[svn-commits] bebuild: tag 12.1.1 r410439 - in /tags/12.1.1: ./ channels/ main/ res/ res/re...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Mon Mar 10 13:20:47 CDT 2014
Author: bebuild
Date: Mon Mar 10 13:20:42 2014
New Revision: 410439
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=410439
Log:
AST-2014-001: AST-2014-002: AST-2014-003: Merge into 12.1.1
Modified:
tags/12.1.1/ (props changed)
tags/12.1.1/ChangeLog
tags/12.1.1/channels/chan_sip.c
tags/12.1.1/main/http.c
tags/12.1.1/res/res_pjsip.c
tags/12.1.1/res/res_pjsip/pjsip_options.c
Propchange: tags/12.1.1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar 10 13:20:42 2014
@@ -1,1 +1,1 @@
-/branches/12:407676,407747,407750,407937,408555,408855,409054,409131,409158
+/branches/12:407676,407747,407750,407937,408555,408855,409054,409131,409158,410306,410329,410383
Modified: tags/12.1.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/12.1.1/ChangeLog?view=diff&rev=410439&r1=410438&r2=410439
==============================================================================
--- tags/12.1.1/ChangeLog (original)
+++ tags/12.1.1/ChangeLog Mon Mar 10 13:20:42 2014
@@ -1,3 +1,44 @@
+2014-03-10 Asterisk Development Team <asteriskteam at digium.com>
+
+ * Asterisk 12.1.1 Released.
+
+ * AST-2014-003: res_pjsip: When handling 401/407 responses don't assume
+ a request will have an endpoint.
+
+ This change removes the assumption that an outgoing request will
+ always have an endpoint and makes the authenticate_qualify option
+ work once again.
+
+ (closes issue ASTERISK-23210)
+ Reported by: Joshua Colp
+
+ * AST-2012-002: chan_sip: Exit early on bad session timers request
+
+ This change allows chan_sip to avoid creation of the channel and
+ consumption of associated file descriptors altogether if the inbound
+ request is going to be rejected anyway.
+
+ (closes issue ASTERISK-23373)
+ Reported by: Corey Farrell
+ Patches:
+ chan_sip-earlier-st-1.8.patch uploaded by Corey Farrell (license 5909)
+ chan_sip-earlier-st-11.patch uploaded by Corey Farrell (license 5909)
+
+ * AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
+
+ Sending a HTTP request that is handled by Asterisk with a large
+ number of Cookie headers could overflow the stack.
+
+ Another vulnerability along similar lines is any HTTP request with a
+ ridiculous number of headers in the request could exhaust system
+ memory.
+
+ (closes issue ASTERISK-23340)
+ Reported by: Lucas Molas, researcher at Programa STIC, Fundacion;
+ and Dr. Manuel Sadosky, Buenos Aires, Argentina
+
+
+
2014-03-03 Asterisk Development Team <asteriskteam at digium.com>
* Asterisk 12.1.0 Released.
