[asterisk-commits] bebuild: tag certified-11.6-cert3 r415978 - in /certified/tags/11.6-cert3: ./...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Jun 12 14:39:41 CDT 2014


Author: bebuild
Date: Thu Jun 12 14:39:37 2014
New Revision: 415978

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=415978
Log:
Merge AST-2014-006, AST-2014-007

Modified:
    certified/tags/11.6-cert3/   (props changed)
    certified/tags/11.6-cert3/ChangeLog
    certified/tags/11.6-cert3/UPGRADE.txt
    certified/tags/11.6-cert3/apps/app_mixmonitor.c
    certified/tags/11.6-cert3/channels/chan_sip.c
    certified/tags/11.6-cert3/configs/http.conf.sample
    certified/tags/11.6-cert3/include/asterisk/tcptls.h
    certified/tags/11.6-cert3/include/asterisk/utils.h
    certified/tags/11.6-cert3/main/http.c
    certified/tags/11.6-cert3/main/manager.c
    certified/tags/11.6-cert3/main/tcptls.c
    certified/tags/11.6-cert3/main/utils.c
    certified/tags/11.6-cert3/res/res_http_websocket.c

Propchange: certified/tags/11.6-cert3/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 12 14:39:37 2014
@@ -1,3 +1,3 @@
-/branches/11:399513,401167,401179,401182
+/branches/11:399513,401167,401179,401182,415825
 /certified/branches/1.8.15:382389
-/certified/branches/11.6:403860,403956,404349,405233,405488,405536,405578,410359,410429
+/certified/branches/11.6:403860,403956,404349,405233,405488,405536,405578,410359,410429,415842,415977

Modified: certified/tags/11.6-cert3/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/ChangeLog?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/ChangeLog (original)
+++ certified/tags/11.6-cert3/ChangeLog Thu Jun 12 14:39:37 2014
@@ -1,3 +1,62 @@
+2014-06-12  Asterisk Development Team <asteriskteam at digium.com>
+
+	* AST-2014-006: Add class authorization requirements to MixMonitor AMI
+	  commands
+
+	  MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked
+	  class authorization. StopMixMonitor now requires that the manager
+	  user either have the call or system class authorization.
+	  StartMixMonitor is a slightly larger issue since it can execute shell
+	  commands if the right arguments are passed into it, and we consider
+	  this a permission escalation.
+
+	  ASTERISK-23609 #close
+	  Reported by: Corey Farrell
+
+
+	* AST-2014-007: Fix DOS by consuming the number of allowed HTTP
+	  connections.
+
+	  Simply establishing a TCP connection and never sending anything to
+	  the configured HTTP port in http.conf will tie up a HTTP connection.
+	  Since there is a maximum number of open HTTP sessions allowed at a
+	  time you can block legitimate connections.
+
+	  A similar problem exists if a HTTP request is started but never
+	  finished.
+
+	  * Added http.conf session_inactivity timer option to close HTTP
+	    connections that aren't doing anything.  Defaults to 30000 ms.
+
+	  * Removed the undocumented manager.conf block-sockets option.  It
+	    interferes with TCP/TLS inactivity timeouts.
+
+	  * AMI and SIP TLS connections now have better authentication timeout
+	    protection. Though I didn't remove the bizzare TLS timeout polling
+	    code from chan_sip.
+
+	  * chan_sip can now handle SSL certificate renegotiations in the
+	    middle of a session. It couldn't do that before because the socket
+	    was non-blocking and the SSL calls were not restarted as documented
+	    by the OpenSSL documentation.
+
+	  * Fixed an off nominal leak of the ssl struct in
+	    handle_tcptls_connection() if the FILE stream failed to open and
+	    the SSL certificate negotiations failed.
+
+	  The patch creates a custom FILE stream handler to give the created FILE
+	  streams inactivity timeout and timeout after a specific moment in time
+	  capability.  This approach eliminates the need for code using the FILE
+	  stream to be redesigned to deal with the timeouts.
+
+	  This patch indirectly fixes most of ASTERISK-18345 by fixing the usage
+	  of the SSL_read/SSL_write operations.
+
+	  ASTERISK-23673 #close
+	  Reported by: Richard Mudgett
+
+
+
 2014-03-10  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Asterisk 11.6-cert2 Released.

Modified: certified/tags/11.6-cert3/UPGRADE.txt
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/UPGRADE.txt?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/UPGRADE.txt (original)
+++ certified/tags/11.6-cert3/UPGRADE.txt Thu Jun 12 14:39:37 2014
@@ -19,6 +19,18 @@
 === UPGRADE-10.txt -- Upgrade info for 1.8 to 10
 ===
 ===========================================================
+
+From 11.6-cert2 to 11.6-cert3:
+* MixMonitor AMI actions now require users to have authorization classes.
+  * MixMonitor - system
+  * MixMonitorMute - call or system
+  * StopMixMonitor - call or system
+
+* Added http.conf session_inactivity timer option to close HTTP connections
+  that aren't doing anything.
+
+* Removed the undocumented manager.conf block-sockets option.  It interferes with
+  TCP/TLS inactivity timeouts.
 
