[asterisk-commits] kharwell: branch kharwell/pimp_sip_video r384105 - in /team/kharwell/pimp_sip...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Mar 27 13:26:10 CDT 2013
Author: kharwell
Date: Wed Mar 27 13:26:06 2013
New Revision: 384105
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=384105
Log:
merging in changes from base branch and turning automerge back on
Modified:
team/kharwell/pimp_sip_video/ (props changed)
team/kharwell/pimp_sip_video/channels/chan_sip.c
team/kharwell/pimp_sip_video/channels/chan_skinny.c
team/kharwell/pimp_sip_video/channels/sip/include/sip.h
team/kharwell/pimp_sip_video/channels/sip/security_events.c
team/kharwell/pimp_sip_video/main/http.c
team/kharwell/pimp_sip_video/main/sorcery.c
team/kharwell/pimp_sip_video/res/res_format_attr_h264.c
team/kharwell/pimp_sip_video/res/res_rtp_asterisk.c
Propchange: team/kharwell/pimp_sip_video/
------------------------------------------------------------------------------
automerge = *
Propchange: team/kharwell/pimp_sip_video/
------------------------------------------------------------------------------
Binary property 'branch-11-merged' - no diff available.
Propchange: team/kharwell/pimp_sip_video/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Wed Mar 27 13:26:06 2013
@@ -1,1 +1,1 @@
-/trunk:1-383881
+/trunk:1-384103
Modified: team/kharwell/pimp_sip_video/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/channels/chan_sip.c?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/channels/chan_sip.c (original)
+++ team/kharwell/pimp_sip_video/channels/chan_sip.c Wed Mar 27 13:26:06 2013
@@ -1009,6 +1009,11 @@
static struct ao2_container *peers;
static struct ao2_container *peers_by_ip;
+/*! \brief A bogus peer, to be used when authentication should fail */
+static struct sip_peer *bogus_peer;
+/*! \brief We can recognise the bogus peer by this invalid MD5 hash */
+#define BOGUS_PEER_MD5SECRET "intentionally_invalid_md5_string"
+
/*! \brief The register list: Other SIP proxies we register with and receive calls from */
static struct ast_register_list {
ASTOBJ_CONTAINER_COMPONENTS(struct sip_registry);
@@ -1157,7 +1162,7 @@
static int transmit_response_with_auth(struct sip_pvt *p, const char *msg, const struct sip_request *req, const char *rand, enum xmittype reliable, const char *header, int stale);
static int transmit_provisional_response(struct sip_pvt *p, const char *msg, const struct sip_request *req, int with_sdp);
static int transmit_response_with_allow(struct sip_pvt *p, const char *msg, const struct sip_request *req, enum xmittype reliable);
-static void transmit_fake_auth_response(struct sip_pvt *p, int sipmethod, struct sip_request *req, enum xmittype reliable);
+static void transmit_fake_auth_response(struct sip_pvt *p, struct sip_request *req, enum xmittype reliable);
static int transmit_request(struct sip_pvt *p, int sipmethod, uint32_t seqno, enum xmittype reliable, int newbranch);
static int transmit_request_with_auth(struct sip_pvt *p, int sipmethod, uint32_t seqno, enum xmittype reliable, int newbranch);
static int transmit_publish(struct sip_epa_entry *epa_entry, enum sip_publish_type publish_type, const char * const explicit_uri);
@@ -16479,6 +16484,7 @@
char a1_hash[256];
char resp_hash[256]="";
char *c;
+ int is_bogus_peer = 0;
int wrongnonce = FALSE;
int good_response;
const char *usednonce = p->nonce;
@@ -16550,8 +16556,14 @@
sip_digest_parser(c, keys);
+ /* We cannot rely on the bogus_peer having a bad md5 value. Someone could
+ * use it to construct valid auth. */
+ if (md5secret && strcmp(md5secret, BOGUS_PEER_MD5SECRET) == 0) {
