Commit Graph

36098 Commits

Author SHA1 Message Date
Dmitry Verenitsin dc5c802627 [libesl] Fix build of tests (#3038) 2026-05-26 23:11:19 +03:00
Dmitry Verenitsin 22de26cc7c Merge commit from fork
* [libesl] Validate `Content-Length` in `esl_recv_event`.

`atol()` accepted negative values, allowing a remote ESL peer to cause
a one-byte heap underwrite (`Content-Length: -1`) or NULL-pointer
dereference (`Content-Length: -2`, since `esl_assert` compiles out
under `NDEBUG`). Reject negative and oversized values, and check
`malloc` failure instead of relying on `assert`.

Cap at `ESL_MAX_CONTENT_LENGTH` (16 MiB).

* [libesl] Add test_recv_event.
2026-05-26 22:28:23 +03:00
Dmitry Verenitsin 02ac36bb11 Merge commit from fork
Lower `CJSON_NESTING_LIMIT` from upstream default 1000 to 64 via
`SWITCH_AM_CFLAGS` / `SWITCH_AM_CXXFLAGS`. The mutually recursive
`parse_value`/`parse_array`/`parse_object` chain in cJSON consumes
~2 stack frames per nesting level, which can overflow worker
threads running on `SWITCH_THREAD_STACKSIZE` (240 KB).
2026-05-26 22:27:05 +03:00
Dmitry Verenitsin 74d320834b Merge commit from fork
In `check_auth()` the userauth branch committed request `userVariables`,
`JPFLAG_RESUME_CALL`, identity fields, `<user><params>`/`<variables>`,
`dialplan`, and `context` to `jsock` *before* the password compare. On
mismatch only `jsock->uid` was reverted; the rest persisted on the
socket and leaked into outbound/inbound INVITE setup and `jsapi`/event
publishes.

Restructure so the gate runs first: pre-scan `<user><params>` into
locals, compare, and on mismatch return FALSE with no `jsock` writes.
Identity/vars commits and `<user><params>`/`<variables>` persistence
move past the gate. Blind-reg short-circuit and
`req_params`/`x_user` ownership preserved on every exit; success-path
writes are bit-for-bit equivalent.

Side cleanups:
- "Login sucessful" → "Login successful" typo;
- success log WARNING → NOTICE;
- the spurious WARNING "Login sucessful" no longer fires on bad-password
attempts that located the user in the directory;
2026-05-26 22:26:29 +03:00
Dmitry Verenitsin 693f7dc6aa Merge commit from fork
`process_jrpc()` called `set_session_id()` before `check_auth()`, so an
unauthenticated client could insert its jsock into `jsock_hash` under a
foreign `sessid` and have `attach_jsock()` evict the prior owner
(`verto.punt` + `detach_calls()` + `drop=1`) with no identity check.

Move the bind past the auth gate; `JPFLAG_INIT` now means "jsock is
bound", not "first frame seen". Additionally, `attach_jsock()` refuses
the bind when prior and new jsock are authed under different `uid`s,
replying `CODE_AUTH_FAILED` "Session in use". Same-uid reconnect and
no-auth profile binds are unchanged.
2026-05-26 22:24:48 +03:00
Dmitry Verenitsin 67b62fb969 Merge commit from fork
Unchecked `atoi()` on declared payload size let a client
request up to `INT_MAX`, forcing the server to write ~20 GB
per request via the download phase. Short `#` frames also
triggered OOB reads on `s[1..3]`.

- Gate `#` branch on `JPFLAG_AUTHED`.
- Cap declared size at 10 MiB (`VERTO_SPEED_TEST_MAX_SIZE`).
- Replace `atoi()` with bounded `strtol()`.
- Require `bytes >= 4` before indexing `s[1..3]`.
2026-05-26 22:23:35 +03:00
Dmitry Verenitsin 33ee3663bb Merge commit from fork
Cap `Content-Length` at `HTTP_POST_MAX_BODY` (10 MiB) and size the
allocation to the actual body length (`content_length + 1` for
the trailing NUL).

