Commits

Show all
Author Commit Message Labels Comments Date
mjordan
Fix remotely exploitable stack overflow in HTTP manager There exists a remotely exploitable stack buffer overflow in HTTP digest authentication handling in Asterisk. The particular method in question is only utilized by HTTP AMI. When parsing the digest information, the length of the string is not checked when it is copied into temporary buffers allocated on the stack. This patch fixes this behavior by parsing out pre-defined key/value pairs and avo…
Tags
1.8.10.1
Branches
1.8
mjordan
Fix remotely exploitable stack overrun in Milliwatt Milliwatt is vulnerable to a remotely exploitable stack overrun when using the 'o' option. This occurs due to the milliwatt_generate function not accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of samples it can put in the output buffer. This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET when determining the maximum number of samples allowed. Note t…
Branches
1.8
rmudgett
Add missing connected line macro calls to initial dial for Dial and Queue apps. The connected line interception macros do not get executed when the outgoing channel is initially created and that channel's caller-id is implicitly imported into the incoming channel's connected line data. If you are using the interception macros, you would expect that they get run for every change to a channel's connected line information outside of normal dialplan execution. Review: https://r…
Branches
1.8
russell
chan_iax2: Fix use of uninitialized sockaddr_in in try_transfer(). Initialize a struct sockaddr_in in try_transfer() so that the code isn't (potentially) trying to read from it while uninitialized.
Branches
1.8
russell
chan_gtalk: Fix use of uninitialized vars in config handling. Fix potential use of context, parkinglot, and prefs before they are initialized.
Branches
1.8
russell
chan_gtalk: Fix potential use of uninitialized variable. Avoid potential use of idroster in gtalk_alloc() before it has been initialized.
Branches
1.8
russell
app_chanisavail: Fix use of uninitialized variable. Ensure that status is set before it is used by resetting it during each loop iteration. This could have resulted in incorrect results from this app.
Branches
1.8
russell
udptl: Ensure fec[] in udptl_build_packet() is initialized. Scan results indicated that this array could be used uninitialized. At a quick look, it looks correct. In any case, initializing it is a Good Thing (tm).
Branches
1.8
russell
app.h: Always initialize AST_DECLARE_APP_ARGS(). This patch ensures that the struct defined by AST_DECLARE_APP_ARGS() is always fully initialized. I'm not sure if this fixes any real bugs, but it silences a bunch of warnings from coverity, and is generally a good thing to do anyway.
Branches
1.8
rmudgett
Fix deadlock potential with some ast_indicate/ast_indicate_data calls. Calling ast_indicate()/ast_indicate_data() with the channel lock held can result in a deadlock with a local channel because of how local channels need to avoid deadlock.
Branches
1.8
mjordan
Fix incorrect jitter buffer overflow due to missed resynchronizations When a change in time occurs, such that the timestamps associated with frames being placed into an adaptive jitter buffer (implemented in jitterbuf.c) are significantly different then the previously inserted frames, the jitter buffer checks to see if it needs to be resynched to the new time frame. If three consecutive packets break the threshold, the jitter buffer resynchs itself to the new times…
Branches
1.8
rmudgett
Fix Dial m and r options and forked calls generating warnings for voice frames. When connected line support was added, the wait_for_answer() variable single changed its meaning slightly. Unfortunately, the places where single was used did not necessarily get updated to reflect that change. Also audio/video frames were sent to all forked calls when the endpoints were never made compatible. * Don't pass audio/video media frames when the channels have not been made compatible.…
Branches
1.8
russell
Fix bogus reads/writes of console log levels in asterisk.c This patch updates the NUMLOGLEVELS define in logger.h to 32, to match the fact that logger.c implements 32 log levels (because of the custom log level stuff). asterisk.c uses this define to size an array of levels per remote console. This array is modified in ast_console_toggle_loglevel(), which is called by the "logger set level" CLI command. While the documentation for the CLI command doesn't…
Branches
1.8
russell
Fix invalid reads/writes due to incorrect sizeof(). These few places in the code used sizeof() on h_addr in struct hostent. This is sizeof(char *). The correct way to get the size of this address is to use h_length. This error would result in reads/writes of 8 bytes instead of 4 on 64-bit machines.
Branches
1.8
russell
Fix inaccurate sizeof() in sched.c. This code just needed sizeof(int), not sizeof(int *).
Branches
1.8
russell
Fix incorrect sizeof() in astman.
Branches
1.8
russell
Fix incorrect usage of sizeof() in res_crypto. In this case, just remove the memset(). There was a redundant memset that is done correctly just 2 lines later.
Branches
1.8
russell
Fix broken usage of sizeof() in res_adsi.
Branches
1.8
russell
Fix incorrect sizeof() usage in features.c. This didn't actually result in a bug anywhere, luckily. The only place where the result of these memcpys was used is in app_dial, and the only field that it read out of ast_call_feature was the first one, which is an int, so these memcpys always copied just enough to avoid a problem.
Branches
1.8
russell
Fix incorrect sizeof() on a pointer in MD5Final().
Branches
1.8
russell
Don't use a buffer after it goes out of scope. 's' is set to 'workspace'. Make sure 'workspace' doesn't go out of scope while the reference to it via 's' is still used.
Branches
1.8
russell
Dump cache of published events when a node joins the cluster. Also use a more reliable method for stopping the poll() thread.
Branches
1.8
russell
Remove chan_usbradio and app_rpt. These modules are being maintained outside of the tree and have been for a long time now, so it doesn't make sense to keep them here. Review: https://reviewboard.asterisk.org/r/1764/
Branches
1.8
twilson
Fix setting CDR variables in the hangup extension A previous CDR fix for setting CDR variables during a bridge via custom dialplan features broke setting CDR variables in the hangup extension. This patch fixes the issue. Review: https://reviewboard.asterisk.org/r/1794/
Branches
1.8
twilson
Make hints for invalid SIP devices return Unavail, not idle This patch drastically simplifies the device state aggegation code. The old method was not only overly complex, but also made it impossible to return AST_DEVICE_INVALID from the aggregation code. The unit test update is as a result of fixing that bug. The SIP change stems from a bug introduced by removing a DNS lookup for hostname-based SIP channels. (closes issue ASTERISK-16702) Review: https:/…
Branches
1.8
tilghman
Requested changes documenting the fixed AEL functionality.
Branches
1.8
tilghman
Enable macros in 1.8 to find the next highest "h" extension in a context, like in 1.4. This change restores functionality that was present in 1.4, when AEL macros were implemented with the Macro dialplan application. Macros are fraught with functionality issues, because they consume a large portion of the underlying application stack. This limits the ability of AEL users to call many layers of subroutines, an issue which Gosub does not have (originally tested to 100,000 levels dee…
Branches
1.8
jrose
Make transfer not ignore port information with SIP. Attempting to transfer with SIP to an address like 1XXXXX@ip.ad.re.ss:5061 would fail because port would be cut from the host string and ignored. This simply keeps chan_sip from cutting off the port number during these kinds of transfers. (closes issue ASTERISK-19321) Reported by: Federico Alves Review: https://reviewboard.asterisk.org/r/1790/diff/#index_header
Branches
1.8
rmudgett
Change directly setting _softhangup in sig_ss7.c to use ast_softhangup_nolock(). Update to: (issue ASTERISK-19372)
Branches
1.8
seanbright
Return g729 and g723.1 frames with the number of samples set properly. If the wctc4xxp returns more than a single packet, we need to update the number of samples in the returned frame accordingly. Acked-by: Shaun Ruffell <sruffell@digium.com>
Branches
1.8
  1. Prev
  2. Next