+ is_bogus_peer = 1;
+ }
+
/* Verify that digest username matches the username we auth as */
- if (strcmp(username, keys[K_USER].s)) {
+ if (strcmp(username, keys[K_USER].s) && !is_bogus_peer) {
ast_log(LOG_WARNING, "username mismatch, have <%s>, digest has <%s>\n",
username, keys[K_USER].s);
/* Oops, we're trying something here */
@@ -16590,7 +16602,8 @@
}
good_response = keys[K_RESP].s &&
- !strncasecmp(keys[K_RESP].s, resp_hash, strlen(resp_hash));
+ !strncasecmp(keys[K_RESP].s, resp_hash, strlen(resp_hash)) &&
+ !is_bogus_peer; /* lastly, check that the peer isn't the fake peer */
if (wrongnonce) {
if (good_response) {
if (sipdebug)
@@ -16821,13 +16834,13 @@
/*! \brief Send a fake 401 Unauthorized response when the administrator
wants to hide the names of local devices from fishers
*/
-static void transmit_fake_auth_response(struct sip_pvt *p, int sipmethod, struct sip_request *req, enum xmittype reliable)
+static void transmit_fake_auth_response(struct sip_pvt *p, struct sip_request *req, enum xmittype reliable)
{
/* We have to emulate EXACTLY what we'd get with a good peer
* and a bad password, or else we leak information. */
- const char *response = "407 Proxy Authentication Required";
- const char *reqheader = "Proxy-Authorization";
- const char *respheader = "Proxy-Authenticate";
+ const char *response = "401 Unauthorized";
+ const char *reqheader = "Authorization";
+ const char *respheader = "WWW-Authenticate";
const char *authtoken;
struct ast_str *buf;
char *c;
@@ -16842,36 +16855,31 @@
[K_LAST] = { NULL, NULL}
};
- if (sipmethod == SIP_REGISTER || sipmethod == SIP_SUBSCRIBE) {
- response = "401 Unauthorized";
- reqheader = "Authorization";
- respheader = "WWW-Authenticate";
- }
authtoken = sip_get_header(req, reqheader);
if (req->ignore && !ast_strlen_zero(p->nonce) && ast_strlen_zero(authtoken)) {
/* This is a retransmitted invite/register/etc, don't reconstruct authentication
* information */
- transmit_response_with_auth(p, response, req, p->nonce, 0, respheader, 0);
+ transmit_response_with_auth(p, response, req, p->nonce, reliable, respheader, 0);
/* Schedule auto destroy in 32 seconds (according to RFC 3261) */
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
return;
} else if (ast_strlen_zero(p->nonce) || ast_strlen_zero(authtoken)) {
/* We have no auth, so issue challenge and request authentication */
build_nonce(p, 1);
- transmit_response_with_auth(p, response, req, p->nonce, 0, respheader, 0);
+ transmit_response_with_auth(p, response, req, p->nonce, reliable, respheader, 0);
/* Schedule auto destroy in 32 seconds */
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
return;
}
if (!(buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN))) {
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
return;
}
/* Make a copy of the response and parse it */
if (ast_str_set(&buf, 0, "%s", authtoken) == AST_DYNSTR_BUILD_FAILED) {
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
return;
}
@@ -16909,7 +16917,7 @@
/* Schedule auto destroy in 32 seconds */
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
} else {
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
}
}
@@ -17019,7 +17027,7 @@
if (!AST_LIST_EMPTY(&domain_list)) {
if (!check_sip_domain(domain, NULL, 0)) {
if (sip_cfg.alwaysauthreject) {
- transmit_fake_auth_response(p, SIP_REGISTER, &p->initreq, XMIT_UNRELIABLE);
+ transmit_fake_auth_response(p, &p->initreq, XMIT_UNRELIABLE);
} else {
transmit_response(p, "404 Not found (unknown domain)", &p->initreq);
}
@@ -17045,6 +17053,13 @@
}
}
peer = sip_find_peer(name, NULL, TRUE, FINDPEERS, FALSE, 0);