Modified: tags/12.1.1/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/tags/12.1.1/channels/chan_sip.c?view=diff&rev=410439&r1=410438&r2=410439
==============================================================================
--- tags/12.1.1/channels/chan_sip.c (original)
+++ tags/12.1.1/channels/chan_sip.c Mon Mar 10 13:20:42 2014
@@ -25202,6 +25202,145 @@
return 0;
}
+/*
+ * \internal \brief Check Session Timers for an INVITE request
+ *
+ * \retval 0 ok
+ * \retval -1 failure
+ */
+static int handle_request_invite_st(struct sip_pvt *p, struct sip_request *req,
+ const char *required, int reinvite)
+{
+ const char *p_uac_se_hdr; /* UAC's Session-Expires header string */
+ const char *p_uac_min_se; /* UAC's requested Min-SE interval (char string) */
+ int uac_max_se = -1; /* UAC's Session-Expires in integer format */
+ int uac_min_se = -1; /* UAC's Min-SE in integer format */
+ int st_active = FALSE; /* Session-Timer on/off boolean */
+ int st_interval = 0; /* Session-Timer negotiated refresh interval */
+ enum st_refresher tmp_st_ref = SESSION_TIMER_REFRESHER_AUTO; /* Session-Timer refresher */
+ int dlg_min_se = -1;
+ int dlg_max_se = global_max_se;
+ int rtn;
+
+ /* Session-Timers */
+ if ((p->sipoptions & SIP_OPT_TIMER)) {
+ enum st_refresher_param st_ref_param = SESSION_TIMER_REFRESHER_PARAM_UNKNOWN;
+
+ /* The UAC has requested session-timers for this session. Negotiate
+ the session refresh interval and who will be the refresher */
+ ast_debug(2, "Incoming INVITE with 'timer' option supported\n");
+
+ /* Allocate Session-Timers struct w/in the dialog */
+ if (!p->stimer) {
+ sip_st_alloc(p);
+ }
+
+ /* Parse the Session-Expires header */
+ p_uac_se_hdr = sip_get_header(req, "Session-Expires");
+ if (!ast_strlen_zero(p_uac_se_hdr)) {
+ ast_debug(2, "INVITE also has \"Session-Expires\" header.\n");
+ rtn = parse_session_expires(p_uac_se_hdr, &uac_max_se, &st_ref_param);
+ tmp_st_ref = (st_ref_param == SESSION_TIMER_REFRESHER_PARAM_UAC) ? SESSION_TIMER_REFRESHER_THEM : SESSION_TIMER_REFRESHER_US;
+ if (rtn != 0) {
+ transmit_response_reliable(p, "400 Session-Expires Invalid Syntax", req);
+ return -1;
+ }
+ }
+
+ /* Parse the Min-SE header */
+ p_uac_min_se = sip_get_header(req, "Min-SE");
+ if (!ast_strlen_zero(p_uac_min_se)) {
+ ast_debug(2, "INVITE also has \"Min-SE\" header.\n");
+ rtn = parse_minse(p_uac_min_se, &uac_min_se);
+ if (rtn != 0) {
+ transmit_response_reliable(p, "400 Min-SE Invalid Syntax", req);
+ return -1;
+ }
+ }
+
+ dlg_min_se = st_get_se(p, FALSE);
+ switch (st_get_mode(p, 1)) {
+ case SESSION_TIMER_MODE_ACCEPT:
+ case SESSION_TIMER_MODE_ORIGINATE:
+ if (uac_max_se > 0 && uac_max_se < dlg_min_se) {
+ transmit_response_with_minse(p, "422 Session Interval Too Small", req, dlg_min_se);
+ return -1;
+ }
+
+ p->stimer->st_active_peer_ua = TRUE;
+ st_active = TRUE;
+ if (st_ref_param == SESSION_TIMER_REFRESHER_PARAM_UNKNOWN) {
+ tmp_st_ref = st_get_refresher(p);
+ }
+
+ dlg_max_se = st_get_se(p, TRUE);
+ if (uac_max_se > 0) {
+ if (dlg_max_se >= uac_min_se) {
+ st_interval = (uac_max_se < dlg_max_se) ? uac_max_se : dlg_max_se;
+ } else {
+ st_interval = uac_max_se;
+ }
+ } else if (uac_min_se > 0) {
+ st_interval = MAX(dlg_max_se, uac_min_se);
+ } else {
+ st_interval = dlg_max_se;
+ }
+ break;
+
+ case SESSION_TIMER_MODE_REFUSE:
+ if (p->reqsipoptions & SIP_OPT_TIMER) {
+ transmit_response_with_unsupported(p, "420 Option Disabled", req, required);
