[svn-commits] twilson: branch group/v6-new r270798 - in /team/group/v6-new: ./ channels/ ma...

SVN commits to the Digium repositories svn-commits at lists.digium.com
Tue Jun 15 23:07:54 CDT 2010


Author: twilson
Date: Tue Jun 15 23:07:50 2010
New Revision: 270798

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=270798
Log:
Merged revisions 270658,270660,270692 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

........
  r270658 | twilson | 2010-06-15 15:18:04 -0500 (Tue, 15 Jun 2010) | 20 lines
  
  Make contactdeny apply to src ip when nat=yes
  
  chan_sip's "contactdeny" feature screens the "to be registered contact".
  In case of nat=yes it should not use the address information from the
  Contact header (which is not used at all for routing), but the source
  IP address of the request.
  
  Thus, if nat=yes and a client sends a request from a denied IP address
  (e.g. by spoofing the src-IP address) it can bypass the screening.
  
  This commit makes contactdeny apply to the src ip when nat=yes instead.
  
  (closes issue #17276)
  Reported by: klaus3000
  Patches: 
        patch-asterisk-trunk-contactdeny.txt uploaded by klaus3000 (license 65)
  Tested by: klaus3000
  
  Review: [full review board URL with trailing slash]
........
  r270660 | twilson | 2010-06-15 16:10:15 -0500 (Tue, 15 Jun 2010) | 15 lines
  
  Don't send files twice and remove extra \r\n from header
  
  After the manager http auth changes, we forgot to remove the manual
  sending of the file. Also, ast_http_send adds two \r\n to the header that
  is passed to it, so a trailing \r\n is removed from the Content-type
  header. It might be better to change ast_http_send, but I don't like changing
  the behavior of an API function.
  
  (closes issue #17239)
  Reported by: cjacobsen
  Patches: 
        patch2.diff uploaded by cjacobsen (license 1029)
  Tested by: lathama, cjacobsen
........
  r270692 | twilson | 2010-06-15 16:42:33 -0500 (Tue, 15 Jun 2010) | 9 lines
  
  Don't continue sending the file when there has been an error
  
  If there is a problem with a firmware file, Polycom phones will close the
  connection. We were continuing to send the file anyway. There should be no
  reason to continue sending a file if there is an error writing it.
  
  (closes issue #16682)
  Reported by: lmadsen
........

Modified:
    team/group/v6-new/   (props changed)
    team/group/v6-new/channels/chan_sip.c
    team/group/v6-new/main/http.c
    team/group/v6-new/res/res_phoneprov.c

Propchange: team/group/v6-new/
------------------------------------------------------------------------------
    automerge = *

Propchange: team/group/v6-new/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Tue Jun 15 23:07:50 2010
@@ -1,1 +1,1 @@
-/trunk:1-270597
+/trunk:1-270725

Modified: team/group/v6-new/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/group/v6-new/channels/chan_sip.c?view=diff&rev=270798&r1=270797&r2=270798
==============================================================================
--- team/group/v6-new/channels/chan_sip.c (original)
+++ team/group/v6-new/channels/chan_sip.c Tue Jun 15 23:07:50 2010
@@ -12529,27 +12529,38 @@
 		ao2_t_unlink(peers_by_ip, peer, "ao2_unlink of peer from peers_by_ip table");
 	}
 