 From 11.6 to 11.6-cert1:
 * Certain dialplan functions have been marked as 'dangerous', and may only be

Modified: certified/tags/11.6-cert3/apps/app_mixmonitor.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/apps/app_mixmonitor.c?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/apps/app_mixmonitor.c (original)
+++ certified/tags/11.6-cert3/apps/app_mixmonitor.c Thu Jun 12 14:39:37 2014
@@ -1376,9 +1376,9 @@
 	ast_cli_register_multiple(cli_mixmonitor, ARRAY_LEN(cli_mixmonitor));
 	res = ast_register_application_xml(app, mixmonitor_exec);
 	res |= ast_register_application_xml(stop_app, stop_mixmonitor_exec);
-	res |= ast_manager_register_xml("MixMonitorMute", 0, manager_mute_mixmonitor);
-	res |= ast_manager_register_xml("MixMonitor", 0, manager_mixmonitor);
-	res |= ast_manager_register_xml("StopMixMonitor", 0, manager_stop_mixmonitor);
+	res |= ast_manager_register_xml("MixMonitorMute", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, manager_mute_mixmonitor);
+	res |= ast_manager_register_xml("MixMonitor", EVENT_FLAG_SYSTEM, manager_mixmonitor);
+	res |= ast_manager_register_xml("StopMixMonitor", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, manager_stop_mixmonitor);
 
 	return res;
 }

Modified: certified/tags/11.6-cert3/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/channels/chan_sip.c?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/channels/chan_sip.c (original)
+++ certified/tags/11.6-cert3/channels/chan_sip.c Thu Jun 12 14:39:37 2014
@@ -3109,11 +3109,15 @@
 		goto cleanup;
 	}
 
+	ast_tcptls_stream_set_timeout_sequence(tcptls_session->stream_cookie, ast_tvnow(),
+		tcptls_session->client ? -1 : (authtimeout * 1000));
+
 	for (;;) {
 		struct ast_str *str_save;
 
 		if (!tcptls_session->client && req.authenticated && !authenticated) {
 			authenticated = 1;
+			ast_tcptls_stream_set_timeout_disable(tcptls_session->stream_cookie);
 			ast_atomic_fetchadd_int(&unauth_sessions, -1);
 		}
 

Modified: certified/tags/11.6-cert3/configs/http.conf.sample
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/configs/http.conf.sample?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/configs/http.conf.sample (original)
+++ certified/tags/11.6-cert3/configs/http.conf.sample Thu Jun 12 14:39:37 2014
@@ -39,6 +39,12 @@
 ;
 ;sessionlimit=100
 ;
+; session_inactivity specifies the number of milliseconds to wait for
+; more data over the HTTP connection before closing it.
+;
+; Default: 30000
+;session_inactivity=30000
+;
 ; Whether Asterisk should serve static content from http-static
 ; Default is no.
 ;

Modified: certified/tags/11.6-cert3/include/asterisk/tcptls.h
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/include/asterisk/tcptls.h?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/include/asterisk/tcptls.h (original)
+++ certified/tags/11.6-cert3/include/asterisk/tcptls.h Thu Jun 12 14:39:37 2014
@@ -144,6 +144,51 @@
 	const char *name;
 };
 
+struct ast_tcptls_stream;
+
+/*!
+ * \brief Disable the TCP/TLS stream timeout timer.
+ *
+ * \param stream TCP/TLS stream control data.
+ *
+ * \return Nothing
+ */
+void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream);
+
+/*!
+ * \brief Set the TCP/TLS stream inactivity timeout timer.
+ *
+ * \param stream TCP/TLS stream control data.
+ * \param timeout Number of milliseconds to wait for data transfer with the peer.
+ *
+ * \details This is basically how much time we are willing to spend
+ * in an I/O call before we declare the peer unresponsive.
+ *
+ * \note Setting timeout to -1 disables the timeout.
+ * \note Setting this timeout replaces the I/O sequence timeout timer.
+ *
+ * \return Nothing
+ */
+void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout);
+
+/*!
+ * \brief Set the TCP/TLS stream I/O sequence timeout timer.
+ *
+ * \param stream TCP/TLS stream control data.
+ * \param start Time the I/O sequence timer starts.
+ * \param timeout Number of milliseconds from the start time before timeout.
+ *
+ * \details This is how much time are we willing to allow the peer
+ * to complete an operation that can take several I/O calls.  The
+ * main use is as an authentication timer with us.
+ *
+ * \note Setting timeout to -1 disables the timeout.
+ * \note Setting this timeout replaces the inactivity timeout timer.
+ *
+ * \return Nothing
+ */
+void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout);
+
 /*! \brief 
  * describes a server instance
  */
@@ -161,6 +206,8 @@
 	 * extra data.
 	 */
 	struct ast_str *overflow_buf;
+	/*! ao2 FILE stream cookie object associated with f. */
+	struct ast_tcptls_stream *stream_cookie;
 };
 
 #if defined(HAVE_FUNOPEN)

Modified: certified/tags/11.6-cert3/include/asterisk/utils.h
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/include/asterisk/utils.h?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/include/asterisk/utils.h (original)
+++ certified/tags/11.6-cert3/include/asterisk/utils.h Thu Jun 12 14:39:37 2014
@@ -368,6 +368,7 @@
 
 int ast_utils_init(void);
 int ast_wait_for_input(int fd, int ms);
+int ast_wait_for_output(int fd, int ms);
 