+ ast_log(LOG_WARNING, "Received SIP INVITE with supported but disabled option: %s\n", required);
+ return -1;
+ }
+ break;
+
+ default:
+ ast_log(LOG_ERROR, "Internal Error %d at %s:%d\n", st_get_mode(p, 1), __FILE__, __LINE__);
+ break;
+ }
+ } else {
+ /* The UAC did not request session-timers. Asterisk (UAS), will now decide
+ (based on session-timer-mode in sip.conf) whether to run session-timers for
+ this session or not. */
+ switch (st_get_mode(p, 1)) {
+ case SESSION_TIMER_MODE_ORIGINATE:
+ st_active = TRUE;
+ st_interval = st_get_se(p, TRUE);
+ tmp_st_ref = SESSION_TIMER_REFRESHER_US;
+ p->stimer->st_active_peer_ua = (p->sipoptions & SIP_OPT_TIMER) ? TRUE : FALSE;
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ if (reinvite == 0) {
+ /* Session-Timers: Start session refresh timer based on negotiation/config */
+ if (st_active == TRUE) {
+ p->stimer->st_active = TRUE;
+ p->stimer->st_interval = st_interval;
+ p->stimer->st_ref = tmp_st_ref;
+ }
+ } else {
+ if (p->stimer->st_active == TRUE) {
+ /* Session-Timers: A re-invite request sent within a dialog will serve as
+ a refresh request, no matter whether the re-invite was sent for refreshing
+ the session or modifying it.*/
+ ast_debug (2, "Restarting session-timers on a refresh - %s\n", p->callid);
+
+ /* The UAC may be adjusting the session-timers mid-session */
+ if (st_interval > 0) {
+ p->stimer->st_interval = st_interval;
+ p->stimer->st_ref = tmp_st_ref;
+ }
+ }
+ }
+
+ return 0;
+}
+
/*!
* \brief Handle incoming INVITE request
* \note If the INVITE has a Replaces header, it is part of an
@@ -25220,19 +25359,9 @@
struct ast_channel *c = NULL; /* New channel */
struct sip_peer *authpeer = NULL; /* Matching Peer */
int reinvite = 0;
- int rtn;
struct ast_party_redirecting redirecting;
struct ast_set_party_redirecting update_redirecting;
- const char *p_uac_se_hdr; /* UAC's Session-Expires header string */
- const char *p_uac_min_se; /* UAC's requested Min-SE interval (char string) */
- int uac_max_se = -1; /* UAC's Session-Expires in integer format */
- int uac_min_se = -1; /* UAC's Min-SE in integer format */
- int st_active = FALSE; /* Session-Timer on/off boolean */
- int st_interval = 0; /* Session-Timer negotiated refresh interval */
- enum st_refresher tmp_st_ref = SESSION_TIMER_REFRESHER_AUTO; /* Session-Timer refresher */
- int dlg_min_se = -1;
- int dlg_max_se = global_max_se;
struct {
char exten[AST_MAX_EXTENSION];
char context[AST_MAX_CONTEXT];
@@ -25697,6 +25826,14 @@
/* Initialize our tag */
make_our_tag(p);
+
+ if (handle_request_invite_st(p, req, required, reinvite)) {
+ p->invitestate = INV_COMPLETED;
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ res = INV_REQ_ERROR;
+ goto request_invite_cleanup;
+ }
+
/* First invitation - create the channel. Allocation
* failures are handled below. */
@@ -25731,6 +25868,16 @@
}
if (!req->ignore)
reinvite = 1;
+
+ if (handle_request_invite_st(p, req, required, reinvite)) {
+ p->invitestate = INV_COMPLETED;
+ if (!p->lastinvite) {
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ }
+ res = INV_REQ_ERROR;
+ goto request_invite_cleanup;
+ }
+
c = p->owner;
change_redirecting_information(p, req, &redirecting, &update_redirecting, FALSE); /*Will return immediately if no Diversion header is present */
if (c) {
@@ -25742,140 +25889,10 @@
/* Check if OLI/ANI-II is present in From: */
parse_oli(req, p->owner);
- /* Session-Timers */
- if ((p->sipoptions & SIP_OPT_TIMER)) {