+	if (!ast_test_flag(&peer->flags[0], SIP_NAT_FORCE_RPORT) && !ast_test_flag(&peer->flags[0], SIP_NAT_RPORT_PRESENT)) {
+		 /* use the data provided in the Contact header for call routing */
+		ast_debug(1, "Store REGISTER's Contact header for call routing.\n");
+		/* XXX This could block for a long time XXX */
+		/*! \todo Check NAPTR/SRV if we have not got a port in the URI */
+		if (ast_sockaddr_resolve_first(&testsa, domain, 0, 0)) {
+			ast_log(LOG_WARNING, "Invalid domain '%s'\n", domain);
+			ast_string_field_set(peer, fullcontact, "");
+			ast_string_field_set(pvt, our_contact, "");
+			return PARSE_REGISTER_FAILED;
+		}
+		ast_sockaddr_copy(&peer->addr, &testsa);
+
+		/* If we have a port number in the given URI, make sure we do remember to not check for NAPTR/SRV records. 
+		   The domain part is actually a host. */
+		peer->portinuri = ast_sockaddr_port(&testsa) ? TRUE : FALSE;
+
+		if (!ast_sockaddr_port(&testsa)) {
+			ast_sockaddr_set_port(&testsa,
+						  transport_type == SIP_TRANSPORT_TLS ?
+						  STANDARD_TLS_PORT : STANDARD_SIP_PORT);
+		}
+	} else {
+		/* Don't trust the contact field.  Just use what they came to us
+		   with */
+		ast_debug(1, "Store REGISTER's src-IP:port for call routing.\n");
+		peer->addr = pvt->recv;
+	}
+
 	/* Check that they're allowed to register at this IP */
-	/* XXX This could block for a long time XXX */
-	/*! \todo Check NAPTR/SRV if we have not got a port in the URI */
-	if (ast_sockaddr_resolve_first(&testsa, domain, 0, 0)) {
-		ast_log(LOG_WARNING, "Invalid domain '%s'\n", domain);
-		ast_string_field_set(peer, fullcontact, "");
-		ast_string_field_set(pvt, our_contact, "");
-		return PARSE_REGISTER_FAILED;
-	}
-
-	/* If we have a port number in the given URI, make sure we do remember to not check for NAPTR/SRV records. 
-	   The domain part is actually a host. */
-	peer->portinuri = ast_sockaddr_port(&testsa) ? TRUE : FALSE;
-
-	if (!ast_sockaddr_port(&testsa))
-		ast_sockaddr_set_port(&testsa,
-				      transport_type == SIP_TRANSPORT_TLS ?
-				      STANDARD_TLS_PORT : STANDARD_SIP_PORT);
-
-	if (!ast_sockaddr_is_ipv6(&testsa)) {
-		ast_sockaddr_to_sin(&testsa, &testsin);
+	if (!ast_sockaddr_is_ipv6(&peer->addr)) {
+		ast_sockaddr_to_sin(&peer->addr, &testsin);
 		if (ast_apply_ha(sip_cfg.contact_ha, &testsin) != AST_SENSE_ALLOW ||
 				ast_apply_ha(peer->contactha, &testsin) != AST_SENSE_ALLOW) {
 			ast_log(LOG_WARNING, "Domain '%s' disallowed by contact ACL (violating IP %s)\n", domain,
@@ -12558,16 +12569,6 @@
 			ast_string_field_set(pvt, our_contact, "");
 			return PARSE_REGISTER_DENIED;
 		}
-	}
-
-	/*! \todo This could come before the checking of DNS earlier on, to avoid
-		DNS lookups where we don't need it... */
-	if (!ast_test_flag(&peer->flags[0], SIP_NAT_FORCE_RPORT) && !ast_test_flag(&peer->flags[0], SIP_NAT_RPORT_PRESENT)) {
-		ast_sockaddr_copy(&peer->addr, &testsa);
-	} else {
-		/* Don't trust the contact field.  Just use what they came to us
-		   with */
-		peer->addr = pvt->recv;
 	}
 
 	/* if the Contact header information copied into peer->addr matches the

Modified: team/group/v6-new/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/group/v6-new/main/http.c?view=diff&rev=270798&r1=270797&r2=270798
==============================================================================
--- team/group/v6-new/main/http.c (original)
+++ team/group/v6-new/main/http.c Tue Jun 15 23:07:50 2010
@@ -418,6 +418,7 @@
 			while ((len = read(fd, buf, sizeof(buf))) > 0) {
 				if (fwrite(buf, len, 1, ser->f) != 1) {
 					ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
+					break;
 				}
 			}
 		}

Modified: team/group/v6-new/res/res_phoneprov.c
URL: http://svnview.digium.com/svn/asterisk/team/group/v6-new/res/res_phoneprov.c?view=diff&rev=270798&r1=270797&r2=270798
==============================================================================
--- team/group/v6-new/res/res_phoneprov.c (original)
+++ team/group/v6-new/res/res_phoneprov.c Tue Jun 15 23:07:50 2010
@@ -411,7 +411,6 @@
 	char *file = NULL;
 	int len;
 	int fd;
-	char buf[256];
 	struct ast_str *http_header;
 
 	if (method != AST_HTTP_GET && method != AST_HTTP_HEAD) {
@@ -441,21 +440,11 @@
 		}
 
 		http_header = ast_str_create(80);
-		ast_str_set(&http_header, 0, "Content-type: %s\r\n",
+		ast_str_set(&http_header, 0, "Content-type: %s",
 			route->file->mime_type);
 
-		while ((len = read(fd, buf, sizeof(buf))) > 0) {
-			if (fwrite(buf, 1, len, ser->f) != len) {
-				if (errno != EPIPE) {
-					ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
-				} else {
-					ast_debug(3, "Requester closed the connection while downloading '%s'\n", path);
-				}
-				break;
-			}
-		}
-
 		ast_http_send(ser, method, 200, NULL, http_header, NULL, fd, 0);
+
 		close(fd);
 		route = unref_route(route);
 		return 0;
@@ -515,7 +504,7 @@
 		}
 
 		http_header = ast_str_create(80);
-		ast_str_set(&http_header, 0, "Content-type: %s\r\n",
+		ast_str_set(&http_header, 0, "Content-type: %s",
 			route->file->mime_type);
 
 		if (!(result = ast_str_create(512))) {




More information about the svn-commits mailing list