 /*!
  * \brief Try to write string, but wait no more than ms milliseconds

Modified: certified/tags/11.6-cert3/main/http.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/main/http.c?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/main/http.c (original)
+++ certified/tags/11.6-cert3/main/http.c Thu Jun 12 14:39:37 2014
@@ -62,6 +62,7 @@
 #define DEFAULT_PORT 8088
 #define DEFAULT_TLS_PORT 8089
 #define DEFAULT_SESSION_LIMIT 100
+#define DEFAULT_SESSION_INACTIVITY 30000	/* (ms) Idle time waiting for data. */
 
 /* See http.h for more information about the SSL implementation */
 #if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
@@ -69,6 +70,7 @@
 #endif
 
 static int session_limit = DEFAULT_SESSION_LIMIT;
+static int session_inactivity = DEFAULT_SESSION_INACTIVITY;
 static int session_count = 0;
 
 static struct ast_tls_config http_tls_cfg;
@@ -405,7 +407,7 @@
 
 	/* calc content length */
 	if (out) {
-		content_length += strlen(ast_str_buffer(out));
+		content_length += ast_str_strlen(out);
 	}
 
 	if (fd) {
@@ -432,8 +434,10 @@
 
 	/* send content */
 	if (method != AST_HTTP_HEAD || status_code >= 400) {
-		if (out) {
-			fprintf(ser->f, "%s", ast_str_buffer(out));
+		if (out && ast_str_strlen(out)) {
+			if (fwrite(ast_str_buffer(out), ast_str_strlen(out), 1, ser->f) != 1) {
+				ast_log(LOG_ERROR, "fwrite() failed: %s\n", strerror(errno));
+			}
 		}
 
 		if (fd) {
@@ -455,8 +459,7 @@
 		ast_free(out);
 	}
 
-	fclose(ser->f);
-	ser->f = 0;
+	ast_tcptls_close_session_file(ser);
 	return;
 }
 
@@ -863,12 +866,20 @@
 	char *uri, *method;
 	enum ast_http_method http_method = AST_HTTP_UNKNOWN;
 	int remaining_headers;
+	int flags;
 
 	if (ast_atomic_fetchadd_int(&session_count, +1) >= session_limit) {
 		goto done;
 	}
 
-	if (!fgets(buf, sizeof(buf), ser->f)) {
+	/* make sure socket is non-blocking */
+	flags = fcntl(ser->fd, F_GETFL);
+	flags |= O_NONBLOCK;
+	fcntl(ser->fd, F_SETFL, flags);
+
+	ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, session_inactivity);
+
+	if (!fgets(buf, sizeof(buf), ser->f) || feof(ser->f)) {
 		goto done;
 	}
 
@@ -904,12 +915,19 @@
 
 	/* process "Request Headers" lines */
 	remaining_headers = MAX_HTTP_REQUEST_HEADERS;
-	while (fgets(header_line, sizeof(header_line), ser->f)) {
-		char *name, *value;
+	for (;;) {
+		char *name;
+		char *value;
+
+		if (!fgets(header_line, sizeof(header_line), ser->f) || feof(ser->f)) {
+			ast_http_error(ser, 400, "Bad Request", "Timeout");
+			goto done;
+		}
 
 		/* Trim trailing characters */
 		ast_trim_blanks(header_line);
 		if (ast_strlen_zero(header_line)) {
+			/* A blank line ends the request header section. */
 			break;
 		}
 
@@ -960,7 +978,7 @@
 	ast_variables_destroy(headers);
 
 	if (ser->f) {
-		fclose(ser->f);
+		ast_tcptls_close_session_file(ser);
 	}
 	ao2_ref(ser, -1);
 	ser = NULL;
@@ -1069,6 +1087,9 @@
 	AST_RWLIST_UNLOCK(&uri_redirects);
 
 	ast_sockaddr_setnull(&https_desc.local_address);
+
+	session_limit = DEFAULT_SESSION_LIMIT;
+	session_inactivity = DEFAULT_SESSION_INACTIVITY;
 
 	if (cfg) {
 		v = ast_variable_browse(cfg, "general");
@@ -1115,6 +1136,12 @@
 					ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of http.conf\n",
 							v->name, v->value, v->lineno);
 				}
+			} else if (!strcasecmp(v->name, "session_inactivity")) {
+				if (ast_parse_arg(v->value, PARSE_INT32 |PARSE_DEFAULT | PARSE_IN_RANGE,
+					&session_inactivity, DEFAULT_SESSION_INACTIVITY, 1, INT_MAX)) {
+					ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of http.conf\n",
+						v->name, v->value, v->lineno);
+				}
 			} else {
 				ast_log(LOG_WARNING, "Ignoring unknown option '%s' in http.conf\n", v->name);
 			}

Modified: certified/tags/11.6-cert3/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/main/manager.c?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/main/manager.c (original)
+++ certified/tags/11.6-cert3/main/manager.c Thu Jun 12 14:39:37 2014
@@ -1023,7 +1023,6 @@
 #define DEFAULT_REALM		"asterisk"
 static char global_realm[MAXHOSTNAMELEN];	/*!< Default realm */
 
-static int block_sockets;
 static int unauth_sessions = 0;
 static struct ast_event_sub *acl_change_event_subscription;
 