+
+ /* If we don't want username disclosure, use the bogus_peer when a user
+ * is not found. */
+ if (!peer && sip_cfg.alwaysauthreject && sip_cfg.autocreatepeer == AUTOPEERS_DISABLED) {
+ peer = bogus_peer;
+ sip_ref_peer(peer, "register_verify: ref the bogus_peer");
+ }
if (!(peer && ast_apply_acl(peer->acl, addr, "SIP Peer ACL: "))) {
/* Peer fails ACL check */
@@ -17137,7 +17152,7 @@
switch (parse_register_contact(p, peer, req)) {
case PARSE_REGISTER_DENIED:
ast_log(LOG_WARNING, "Registration denied because of contact ACL\n");
- transmit_response_with_date(p, "403 Forbidden (ACL)", req);
+ transmit_response_with_date(p, "403 Forbidden", req);
res = 0;
break;
case PARSE_REGISTER_FAILED:
@@ -17177,7 +17192,7 @@
switch (res) {
case AUTH_SECRET_FAILED:
/* Wrong password in authentication. Go away, don't try again until you fixed it */
- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ transmit_response(p, "403 Forbidden", &p->initreq);
if (global_authfailureevents) {
const char *peer_addr = ast_strdupa(ast_sockaddr_stringify_addr(addr));
const char *peer_port = ast_strdupa(ast_sockaddr_stringify_port(addr));
@@ -17200,7 +17215,7 @@
case AUTH_PEER_NOT_DYNAMIC:
case AUTH_ACL_FAILED:
if (sip_cfg.alwaysauthreject) {
- transmit_fake_auth_response(p, SIP_REGISTER, &p->initreq, XMIT_UNRELIABLE);
+ transmit_fake_auth_response(p, &p->initreq, XMIT_UNRELIABLE);
if (global_authfailureevents) {
const char *peer_addr = ast_strdupa(ast_sockaddr_stringify_addr(addr));
const char *peer_port = ast_strdupa(ast_sockaddr_stringify_port(addr));
@@ -18239,7 +18254,19 @@
ast_verbose("No matching peer for '%s' from '%s'\n",
of, ast_sockaddr_stringify(&p->recv));
}
- return AUTH_DONT_KNOW;
+
+ /* If you don't mind, we can return 404s for devices that do
+ * not exist: username disclosure. If we allow guests, there
+ * is no way around that. */
+ if (sip_cfg.allowguest || !sip_cfg.alwaysauthreject) {
+ return AUTH_DONT_KNOW;
+ }
+
+ /* If you do mind, we use a peer that will never authenticate.
+ * This ensures that we follow the same code path as regular
+ * auth: less chance for username disclosure. */
+ peer = bogus_peer;
+ sip_ref_peer(peer, "sip_ref_peer: check_peer_ok: must ref bogus_peer so unreffing it does not fail");
}
/* build_peer, called through sip_find_peer, is not able to check the
@@ -18262,9 +18289,10 @@
sip_unref_peer(peer, "sip_unref_peer: check_peer_ok: from sip_find_peer call, early return of AUTH_ACL_FAILED");
return AUTH_ACL_FAILED;
}
- if (debug)
+ if (debug && peer != bogus_peer) {
ast_verbose("Found peer '%s' for '%s' from %s\n",
peer->name, of, ast_sockaddr_stringify(&p->recv));
+ }
/* XXX what about p->prefs = peer->prefs; ? */
/* Set Frame packetization */
@@ -18547,8 +18575,6 @@
} else {
res = AUTH_RTP_FAILED;
}
- } else if (sip_cfg.alwaysauthreject) {
- res = AUTH_FAKE_AUTH; /* reject with fake authorization request */
} else {
res = AUTH_SECRET_FAILED; /* we don't want any guests, authentication will fail */
}
@@ -18683,13 +18709,8 @@
return;
}
if (res < 0) { /* Something failed in authentication */
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_MESSAGE, req, XMIT_UNRELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
- transmit_response(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
+ transmit_response(p, "403 Forbidden", req);
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
return;
}
@@ -24847,13 +24868,8 @@
return 0;
}
if (res < 0) { /* Something failed in authentication */
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_OPTIONS, req, XMIT_UNRELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