- enum st_refresher_param st_ref_param = SESSION_TIMER_REFRESHER_PARAM_UNKNOWN;
-
- /* The UAC has requested session-timers for this session. Negotiate
- the session refresh interval and who will be the refresher */
- ast_debug(2, "Incoming INVITE with 'timer' option supported\n");
-
- /* Allocate Session-Timers struct w/in the dialog */
- if (!p->stimer)
- sip_st_alloc(p);
-
- /* Parse the Session-Expires header */
- p_uac_se_hdr = sip_get_header(req, "Session-Expires");
- if (!ast_strlen_zero(p_uac_se_hdr)) {
- ast_debug(2, "INVITE also has \"Session-Expires\" header.\n");
- rtn = parse_session_expires(p_uac_se_hdr, &uac_max_se, &st_ref_param);
- tmp_st_ref = (st_ref_param == SESSION_TIMER_REFRESHER_PARAM_UAC) ? SESSION_TIMER_REFRESHER_THEM : SESSION_TIMER_REFRESHER_US;
- if (rtn != 0) {
- transmit_response_reliable(p, "400 Session-Expires Invalid Syntax", req);
- p->invitestate = INV_COMPLETED;
- if (!p->lastinvite) {
- sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
- }
- res = INV_REQ_ERROR;
- goto request_invite_cleanup;
- }
- }
-
- /* Parse the Min-SE header */
- p_uac_min_se = sip_get_header(req, "Min-SE");
- if (!ast_strlen_zero(p_uac_min_se)) {
- ast_debug(2, "INVITE also has \"Min-SE\" header.\n");
- rtn = parse_minse(p_uac_min_se, &uac_min_se);
- if (rtn != 0) {
- transmit_response_reliable(p, "400 Min-SE Invalid Syntax", req);
- p->invitestate = INV_COMPLETED;
- if (!p->lastinvite) {
- sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
- }
- res = INV_REQ_ERROR;
- goto request_invite_cleanup;
- }
- }
-
- dlg_min_se = st_get_se(p, FALSE);
- switch (st_get_mode(p, 1)) {
- case SESSION_TIMER_MODE_ACCEPT:
- case SESSION_TIMER_MODE_ORIGINATE:
- if (uac_max_se > 0 && uac_max_se < dlg_min_se) {
- transmit_response_with_minse(p, "422 Session Interval Too Small", req, dlg_min_se);
- p->invitestate = INV_COMPLETED;
- if (!p->lastinvite) {
- sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
- }
- res = INV_REQ_ERROR;
- goto request_invite_cleanup;
- }
-
- p->stimer->st_active_peer_ua = TRUE;
- st_active = TRUE;
- if (st_ref_param == SESSION_TIMER_REFRESHER_PARAM_UNKNOWN) {
- tmp_st_ref = st_get_refresher(p);
- }
-
- dlg_max_se = st_get_se(p, TRUE);
- if (uac_max_se > 0) {
- if (dlg_max_se >= uac_min_se) {
- st_interval = (uac_max_se < dlg_max_se) ? uac_max_se : dlg_max_se;
- } else {
- st_interval = uac_max_se;
- }
- } else if (uac_min_se > 0) {
- st_interval = MAX(dlg_max_se, uac_min_se);
- } else {
- st_interval = dlg_max_se;
- }
- break;
-
- case SESSION_TIMER_MODE_REFUSE:
- if (p->reqsipoptions & SIP_OPT_TIMER) {
- transmit_response_with_unsupported(p, "420 Option Disabled", req, required);
- ast_log(LOG_WARNING, "Received SIP INVITE with supported but disabled option: %s\n", required);
- p->invitestate = INV_COMPLETED;
- if (!p->lastinvite) {
- sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
- }
- res = INV_REQ_ERROR;
- goto request_invite_cleanup;
- }
- break;
-
- default:
- ast_log(LOG_ERROR, "Internal Error %d at %s:%d\n", st_get_mode(p, 1), __FILE__, __LINE__);
- break;
- }
- } else {
- /* The UAC did not request session-timers. Asterisk (UAS), will now decide
- (based on session-timer-mode in sip.conf) whether to run session-timers for
- this session or not. */
- switch (st_get_mode(p, 1)) {
- case SESSION_TIMER_MODE_ORIGINATE:
- st_active = TRUE;
- st_interval = st_get_se(p, TRUE);
- tmp_st_ref = SESSION_TIMER_REFRESHER_US;