@@ -1490,6 +1489,7 @@
 	}
 
 	if (session->f != NULL) {
+		fflush(session->f);
 		fclose(session->f);
 	}
 	if (eqe) {
@@ -5508,12 +5508,9 @@
 		ast_log(LOG_WARNING, "Failed to set manager tcp connection to TCP_NODELAY, getprotobyname(\"tcp\") failed\nSome manager actions may be slow to respond.\n");
 	}
 
+	/* make sure socket is non-blocking */
 	flags = fcntl(ser->fd, F_GETFL);
-	if (!block_sockets) { /* make sure socket is non-blocking */
-		flags |= O_NONBLOCK;
-	} else {
-		flags &= ~O_NONBLOCK;
-	}
+	flags |= O_NONBLOCK;
 	fcntl(ser->fd, F_SETFL, flags);
 
 	ao2_lock(session);
@@ -5539,10 +5536,16 @@
 	}
 	ao2_unlock(session);
 
+	ast_tcptls_stream_set_timeout_sequence(ser->stream_cookie,
+		ast_tvnow(), authtimeout * 1000);
+
 	astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION);	/* welcome prompt */
 	for (;;) {
 		if ((res = do_message(&s)) < 0 || s.write_error) {
 			break;
+		}
+		if (session->authenticated) {
+			ast_tcptls_stream_set_timeout_disable(ser->stream_cookie);
 		}
 	}
 	/* session is over, explain why and terminate */
@@ -6297,6 +6300,30 @@
 	}
 }
 
+static void close_mansession_file(struct mansession *s)
+{
+	if (s->f) {
+		if (fclose(s->f)) {
+			ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
+		}
+		s->f = NULL;
+		s->fd = -1;
+	} else if (s->fd != -1) {
+		/*
+		 * Issuing shutdown() is necessary here to avoid a race
+		 * condition where the last data written may not appear
+		 * in the TCP stream.  See ASTERISK-23548
+		 */
+		shutdown(s->fd, SHUT_RDWR);
+		if (close(s->fd)) {
+			ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
+		}
+		s->fd = -1;
+	} else {
+		ast_log(LOG_ERROR, "Attempted to close file/file descriptor on mansession without a valid file or file descriptor.\n");
+	}
+}
+
 static void process_output(struct mansession *s, struct ast_str **out, struct ast_variable *params, enum output_format format)
 {
 	char *buf;
@@ -6324,20 +6351,7 @@
 		xml_translate(out, "", params, format);
 	}
 
-	if (s->f) {
-		if (fclose(s->f)) {
-			ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
-		}
-		s->f = NULL;
-		s->fd = -1;
-	} else if (s->fd != -1) {
-		if (close(s->fd)) {
-			ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
-		}
-		s->fd = -1;
-	} else {
-		ast_log(LOG_ERROR, "process output attempted to close file/file descriptor on mansession without a valid file or file descriptor.\n");
-	}
+	close_mansession_file(s);
 }
 
 static int generic_http_callback(struct ast_tcptls_session_instance *ser,
@@ -7113,7 +7127,6 @@
 	ast_cli(a->fd, FORMAT, "Timestamp events:", AST_CLI_YESNO(timestampevents));
 	ast_cli(a->fd, FORMAT, "Channel vars:", S_OR(manager_channelvars, ""));
 	ast_cli(a->fd, FORMAT, "Debug:", AST_CLI_YESNO(manager_debug));
-	ast_cli(a->fd, FORMAT, "Block sockets:", AST_CLI_YESNO(block_sockets));
 #undef FORMAT
 #undef FORMAT2
 
@@ -7586,8 +7599,6 @@
 
 		if (!strcasecmp(var->name, "enabled")) {
 			manager_enabled = ast_true(val);
-		} else if (!strcasecmp(var->name, "block-sockets")) {
-			block_sockets = ast_true(val);
 		} else if (!strcasecmp(var->name, "webenabled")) {
 			webmanager_enabled = ast_true(val);
 		} else if (!strcasecmp(var->name, "port")) {

Modified: certified/tags/11.6-cert3/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/main/tcptls.c?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/main/tcptls.c (original)
+++ certified/tags/11.6-cert3/main/tcptls.c Thu Jun 12 14:39:37 2014
@@ -50,102 +50,483 @@
 #include "asterisk/astobj2.h"
 #include "asterisk/pbx.h"
 