- transmit_response(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
+ transmit_response(p, "403 Forbidden", req);
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
return 0;
}
@@ -25498,13 +25514,8 @@
goto request_invite_cleanup;
}
if (res < 0) { /* Something failed in authentication */
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
- transmit_response_reliable(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
+ transmit_response_reliable(p, "403 Forbidden", req);
p->invitestate = INV_COMPLETED;
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
goto request_invite_cleanup;
@@ -27547,18 +27558,13 @@
return -1;
}
- auth_result = check_user(p, req, SIP_PUBLISH, uri, XMIT_RELIABLE, addr);
+ auth_result = check_user(p, req, SIP_PUBLISH, uri, XMIT_UNRELIABLE, addr);
if (auth_result == AUTH_CHALLENGE_SENT) {
p->lastinvite = seqno;
return 0;
} else if (auth_result < 0) {
- if (auth_result == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
- transmit_response_reliable(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));
+ transmit_response(p, "403 Forbidden", req);
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
ast_string_field_set(p, theirtag, NULL);
return 0;
@@ -27770,19 +27776,14 @@
* use if !req->ignore, because then we'll end up sending
* a 200 OK if someone retransmits without sending auth */
if (p->subscribed == NONE || resubscribe) {
- res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, addr, &authpeer);
+ res = check_user_full(p, req, SIP_SUBSCRIBE, e, XMIT_UNRELIABLE, addr, &authpeer);
/* if an authentication response was sent, we are done here */
if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */
return 0;
if (res != AUTH_SUCCESSFUL) {
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", sip_get_header(req, "From"));
- transmit_response_reliable(p, "403 Forbidden", req);
- }
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", sip_get_header(req, "From"));
+ transmit_response(p, "403 Forbidden", req);
pvt_set_needdestroy(p, "authentication failed");
return 0;
@@ -33315,6 +33316,7 @@
/*! \brief Force reload of module from cli */
static char *sip_reload(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
{
+ static struct sip_peer *tmp_peer, *new_peer;
switch (cmd) {
case CLI_INIT:
@@ -33336,6 +33338,18 @@
}
ast_mutex_unlock(&sip_reload_lock);
restart_monitor();
+
+ tmp_peer = bogus_peer;
+ /* Create new bogus peer possibly with new global settings. */
+ if ((new_peer = temp_peer("(bogus_peer)"))) {
+ ast_string_field_set(new_peer, md5secret, BOGUS_PEER_MD5SECRET);
+ ast_clear_flag(&new_peer->flags[0], SIP_INSECURE);
+ bogus_peer = new_peer;
+ ao2_t_ref(tmp_peer, -1, "unref the old bogus_peer during reload");
+ } else {
+ ast_log(LOG_ERROR, "Could not update the fake authentication peer.\n");
+ /* You probably have bigger (memory?) issues to worry about though.. */
+ }
return CLI_SUCCESS;
}
@@ -34564,6 +34578,17 @@
return AST_MODULE_LOAD_DECLINE;
}
+ /* Initialize bogus peer. Can be done first after reload_config() */
+ if (!(bogus_peer = temp_peer("(bogus_peer)"))) {
+ ast_log(LOG_ERROR, "Unable to create bogus_peer for authentication\n");
+ io_context_destroy(io);
+ ast_sched_context_destroy(sched);
+ return AST_MODULE_LOAD_FAILURE;
+ }
+ /* Make sure the auth will always fail. */
+ ast_string_field_set(bogus_peer, md5secret, BOGUS_PEER_MD5SECRET);
+ ast_clear_flag(&bogus_peer->flags[0], SIP_INSECURE);
+
/* Prepare the version that does not require DTMF BEGIN frames.
* We need to use tricks such as memcpy and casts because the variable
* has const fields.