- p->stimer->st_active_peer_ua = (p->sipoptions & SIP_OPT_TIMER) ? TRUE : FALSE;
- break;
-
- default:
- break;
- }
- }
-
- if (reinvite == 0) {
- /* Session-Timers: Start session refresh timer based on negotiation/config */
- if (st_active == TRUE) {
- p->stimer->st_active = TRUE;
- p->stimer->st_interval = st_interval;
- p->stimer->st_ref = tmp_st_ref;
+ if (p->stimer->st_active == TRUE) {
+ if (reinvite == 0) {
start_session_timer(p);
- }
- } else {
- if (p->stimer->st_active == TRUE) {
- /* Session-Timers: A re-invite request sent within a dialog will serve as
- a refresh request, no matter whether the re-invite was sent for refreshing
- the session or modifying it.*/
- ast_debug (2, "Restarting session-timers on a refresh - %s\n", p->callid);
-
- /* The UAC may be adjusting the session-timers mid-session */
- if (st_interval > 0) {
- p->stimer->st_interval = st_interval;
- p->stimer->st_ref = tmp_st_ref;
- }
-
+ } else {
restart_session_timer(p);
}
}
Modified: tags/12.1.1/main/http.c
URL: http://svnview.digium.com/svn/asterisk/tags/12.1.1/main/http.c?view=diff&rev=410439&r1=410438&r2=410439
==============================================================================
--- tags/12.1.1/main/http.c (original)
+++ tags/12.1.1/main/http.c Mon Mar 10 13:20:42 2014
@@ -197,9 +197,7 @@
break;
}
}
- if (cookies) {
- ast_variables_destroy(cookies);
- }
+ ast_variables_destroy(cookies);
return mngid;
}
@@ -1083,12 +1081,13 @@
}*/
#endif /* DO_SSL */
-static struct ast_variable *parse_cookies(char *cookies)
-{
+static struct ast_variable *parse_cookies(const char *cookies)
+{
+ char *parse = ast_strdupa(cookies);
char *cur;
struct ast_variable *vars = NULL, *var;
- while ((cur = strsep(&cookies, ";"))) {
+ while ((cur = strsep(&parse, ";"))) {
char *name, *val;
name = val = cur;
@@ -1118,16 +1117,12 @@
/* get cookie from Request headers */
struct ast_variable *ast_http_get_cookies(struct ast_variable *headers)
{
- struct ast_variable *v, *cookies=NULL;
+ struct ast_variable *v, *cookies = NULL;
for (v = headers; v; v = v->next) {
if (!strcasecmp(v->name, "Cookie")) {
- char *tmp = ast_strdupa(v->value);
- if (cookies) {
- ast_variables_destroy(cookies);
- }
-
- cookies = parse_cookies(tmp);
+ ast_variables_destroy(cookies);
+ cookies = parse_cookies(v->value);
}
}
return cookies;
@@ -1226,6 +1221,9 @@
return NULL;
}
+/*! Limit the number of request headers in case the sender is being ridiculous. */
+#define MAX_HTTP_REQUEST_HEADERS 100
+
static void *httpd_helper_thread(void *data)
{
char buf[4096];
@@ -1236,6 +1234,7 @@
char *uri, *method;
enum ast_http_method http_method = AST_HTTP_UNKNOWN;
const char *transfer_encoding;
+ int remaining_headers;
if (ast_atomic_fetchadd_int(&session_count, +1) >= session_limit) {
goto done;
@@ -1274,9 +1273,13 @@
if (*c) {
*c = '\0';
}
+ } else {
+ ast_http_error(ser, 400, "Bad Request", "Invalid Request");
+ goto done;
}
/* process "Request Headers" lines */
+ remaining_headers = MAX_HTTP_REQUEST_HEADERS;
while (fgets(header_line, sizeof(header_line), ser->f)) {
char *name, *value;
@@ -1299,12 +1302,28 @@
ast_trim_blanks(name);
+ if (!remaining_headers--) {
+ /* Too many headers. */
+ ast_http_error(ser, 413, "Request Entity Too Large", "Too many headers");
+ goto done;
+ }
if (!headers) {
headers = ast_variable_new(name, value, __FILE__);
tail = headers;
} else {
tail->next = ast_variable_new(name, value, __FILE__);
tail = tail->next;
+ }
+ if (!tail) {
+ /*
+ * Variable allocation failure.