-/*! \brief
- * replacement read/write functions for SSL support.
- * We use wrappers rather than SSL_read/SSL_write directly so
- * we can put in some debugging.
+/*! ao2 object used for the FILE stream fopencookie()/funopen() cookie. */
+struct ast_tcptls_stream {
+	/*! SSL state if not NULL */
+	SSL *ssl;
+	/*!
+	 * \brief Start time from when an I/O sequence must complete
+	 * by struct ast_tcptls_stream.timeout.
+	 *
+	 * \note If struct ast_tcptls_stream.start.tv_sec is zero then
+	 * start time is the current I/O request.
+	 */
+	struct timeval start;
+	/*!
+	 * \brief The socket returned by accept().
+	 *
+	 * \note Set to -1 if the stream is closed.
+	 */
+	int fd;
+	/*!
+	 * \brief Timeout in ms relative to struct ast_tcptls_stream.start
+	 * to wait for an event on struct ast_tcptls_stream.fd.
+	 *
+	 * \note Set to -1 to disable timeout.
+	 * \note The socket needs to be set to non-blocking for the timeout
+	 * feature to work correctly.
+	 */
+	int timeout;
+};
+
+void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream)
+{
+	ast_assert(stream != NULL);
+
+	stream->timeout = -1;
+}
+
+void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout)
+{
+	ast_assert(stream != NULL);
+
+	stream->start.tv_sec = 0;
+	stream->timeout = timeout;
+}
+
+void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout)
+{
+	ast_assert(stream != NULL);
+
+	stream->start = start;
+	stream->timeout = timeout;
+}
+
+/*!
+ * \internal
+ * \brief fopencookie()/funopen() stream read function.
+ *
+ * \param cookie Stream control data.
+ * \param buf Where to put read data.
+ * \param size Size of the buffer.
+ *
+ * \retval number of bytes put into buf.
+ * \retval 0 on end of file.
+ * \retval -1 on error.
  */
-
-#ifdef DO_SSL
-static HOOK_T ssl_read(void *cookie, char *buf, LEN_T len)
-{
-	int i = SSL_read(cookie, buf, len-1);
-#if 0
-	if (i >= 0) {
-		buf[i] = '\0';
-	}
-	ast_verb(0, "ssl read size %d returns %d <%s>\n", (int)len, i, buf);
+static HOOK_T tcptls_stream_read(void *cookie, char *buf, LEN_T size)
+{
+	struct ast_tcptls_stream *stream = cookie;
+	struct timeval start;
+	int ms;
+	int res;
+
+	if (!size) {
+		/* You asked for no data you got no data. */
+		return 0;
+	}
+
+	if (!stream || stream->fd == -1) {
+		errno = EBADF;
+		return -1;
+	}
+
+	if (stream->start.tv_sec) {
+		start = stream->start;
+	} else {
+		start = ast_tvnow();
+	}
+
+#if defined(DO_SSL)
+	if (stream->ssl) {
+		for (;;) {
+			res = SSL_read(stream->ssl, buf, size);
+			if (0 < res) {
+				/* We read some payload data. */
+				return res;
+			}
+			switch (SSL_get_error(stream->ssl, res)) {
+			case SSL_ERROR_ZERO_RETURN:
+				/* Report EOF for a shutdown */
+				ast_debug(1, "TLS clean shutdown alert reading data\n");
+				return 0;
+			case SSL_ERROR_WANT_READ:
+				while ((ms = ast_remaining_ms(start, stream->timeout))) {
+					res = ast_wait_for_input(stream->fd, ms);
+					if (0 < res) {
+						/* Socket is ready to be read. */
+						break;
+					}
+					if (res < 0) {
+						if (errno == EINTR || errno == EAGAIN) {
+							/* Try again. */
+							continue;
+						}
+						ast_debug(1, "TLS socket error waiting for read data: %s\n",
+							strerror(errno));
+						return -1;
+					}
+				}
+				break;
+			case SSL_ERROR_WANT_WRITE:
+				while ((ms = ast_remaining_ms(start, stream->timeout))) {
+					res = ast_wait_for_output(stream->fd, ms);
+					if (0 < res) {
+						/* Socket is ready to be written. */
+						break;
+					}
+					if (res < 0) {
+						if (errno == EINTR || errno == EAGAIN) {
+							/* Try again. */
+							continue;
+						}
+						ast_debug(1, "TLS socket error waiting for write space: %s\n",
+							strerror(errno));
+						return -1;
+					}
+				}
+				break;
+			default:
+				/* Report EOF for an undecoded SSL or transport error. */
+				ast_debug(1, "TLS transport or SSL error reading data\n");
+				return 0;
+			}
+			if (!ms) {
+				/* Report EOF for a timeout */
+				ast_debug(1, "TLS timeout reading data\n");
+				return 0;
+			}
+		}
+	}
+#endif	/* defined(DO_SSL) */
+
+	for (;;) {
+		res = read(stream->fd, buf, size);
+		if (0 <= res) {
+			return res;
+		}
+		if (errno != EINTR && errno != EAGAIN) {
+			/* Not a retryable error. */
+			ast_debug(1, "TCP socket error reading data: %s\n",
+				strerror(errno));
+			return -1;
+		}
+		ms = ast_remaining_ms(start, stream->timeout);
+		if (!ms) {
+			/* Report EOF for a timeout */
+			ast_debug(1, "TCP timeout reading data\n");
+			return 0;
+		}
+		ast_wait_for_input(stream->fd, ms);
+	}
+}
+
+/*!
+ * \internal
+ * \brief fopencookie()/funopen() stream write function.
+ *
+ * \param cookie Stream control data.
+ * \param buf Where to get data to write.
+ * \param size Size of the buffer.
+ *
+ * \retval number of bytes written from buf.
+ * \retval -1 on error.
+ */
+static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size)
+{
+	struct ast_tcptls_stream *stream = cookie;
+	struct timeval start;
+	int ms;
+	int res;
+	int written;
+	int remaining;
+
+	if (!size) {
+		/* You asked to write no data you wrote no data. */
+		return 0;
+	}
+
+	if (!stream || stream->fd == -1) {
+		errno = EBADF;
+		return -1;
+	}
+
+	if (stream->start.tv_sec) {
+		start = stream->start;
+	} else {
+		start = ast_tvnow();
+	}
+
+#if defined(DO_SSL)
+	if (stream->ssl) {
+		written = 0;
+		remaining = size;
+		for (;;) {
+			res = SSL_write(stream->ssl, buf + written, remaining);
+			if (res == remaining) {
+				/* Everything was written. */
+				return size;
+			}
+			if (0 < res) {
+				/* Successfully wrote part of the buffer.  Try to write the rest. */
+				written += res;
+				remaining -= res;
+				continue;
+			}
+			switch (SSL_get_error(stream->ssl, res)) {
+			case SSL_ERROR_ZERO_RETURN:
+				ast_debug(1, "TLS clean shutdown alert writing data\n");
+				if (written) {
+					/* Report partial write. */
+					return written;
+				}
+				errno = EBADF;
+				return -1;
+			case SSL_ERROR_WANT_READ:
+				ms = ast_remaining_ms(start, stream->timeout);
+				if (!ms) {
+					/* Report partial write. */
+					ast_debug(1, "TLS timeout writing data (want read)\n");
+					return written;
+				}
+				ast_wait_for_input(stream->fd, ms);