@@ -34579,6 +34604,7 @@
/* Make sure we can register our sip channel type */
if (ast_channel_register(&sip_tech)) {
ast_log(LOG_ERROR, "Unable to register channel type 'SIP'\n");
+ ao2_t_ref(bogus_peer, -1, "unref the bogus_peer");
io_context_destroy(io);
ast_sched_context_destroy(sched);
return AST_MODULE_LOAD_FAILURE;
@@ -34841,6 +34867,8 @@
ast_debug(2, "TCP/TLS thread container did not become empty :(\n");
}
+ ao2_t_ref(bogus_peer, -1, "unref the bogus_peer");
+
ao2_t_ref(peers, -1, "unref the peers table");
ao2_t_ref(peers_by_ip, -1, "unref the peers_by_ip table");
ao2_t_ref(dialogs, -1, "unref the dialogs table");
Modified: team/kharwell/pimp_sip_video/channels/chan_skinny.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/channels/chan_skinny.c?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/channels/chan_skinny.c (original)
+++ team/kharwell/pimp_sip_video/channels/chan_skinny.c Wed Mar 27 13:26:06 2013
@@ -7114,13 +7114,6 @@
SKINNY_DEBUG(DEBUG_PACKET, 3, "Received SOFTKEY_ENDCALL from %s, inst %d, callref %d\n",
d->name, instance, callreference);
- if (l->transfer && sub && sub->xferor && ast_channel_state(sub->owner) >= AST_STATE_RING) {
- /* We're allowed to transfer, we have two active calls and
- we made at least one of the calls. Let's try and transfer */
- handle_transfer_button(sub);
- return 0;
- }
-
ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Skinny/%s", l->name);
if (sub) {
Modified: team/kharwell/pimp_sip_video/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/channels/sip/include/sip.h?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/channels/sip/include/sip.h (original)
+++ team/kharwell/pimp_sip_video/channels/sip/include/sip.h Wed Mar 27 13:26:06 2013
@@ -507,7 +507,6 @@
AUTH_SECRET_FAILED = -1,
AUTH_USERNAME_MISMATCH = -2,
AUTH_NOT_FOUND = -3, /*!< returned by register_verify */
- AUTH_FAKE_AUTH = -4,
AUTH_UNKNOWN_DOMAIN = -5,
AUTH_PEER_NOT_DYNAMIC = -6,
AUTH_ACL_FAILED = -7,
Modified: team/kharwell/pimp_sip_video/channels/sip/security_events.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/channels/sip/security_events.c?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/channels/sip/security_events.c (original)
+++ team/kharwell/pimp_sip_video/channels/sip/security_events.c Wed Mar 27 13:26:06 2013
@@ -342,9 +342,6 @@
/* with sip_cfg.alwaysauthreject on, generates 2 events */
sip_report_invalid_peer(p);
break;
- case AUTH_FAKE_AUTH:
- sip_report_invalid_peer(p);
- break;
case AUTH_UNKNOWN_DOMAIN:
snprintf(aclname, sizeof(aclname), "domain_must_match");
sip_report_failed_acl(p, aclname);
Modified: team/kharwell/pimp_sip_video/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/main/http.c?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/main/http.c (original)
+++ team/kharwell/pimp_sip_video/main/http.c Wed Mar 27 13:26:06 2013
@@ -601,6 +601,8 @@
AST_RWLIST_UNLOCK(&uris);
}
+#define MAX_POST_CONTENT 1025
+
/*
* get post variables from client Request Entity-Body, if content type is
* application/x-www-form-urlencoded
@@ -630,6 +632,13 @@
}
if (content_length <= 0) {
+ return NULL;
+ }
+
+ if (content_length > MAX_POST_CONTENT - 1) {
+ ast_log(LOG_WARNING, "Excessively long HTTP content. %d is greater than our max of %d\n",
+ content_length, MAX_POST_CONTENT);
+ ast_http_send(ser, AST_HTTP_POST, 413, "Request Entity Too Large", NULL, NULL, 0, 0);