+ * Try to make some room.
+ */
+ ast_variables_destroy(headers);
+ headers = NULL;
+
+ ast_http_error(ser, 500, "Server Error", "Out of memory");
+ goto done;
}
}
@@ -1325,20 +1344,13 @@
goto done;
}
- if (!*uri) {
- ast_http_error(ser, 400, "Bad Request", "Invalid Request");
- goto done;
- }
-
handle_uri(ser, uri, http_method, headers);
done:
ast_atomic_fetchadd_int(&session_count, -1);
/* clean up all the header information */
- if (headers) {
- ast_variables_destroy(headers);
- }
+ ast_variables_destroy(headers);
if (ser->f) {
fclose(ser->f);
Modified: tags/12.1.1/res/res_pjsip.c
URL: http://svnview.digium.com/svn/asterisk/tags/12.1.1/res/res_pjsip.c?view=diff&rev=410439&r1=410438&r2=410439
==============================================================================
--- tags/12.1.1/res/res_pjsip.c (original)
+++ tags/12.1.1/res/res_pjsip.c Mon Mar 10 13:20:42 2014
@@ -1842,7 +1842,7 @@
}
AST_RWLIST_UNLOCK(&supplements);
- if (tsx->status_code == 401 || tsx->status_code == 407) {
+ if ((tsx->status_code == 401 || tsx->status_code == 407) && req_data->endpoint) {
if (!ast_sip_create_request_with_auth(&req_data->endpoint->outbound_auths, challenge, tsx, &tdata)) {
pjsip_endpt_send_request(ast_sip_get_pjsip_endpoint(), tdata, -1, req_data->token, req_data->callback);
}
Modified: tags/12.1.1/res/res_pjsip/pjsip_options.c
URL: http://svnview.digium.com/svn/asterisk/tags/12.1.1/res/res_pjsip/pjsip_options.c?view=diff&rev=410439&r1=410438&r2=410439
==============================================================================
--- tags/12.1.1/res/res_pjsip/pjsip_options.c (original)
+++ tags/12.1.1/res/res_pjsip/pjsip_options.c Mon Mar 10 13:20:42 2014
@@ -226,7 +226,7 @@
RAII_VAR(struct ast_sip_endpoint *, endpoint_local, ao2_bump(endpoint), ao2_cleanup);
- if (!endpoint_local) {
+ if (!endpoint_local && contact->authenticate_qualify) {
struct ao2_iterator *endpoint_iterator = find_endpoints(contact);
/* try to find endpoints that are associated with the contact */
@@ -256,7 +256,7 @@
init_start_time(contact);
ao2_ref(contact, +1);
- if (ast_sip_send_request(tdata, NULL, endpoint_local, contact,
+ if (ast_sip_send_request(tdata, NULL, contact->authenticate_qualify ? endpoint_local : NULL, contact,
qualify_contact_cb) != PJ_SUCCESS) {
/* The callback will be called so we don't need to drop the contact ref*/
ast_log(LOG_ERROR, "Unable to send request to qualify contact %s\n",
More information about the svn-commits
mailing list