix FRACK when mapping frames to the bridge.
  bridge: Fix softmix bridge deadlock.

2 years agoMerge "channel: Fix topology API locking."
Jenkins2 [Wed, 23 Aug 2017 19:17:11 +0000 (14:17 -0500)]
Merge "channel: Fix topology API locking."

2 years agoMerge "app_confbridge: Document sfu video_mode value."
Joshua Colp [Wed, 23 Aug 2017 18:05:35 +0000 (13:05 -0500)]
Merge "app_confbridge: Document sfu video_mode value."

2 years agoMerge "bridge_softmix.c: Restored softmix_bridge_leave() shortcut exit."
Jenkins2 [Wed, 23 Aug 2017 17:21:47 +0000 (12:21 -0500)]
Merge "bridge_softmix.c: Restored softmix_bridge_leave() shortcut exit."

2 years agoMerge "confbridge.h: Fix doxygen comments."
Jenkins2 [Wed, 23 Aug 2017 17:05:29 +0000 (12:05 -0500)]
Merge "confbridge.h: Fix doxygen comments."

2 years agoMerge "bridge_softmix.c: Remove always true test."
Jenkins2 [Wed, 23 Aug 2017 16:55:01 +0000 (11:55 -0500)]
Merge "bridge_softmix.c: Remove always true test."

2 years agoMerge "app_queue: Fix initial hold time queue statistic"
Jenkins2 [Wed, 23 Aug 2017 16:11:38 +0000 (11:11 -0500)]
Merge "app_queue: Fix initial hold time queue statistic"

2 years agores_pjsip_session.c: Fix crash when declining an active stream.
Richard Mudgett [Fri, 18 Aug 2017 22:37:12 +0000 (17:37 -0500)]
res_pjsip_session.c: Fix crash when declining an active stream.

If a previously active stream is declined we could crash because the
channel's thread is still using the stream while we are updating the
topology in the serializer thread.

* Defer removing any declined stream's handler until we have blocked the
channel's thread with the channel lock.

ASTERISK-27212

Change-Id: I50e1d3ef26f8e41948f4c411ee329aa3b960a420

2 years agobridge_channel.c: Fix FRACK when mapping frames to the bridge.
Richard Mudgett [Wed, 16 Aug 2017 22:50:18 +0000 (17:50 -0500)]
bridge_channel.c: Fix FRACK when mapping frames to the bridge.

* Add protection checks when mapping streams to the bridge.  The channel
and bridge may be in the process of updating the stream mapping when a
media frame comes in so we may not be able to map the frame at the time.

* We need to map the streams to the bridge's stream numbers right before
they are written into the bridge.  That way we don't have to keep
locking/unlocking the bridge and we won't have any synchronization
problems before the frames actually go into the bridge.

* Protect the deferred queue with the bridge_channel lock.

ASTERISK-27212

Change-Id: Id6860dd61b594b90c8395f6e2c0150219094c21a

2 years agochannel: Fix topology API locking.
Richard Mudgett [Fri, 11 Aug 2017 21:31:45 +0000 (16:31 -0500)]
channel: Fix topology API locking.

* ast_channel_request_stream_topology_change() must not be called with any
channel locks held.

* ast_channel_stream_topology_changed() must be called with only the
passed channel lock held.

ASTERISK-27212

Change-Id: I843de7956d9f1cc7cc02025aea3463d8fe19c691

2 years agobridge: Fix softmix bridge deadlock.
Richard Mudgett [Wed, 16 Aug 2017 20:22:04 +0000 (15:22 -0500)]
bridge: Fix softmix bridge deadlock.

* Fix deadlock in
bridge_softmix.c:softmix_bridge_stream_topology_changed() between
bridge_channel and channel locks.

* The new bridge technology topology change callbacks must be called with
the bridge locked.  The callback references the bridge channel list, the
bridge technology could change, and the bridge stream mapping is updated.

ASTERISK-27212

Change-Id: Ide4360ab853607e738ad471721af3f561ddd83be

2 years agochan_pjsip.c: Fix topology refresh response code accuracy.
Richard Mudgett [Mon, 14 Aug 2017 17:20:25 +0000 (12:20 -0500)]
chan_pjsip.c: Fix topology refresh response code accuracy.

There are other 1xx and 2xx codes than 100 and 200 respectively.

Change-Id: I680db0997343256add1478714f5bf5b5569aee17

2 years agobridge_softmix.c: Restored softmix_bridge_leave() shortcut exit.
Richard Mudgett [Fri, 11 Aug 2017 22:06:01 +0000 (17:06 -0500)]
bridge_softmix.c: Restored softmix_bridge_leave() shortcut exit.

Change-Id: I13026cd90954e0265eab94a0faf635a3e11f0e35

2 years agoapp_confbridge: Document sfu video_mode value.
Richard Mudgett [Thu, 17 Aug 2017 22:07:18 +0000 (17:07 -0500)]
app_confbridge: Document sfu video_mode value.

Change-Id: I26e17df2c93f3933b23f78070603adbcc84ba204

2 years agoconfbridge.h: Fix doxygen comments.
Richard Mudgett [Thu, 17 Aug 2017 22:06:21 +0000 (17:06 -0500)]
confbridge.h: Fix doxygen comments.

Change-Id: I16133166a85fdb557c66ffcbfe8128d0b4725b0e

2 years agobridge_softmix.c: Remove always true test.
Richard Mudgett [Fri, 11 Aug 2017 16:40:46 +0000 (11:40 -0500)]
bridge_softmix.c: Remove always true test.

Change-Id: I26238df2ff0d0f6dfe95c3aa35da588f1ee71727

2 years agoMerge "res_xmpp: fix inverted return code check in OAuth"
Jenkins2 [Tue, 22 Aug 2017 12:57:39 +0000 (07:57 -0500)]
Merge "res_xmpp: fix inverted return code check in OAuth"

2 years agoapp_queue: Fix initial hold time queue statistic
Sungtae Kim [Thu, 17 Aug 2017 21:46:49 +0000 (23:46 +0200)]
app_queue: Fix initial hold time queue statistic

Fixed to use correct initial value and fixed to use the
correct queue info to check the first value.

ASTERISK-27204

Change-Id: Ia9e36c828e566e1cc25c66f73307566e4acb8e73

2 years agoMerge "res_calendar_icalendar: Properly handle recurring events"
Joshua Colp [Tue, 22 Aug 2017 10:11:51 +0000 (05:11 -0500)]
Merge "res_calendar_icalendar: Properly handle recurring events"