+				break;
+			case SSL_ERROR_WANT_WRITE:
+				ms = ast_remaining_ms(start, stream->timeout);
+				if (!ms) {
+					/* Report partial write. */
+					ast_debug(1, "TLS timeout writing data (want write)\n");
+					return written;
+				}
+				ast_wait_for_output(stream->fd, ms);
+				break;
+			default:
+				/* Undecoded SSL or transport error. */
+				ast_debug(1, "TLS transport or SSL error writing data\n");
+				if (written) {
+					/* Report partial write. */
+					return written;
+				}
+				errno = EBADF;
+				return -1;
+			}
+		}
+	}
+#endif	/* defined(DO_SSL) */
+
+	written = 0;
+	remaining = size;
+	for (;;) {
+		res = write(stream->fd, buf + written, remaining);
+		if (res == remaining) {
+			/* Yay everything was written. */
+			return size;
+		}
+		if (0 < res) {
+			/* Successfully wrote part of the buffer.  Try to write the rest. */
+			written += res;
+			remaining -= res;
+			continue;
+		}
+		if (errno != EINTR && errno != EAGAIN) {
+			/* Not a retryable error. */
+			ast_debug(1, "TCP socket error writing: %s\n", strerror(errno));
+			if (written) {
+				return written;
+			}
+			return -1;
+		}
+		ms = ast_remaining_ms(start, stream->timeout);
+		if (!ms) {
+			/* Report partial write. */
+			ast_debug(1, "TCP timeout writing data\n");
+			return written;
+		}
+		ast_wait_for_output(stream->fd, ms);
+	}
+}
+
+/*!
+ * \internal
+ * \brief fopencookie()/funopen() stream close function.
+ *
+ * \param cookie Stream control data.
+ *
+ * \retval 0 on success.
+ * \retval -1 on error.
+ */
+static int tcptls_stream_close(void *cookie)
+{
+	struct ast_tcptls_stream *stream = cookie;
+
+	if (!stream) {
+		errno = EBADF;
+		return -1;
+	}
+
+	if (stream->fd != -1) {
+#if defined(DO_SSL)
+		if (stream->ssl) {
+			int res;
+
+			/*
+			 * According to the TLS standard, it is acceptable for an
+			 * application to only send its shutdown alert and then
+			 * close the underlying connection without waiting for
+			 * the peer's response (this way resources can be saved,
+			 * as the process can already terminate or serve another
+			 * connection).
+			 */
+			res = SSL_shutdown(stream->ssl);
+			if (res < 0) {
+				ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n",
+					SSL_get_error(stream->ssl, res));
+			}
+
+			if (!stream->ssl->server) {
+				/* For client threads, ensure that the error stack is cleared */
+				ERR_remove_state(0);
+			}
+
+			SSL_free(stream->ssl);
+			stream->ssl = NULL;
+		}
+#endif	/* defined(DO_SSL) */
+
+		/*
+		 * Issuing shutdown() is necessary here to avoid a race
+		 * condition where the last data written may not appear
+		 * in the TCP stream.  See ASTERISK-23548
+		 */
+		shutdown(stream->fd, SHUT_RDWR);
+		if (close(stream->fd)) {
+			ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
+		}
+		stream->fd = -1;
+	}
+	ao2_t_ref(stream, -1, "Closed tcptls stream cookie");
+
+	return 0;
+}
+
+/*!
+ * \internal
+ * \brief fopencookie()/funopen() stream destructor function.
+ *
+ * \param cookie Stream control data.
+ *
+ * \return Nothing
+ */
+static void tcptls_stream_dtor(void *cookie)
+{
+	struct ast_tcptls_stream *stream = cookie;
+
+	ast_assert(stream->fd == -1);
+}
+
+/*!
+ * \internal
+ * \brief fopencookie()/funopen() stream allocation function.
+ *
+ * \retval stream_cookie on success.
+ * \retval NULL on error.
+ */
+static struct ast_tcptls_stream *tcptls_stream_alloc(void)
+{
+	struct ast_tcptls_stream *stream;
+
+	stream = ao2_alloc_options(sizeof(*stream), tcptls_stream_dtor,
+		AO2_ALLOC_OPT_LOCK_NOLOCK);
+	if (stream) {
+		stream->fd = -1;
+		stream->timeout = -1;
+	}
+	return stream;
+}
+
+/*!
+ * \internal
+ * \brief Open a custom FILE stream for tcptls.
+ *
+ * \param stream Stream cookie control data.
+ * \param ssl SSL state if not NULL.
+ * \param fd Socket file descriptor.
+ * \param timeout ms to wait for an event on fd. -1 if timeout disabled.
+ *
+ * \retval fp on success.
+ * \retval NULL on error.
+ */
+static FILE *tcptls_stream_fopen(struct ast_tcptls_stream *stream, SSL *ssl, int fd, int timeout)
+{
+	FILE *fp;
+
+#if defined(HAVE_FOPENCOOKIE)	/* the glibc/linux interface */
+	static const cookie_io_functions_t cookie_funcs = {
+		tcptls_stream_read,
+		tcptls_stream_write,
+		NULL,
+		tcptls_stream_close
+	};
+#endif	/* defined(HAVE_FOPENCOOKIE) */
+
+	if (fd == -1) {
+		/* Socket not open. */
+		return NULL;
+	}
+
+	stream->ssl = ssl;
+	stream->fd = fd;
+	stream->timeout = timeout;
+	ao2_t_ref(stream, +1, "Opening tcptls stream cookie");
+
+#if defined(HAVE_FUNOPEN)	/* the BSD interface */
+	fp = funopen(stream, tcptls_stream_read, tcptls_stream_write, NULL,
+		tcptls_stream_close);
+#elif defined(HAVE_FOPENCOOKIE)	/* the glibc/linux interface */
+	fp = fopencookie(stream, "w+", cookie_funcs);
+#else
+	/* could add other methods here */
+	ast_debug(2, "No stream FILE methods attempted!\n");
+	fp = NULL;
 #endif
-	return i;
-}
-
-static HOOK_T ssl_write(void *cookie, const char *buf, LEN_T len)
-{
-#if 0
-	char *s = ast_alloca(len+1);
-
-	strncpy(s, buf, len);
-	s[len] = '\0';
-	ast_verb(0, "ssl write size %d <%s>\n", (int)len, s);
-#endif
-	return SSL_write(cookie, buf, len);
-}
-
-static int ssl_close(void *cookie)
-{
-	int cookie_fd = SSL_get_fd(cookie);
-	int ret;
-
-	if (cookie_fd > -1) {
-		/*
-		 * According to the TLS standard, it is acceptable for an application to only send its shutdown
-		 * alert and then close the underlying connection without waiting for the peer's response (this
-		 * way resources can be saved, as the process can already terminate or serve another connection).
-		 */
-		if ((ret = SSL_shutdown(cookie)) < 0) {
-			ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", SSL_get_error(cookie, ret));
-		}
-
-		if (!((SSL*)cookie)->server) {
-			/* For client threads, ensure that the error stack is cleared */
-			ERR_remove_state(0);
-		}
-
-		SSL_free(cookie);
-		/* adding shutdown(2) here has no added benefit */
-		if (close(cookie_fd)) {
-			ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
-		}
-	}
-	return 0;
-}
-#endif	/* DO_SSL */
+
+	if (!fp) {
+		stream->fd = -1;
+		ao2_t_ref(stream, -1, "Failed to open tcptls stream cookie");
+	}
+	return fp;
+}
 
 HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *tcptls_session, void *buf, size_t count)
 {
-	if (tcptls_session->fd == -1) {
-		ast_log(LOG_ERROR, "server_read called with an fd of -1\n");
+	if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
+		ast_log(LOG_ERROR, "TCP/TLS read called on invalid stream.\n");
 		errno = EIO;
 		return -1;
 	}
 
-#ifdef DO_SSL
-	if (tcptls_session->ssl) {
-		return ssl_read(tcptls_session->ssl, buf, count);
-	}
-#endif
-	return read(tcptls_session->fd, buf, count);
+	return tcptls_stream_read(tcptls_session->stream_cookie, buf, count);
 }
 
 HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *tcptls_session, const void *buf, size_t count)
 {
-	if (tcptls_session->fd == -1) {
-		ast_log(LOG_ERROR, "server_write called with an fd of -1\n");
+	if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
+		ast_log(LOG_ERROR, "TCP/TLS write called on invalid stream.\n");
 		errno = EIO;
 		return -1;
 	}
 
-#ifdef DO_SSL
-	if (tcptls_session->ssl) {
-		return ssl_write(tcptls_session->ssl, buf, count);
-	}
-#endif
-	return write(tcptls_session->fd, buf, count);
+	return tcptls_stream_write(tcptls_session->stream_cookie, buf, count);
 }
 
 static void session_instance_destructor(void *obj)
 {
 	struct ast_tcptls_session_instance *i = obj;
+
+	if (i->stream_cookie) {
+		ao2_t_ref(i->stream_cookie, -1, "Destroying tcptls session instance");
+		i->stream_cookie = NULL;
+	}
 	ast_free(i->overflow_buf);
 }
 
