Age | Commit message (Collapse) | Author | Files | Lines |
|
(closes issue 0015997)
Reported by: exarv
Patches:
iax_fix.diff uploaded by dvossel (license 671)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@245874 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
AST-2009-006
(closes issue 0016206)
Reported by: bklang
Tested by: bklang
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@229235 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
The IAX2 Call Token security patch inadvertently broke the use of
encryption due to the reorganization of code in the socket_process()
function. When encryption is used, an incoming full frame must first
be decrypted before the information elements can be parsed. The
security release mistakenly moved IE parsing before decryption in
order to process the new Call Token IE. To resolve this, decryption
of full frames is once again done before looking into the frame. This
involves searching for an existing callno, checking the pvt to see if
encryption is turned on, and decrypting the packet before the internal
fields of the full frame are accessed.
associated with AST-2009-006
(closes issue #15834)
Reported by: karesmakro
Patches:
iax2_encryption_fix_1.4.diff uploaded by dvossel (license 671)
Tested by: dvossel, karesmakro
Review: https://reviewboard.asterisk.org/r/355/
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@217887 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
(closes issue #12912)
Reported by: rathaus
Tested by: tilghman, russell, dvossel, dbrooks
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@215958 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@211526 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
chan_iax2 supports multiple address bindings. The send_apathetic_reply()
function did not attempt to send its response on the same socket that the
incoming message came in on.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@206384 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@199137 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. This patch also fixes some compile errors that occured using gcc v4.3.2.
(Related to Security fix AST-2009-001)
(closes issue #14386)
Reported by: sabbathbh
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@194878 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@170580 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@168632 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@167259 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@162868 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
(closes issue #13918)
Reported by: ffloimair
Patches:
20081119__bug13918.diff.txt uploaded by Corydon76 (license 14)
Tested by: ffloimair
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@159245 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@133360 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@132711 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
all full frames except for PING and LAGRQ, which may be sent by older versions
too quickly to contain the destination call number.
(As suggested by Tim Panton on the asterisk-dev list)
- Merge changes from team/russell/iax2-frame-race, which prevents PING and LAGRQ
from being sent before the destination call number is known.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@119237 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
As described in the following post to the asterisk-dev mailing list, only
enforce destination call numbers when processing an ACK.
http://lists.digium.com/pipermail/asterisk-dev/2008-May/033217.html
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@119008 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
He was running Asterisk trunk running IAX2 calls through a few Asterisk boxes,
however, the audio was extremely choppy. We looked at a packet trace and saw
a storm of INVAL and VNAK frames being sent from one box to another.
It turned out that what had happened was that one box tried to send a CONTROL
frame before the 3 way handshake had completed. So, that frame did not include
the destination call number, because it didn't have it yet. Part of our recent
work for security issues included an additional check to ensure that frames that
are supposed to include the destination call number have the correct one. This
caused the frame to be rejected with an INVAL. The frame would get retransmitted
for forever, rejected every time ...
This race condition exists in all versions that got the security changes,
in theory. However, it is really only likely that this would cause a problem in
Asterisk trunk. There was a control frame being sent (SRCUPDATE) at the _very_
beginning of the call, which does not exist in 1.2 or 1.4. However, I am fixing
all versions that could potentially be affected by the introduced race condition.
These changes are what bbryant and I came up with to fix the issue. Instead of
simply dropping control frames that get sent before the handshake is complete,
the code attempts to wait a little while, since in most cases, the handshake
will complete very quickly. If it doesn't complete after yielding for a little
while, then the frame gets dropped.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@115564 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
version
of my IAX2 improvements.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@115511 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
These changes address a critical performance issue introduced in the latest
release. The fix for the latest security issue included a change that made
Asterisk randomly choose call numbers to make them more difficult to guess by
attackers. However, due to some inefficient (this is by far, an understatement)
code, when Asterisk chose high call numbers, chan_iax2 became unusable after
just a small number of calls. On a small embedded platform, it would not be
able to handle a single call. On my Intel Core 2 Duo @ 2.33 GHz, I couldn't
run more than about 16 IAX2 channels. Ouch.