return NULL;
}
Modified: team/kharwell/pimp_sip_video/main/sorcery.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/main/sorcery.c?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/main/sorcery.c (original)
+++ team/kharwell/pimp_sip_video/main/sorcery.c Wed Mar 27 13:26:06 2013
@@ -169,11 +169,6 @@
return !(*buf = ast_strdup(ast_sockaddr_stringify(field))) ? -1 : 0;
}
-static int noop_handler_fn(const void *obj, const intptr_t *args, char **buf)
-{
- return 0;
-}
-
static int chararray_handler_fn(const void *obj, const intptr_t *args, char **buf)
{
char *field = (char *)(obj + args[0]);
@@ -187,7 +182,6 @@
case OPT_CHAR_ARRAY_T: return chararray_handler_fn;
case OPT_DOUBLE_T: return double_handler_fn;
case OPT_INT_T: return int_handler_fn;
- case OPT_NOOP_T: return noop_handler_fn;
case OPT_SOCKADDR_T: return sockaddr_handler_fn;
case OPT_STRINGFIELD_T: return stringfield_handler_fn;
case OPT_UINT_T: return uint_handler_fn;
Modified: team/kharwell/pimp_sip_video/res/res_format_attr_h264.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/res/res_format_attr_h264.c?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/res/res_format_attr_h264.c (original)
+++ team/kharwell/pimp_sip_video/res/res_format_attr_h264.c Wed Mar 27 13:26:06 2013
@@ -41,8 +41,14 @@
/*! \brief Value that indicates an attribute is actually unset */
#define H264_ATTR_KEY_UNSET UINT8_MAX
-/*! \brief Maximum size for SPS / PPS values in sprop-parameter-sets attribute */
+/*! \brief Maximum size for SPS / PPS values in sprop-parameter-sets attribute
+ * if you change this value then you must change H264_MAX_SPS_PPS_SIZE_SCAN_LIMIT
+ * as well. */
#define H264_MAX_SPS_PPS_SIZE 16
+/*! \brief This is used when executing sscanf on buffers of H264_MAX_SPS_PPS_SIZE
+ * length. It must ALWAYS be a string literal representation of one less than
+ * H264_MAX_SPS_PPS_SIZE */
+#define H264_MAX_SPS_PPS_SIZE_SCAN_LIMIT "15"
enum h264_attr_keys {
H264_ATTR_KEY_PROFILE_IDC,
@@ -111,7 +117,8 @@
format_attr->format_attr[H264_ATTR_KEY_PROFILE_IDC] = ((val2 >> 16) & 0xFF);
format_attr->format_attr[H264_ATTR_KEY_PROFILE_IOP] = ((val2 >> 8) & 0xFF);
format_attr->format_attr[H264_ATTR_KEY_LEVEL] = (val2 & 0xFF);
- } else if (sscanf(attrib, "sprop-parameter-sets=%[^','],%s", sps, pps) == 2) {
+ } else if (sscanf(attrib, "sprop-parameter-sets=%" H264_MAX_SPS_PPS_SIZE_SCAN_LIMIT "[^','],%" H264_MAX_SPS_PPS_SIZE_SCAN_LIMIT "s", sps, pps) == 2) {
+ /* XXX sprop-parameter-sets can actually be of unlimited length. This may need to be addressed later. */
unsigned char spsdecoded[H264_MAX_SPS_PPS_SIZE] = { 0, }, ppsdecoded[H264_MAX_SPS_PPS_SIZE] = { 0, };
int i;
Modified: team/kharwell/pimp_sip_video/res/res_rtp_asterisk.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_video/res/res_rtp_asterisk.c?view=diff&rev=384105&r1=384104&r2=384105
==============================================================================
--- team/kharwell/pimp_sip_video/res/res_rtp_asterisk.c (original)
+++ team/kharwell/pimp_sip_video/res/res_rtp_asterisk.c Wed Mar 27 13:26:06 2013
@@ -1491,7 +1491,7 @@
}
#endif
- if ((*in > 1) && res_srtp && srtp && res_srtp->unprotect(srtp, buf, &len, rtcp) < 0) {
+ if ((*in & 0xC0) && res_srtp && srtp && res_srtp->unprotect(srtp, buf, &len, rtcp) < 0) {
return -1;
}
More information about the asterisk-commits
mailing list