@@ -172,6 +553,15 @@
 	 */
 	if (ast_thread_inhibit_escalations()) {
 		ast_log(LOG_ERROR, "Failed to inhibit privilege escalations; killing connection\n");
+		ast_tcptls_close_session_file(tcptls_session);
+		ao2_ref(tcptls_session, -1);
+		return NULL;
+	}
+
+	tcptls_session->stream_cookie = tcptls_stream_alloc();
+	if (!tcptls_session->stream_cookie) {
+		ast_tcptls_close_session_file(tcptls_session);
+		ao2_ref(tcptls_session, -1);
 		return NULL;
 	}
 
@@ -179,8 +569,10 @@
 	* open a FILE * as appropriate.
 	*/
 	if (!tcptls_session->parent->tls_cfg) {
-		if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) {
-			if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
+		tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie, NULL,
+			tcptls_session->fd, -1);
+		if (tcptls_session->f) {
+			if (setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
 				ast_tcptls_close_session_file(tcptls_session);
 			}
 		}
@@ -190,19 +582,8 @@
 		SSL_set_fd(tcptls_session->ssl, tcptls_session->fd);
 		if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) {
 			ast_verb(2, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
-		} else {
-#if defined(HAVE_FUNOPEN)	/* the BSD interface */
-			tcptls_session->f = funopen(tcptls_session->ssl, ssl_read, ssl_write, NULL, ssl_close);
-
-#elif defined(HAVE_FOPENCOOKIE)	/* the glibc/linux interface */
-			static const cookie_io_functions_t cookie_funcs = {
-				ssl_read, ssl_write, NULL, ssl_close
-			};
-			tcptls_session->f = fopencookie(tcptls_session->ssl, "w+", cookie_funcs);
-#else
-			/* could add other methods here */
-			ast_debug(2, "no tcptls_session->f methods attempted!\n");
-#endif
+		} else if ((tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie,
+			tcptls_session->ssl, tcptls_session->fd, -1))) {
 			if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
 				|| (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
 				X509 *peer;
@@ -623,12 +1004,19 @@
 void ast_tcptls_close_session_file(struct ast_tcptls_session_instance *tcptls_session)
 {
 	if (tcptls_session->f) {
+		fflush(tcptls_session->f);
 		if (fclose(tcptls_session->f)) {
 			ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
 		}
 		tcptls_session->f = NULL;
 		tcptls_session->fd = -1;
 	} else if (tcptls_session->fd != -1) {
+		/*
+		 * Issuing shutdown() is necessary here to avoid a race
+		 * condition where the last data written may not appear
+		 * in the TCP stream.  See ASTERISK-23548
+		 */
+		shutdown(tcptls_session->fd, SHUT_RDWR);
 		if (close(tcptls_session->fd)) {
 			ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
 		}

Modified: certified/tags/11.6-cert3/main/utils.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/main/utils.c?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/main/utils.c (original)
+++ certified/tags/11.6-cert3/main/utils.c Thu Jun 12 14:39:37 2014
@@ -1244,13 +1244,24 @@
 int ast_wait_for_input(int fd, int ms)
 {
 	struct pollfd pfd[1];
+
 	memset(pfd, 0, sizeof(pfd));
 	pfd[0].fd = fd;
-	pfd[0].events = POLLIN|POLLPRI;
+	pfd[0].events = POLLIN | POLLPRI;
 	return ast_poll(pfd, 1, ms);
 }
 
-static int ast_wait_for_output(int fd, int timeoutms)
+int ast_wait_for_output(int fd, int ms)
+{
+	struct pollfd pfd[1];
+
+	memset(pfd, 0, sizeof(pfd));
+	pfd[0].fd = fd;
+	pfd[0].events = POLLOUT;
+	return ast_poll(pfd, 1, ms);
+}
+
+static int wait_for_output(int fd, int timeoutms)
 {
 	struct pollfd pfd = {
 		.fd = fd,
@@ -1310,7 +1321,7 @@
 	int elapsed = 0;
 
 	while (len) {
-		if (ast_wait_for_output(fd, timeoutms - elapsed)) {
+		if (wait_for_output(fd, timeoutms - elapsed)) {
 			return -1;
 		}
 
@@ -1351,7 +1362,7 @@
 	int elapsed = 0;
 
 	while (len) {
-		if (ast_wait_for_output(fd, timeoutms - elapsed)) {
+		if (wait_for_output(fd, timeoutms - elapsed)) {
 			/* poll returned a fatal error, so bail out immediately. */
 			return -1;
 		}

Modified: certified/tags/11.6-cert3/res/res_http_websocket.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert3/res/res_http_websocket.c?view=diff&rev=415978&r1=415977&r2=415978
==============================================================================
--- certified/tags/11.6-cert3/res/res_http_websocket.c (original)
+++ certified/tags/11.6-cert3/res/res_http_websocket.c Thu Jun 12 14:39:37 2014
@@ -614,8 +614,13 @@
 	protocol_handler->callback(session, get_vars, headers);
 	ao2_ref(protocol_handler, -1);
 
-	/* By dropping the FILE* from the session it won't get closed when the HTTP server cleans up */
+	/*
+	 * By dropping the FILE* and fd from the session the connection
+	 * won't get closed when the HTTP server cleans up because we
+	 * passed the connection to the protocol handler.
+	 */
 	ser->f = NULL;
+	ser->fd = -1;
 
 	return 0;
 }




More information about the asterisk-commits mailing list