These changes address some performance issues of the find_callno() function
that have bothered me for a very long time. On every incoming media frame,
it iterated through every possible call number trying to find a matching
active call. This involved a mutex lock and unlock for each call number
checked. So, if the random call number chosen was 20000, then every media
frame would cause 20000 locks and unlocks. Previously, this problem was
not as obvious since Asterisk always chose the lowest call number it could.
A second container for IAX2 pvt structs has been added. It is an astobj2
hash table. When we know the remote side's call number, the pvt goes into
the hash table with a hash value of the remote side's call number. Then,
lookups for incoming media frames are a very fast hash lookup instead of an
absolutely insane array traversal.
In a quick test, I was able to get more than 3600% more IAX2 channels
on my machine with these changes.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@115296 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
ensure that it has the correct one.
(closes issue #10078)
(AST-2008-006)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@114561 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
security
fix. The dnsmgr is not appropriate here. The dnsmgr takes a pointer to an address
structure that a background thread continuously updates. However, in these cases,
a stack variable was passed. That means that the dnsmgr thread would be continuously
writing to bogus memory.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@110335 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
(closes issue #11606)
Reported by: dimas
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@94255 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@94214 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@93675 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@93667 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
(ASA-2007-018)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@76802 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
deciding whether or not we need to request retransmissions by sending a VNAK.
This code could cause VNAKs to be sent erroneously in some cases, and to not
be sent in other cases when it should have been.
(closes issue #10237, reported and patched by mihai)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@75927 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
receiving a VNAK, handle sequence number wraparound so that all frames that
should be retransmitted actually do get retransmitted.
(issue #10227, reported and patched by mihai)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@75757 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
the size of the destination buffer is known in the iax_frame so that code
won't write past the end of the allocated buffer when sending outgoing frames.
(ASA-2007-014)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@75444 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
so that code later on does not think it has data to copy.
(ASA-2007-015)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@75440 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
number. Fix the uses of this function to handle this instead of treating it
as the new call number. This would cause a deadlock and memory corruption.
(possible cause of issue #9614 and others, patch by me)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@74766 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
until the three-way call setup is completed. These changes are already in 1.4
and trunk.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@72629 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
done *before* we start the PBX on it
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@65676 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
Issue 9709, patch by nic_bellamy.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@63828 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
IAX connection, the remote end will receive garbage characters tacked onto the
end.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@62691 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
technical term). This is causing legit calls to be prematurely hung up. (issue #9600 reported by justdave)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@62037 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@61866 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@61862 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
from its read callback. See revision 59341 to the 1.4 branch for more info.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@59355 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
instead of having each interface explicitly listed.
(issue #7874, patch by stevens)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@59258 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
user for a call. This is because the first step of choosing this name is to
look for an IAX2 peer that happens to have the same IP/port number that this
call is coming from and assuming that is it. However, this is not always
correct. So, I have made it change this name after authentication happens
since at that point, we have an exact match.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@58242 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
core.
Also, fix a potential memory leak from not destroying the locks for all of the
possible call numbers (about 32k of them).
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@56406 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
reported by bsmithurst)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@53357 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
pthread_attr_destroy() was not.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@53045 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
mapping for a mini-frame instead of a video-frame, which caused it to
get invalid data.
(issue #8795, mihai)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@52762 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
by pj)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@52360 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
send one. (issue #8746 reported by maethor)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@49889 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
going to wait on them) are created properly
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@49635 f38db490-d61c-443f-a65b-d21fe96a405b
|
|
This was reported by Andy Wang on the asterisk-dev list. Thanks!
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@48943 f38db490-d61c-443f-a65b-d21fe96a405b
|