Also fix `WS_BLOCK` units — `kws_raw_read` takes ms, set to 10000.
2026-05-26 22:02:42 +03:00
MarioG-X e3dc9950fd [GHA] Update ffmpeg and libpq in macos.yml
ffmpeg@5 changed to ffmpeg@7
Note: tested ffmpeg@8 but it causes missing ft2build.h in truetype include library.

libpq@16 changed to libpq@18

Co-authored-by: Andrey Volk <andywolk@gmail.com>
2026-05-26 19:29:55 +03:00
Dmitry Verenitsin bf9c95e890 [core] Use switch_stun_ipv6_t for STUN IPv6 write paths. (#3037)
Route IPv6 writes in `switch_stun_packet_attribute_add_binded_address`
and `switch_stun_packet_attribute_add_xor_binded_address` through
`switch_stun_ipv6_t` (16-byte `address[]`) instead of `switch_stun_ip_t`
(4-byte `uint32_t address`).

Add IPv4/IPv6 unit tests for both encoders.

Co-authored-by: Andrey Volk <andywolk@gmail.com>
2026-05-26 18:11:11 +03:00
Dmitry Verenitsin 9da537a19f [mod_sofia] Add SIP 603+ detection and passthrough control. Add unit-tests. (#3035)
Implement SIP 603+ (ATIS-1000099) support for FCC analytics-based call blocking compliance.

Detection:
- Detect incoming 603+ responses by checking "Network Blocked" phrase
and "v=analytics1;" in the `Reason` header text
- Set `sip_603plus_reason` channel variable on both legs for CDR visibility

Passthrough control:
- `sip_603plus_passthrough=true`: forward 603+ phrase and Reason header
- `sip_603plus_passthrough=false`: strip `Reason` header, send clean `603 Decline`
- Not set: existing behavior preserved
- Works independently of `disable_q850_reason` for selective forwarding
2026-05-26 17:33:23 +03:00
Dmitry Verenitsin bcd9d82630 [mod_sofia] capture SIP reason header on INVITE failure (#3036)
Co-authored-by: Chris Rienzo <chris@signalwire.com>
2026-05-26 16:42:52 +03:00
Andrey Volk 2bd6f0116b [mod_sofia] Reload certificates on the fly without disconnects using reloadcert API. (#3034) 2026-05-26 01:12:37 +03:00
Andrey Volk b5c3c86aa0 [mod_commands, mod_verto] Add new reloadcert API and let mod_verto reload certificates on the fly without disconnects. (#3033) 2026-05-26 00:25:56 +03:00
Dmitry Verenitsin 325bb3a606 [core] Fix segments count check in clean_uri(). Add unit-test. (#3032) 2026-05-26 00:16:40 +03:00
Dmitry Verenitsin 08c3fffa7c [mod_sofia] Fix use-after-free in dispatch event thread. (#3031)
`sofia_process_dispatch_event_in_thread` allocated `td` from a memory pool,
then `sofia_msg_thread_run_once` destroyed that same pool after processing
the event — leaving `td` dangling when the thread pool worker accessed it.

Allocate `td` with `switch_zmalloc` (`td->alloc = 1`) so the worker frees it
safely after the function returns. Remove the now-unused `pool` field from
`sofia_dispatch_event_t`.
2026-05-26 00:15:19 +03:00
Dmitry Verenitsin 56cc958b28 [core] Fix use-after-free in session thread pool worker. (#3030)
`switch_core_session_thread_pool_launch()` allocated the thread data (`td`)
from the session pool. However, `switch_core_session_thread()` destroys
the session pool before returning, leaving td as a dangling pointer.
The worker then accesses `td->running` and `td->pool` — a use-after-free
that crashes under memory pressure when the freed pool is reused.

Allocate `td` with `switch_zmalloc()` and set `td->alloc = 1` so the worker frees it
after the task completes. This ensures `td` outlives the session pool
destruction.
2026-05-26 00:13:29 +03:00
Dmitry Verenitsin c25af8dd81 [mod_erlang_event] Fix correctness, OTP compatibility, and memory issues
Changes:
- Snapshot `erl_errno` after `ei_xreceive_msg_tmo()` — outbound `ei_*` calls in the same loop iteration clobber the thread-local errno before the listener checks it, causing wrong exit decisions and misleading logs.
- Fix `switch_size_t ` cast of `int` in `ei_link`* — `(switch_size_t *)&index` reads/writes 8 bytes through a 4-byte `int` on LP64. Use a real `switch_size_t` local.
- Dispatch `ERL_NEWER_REFERENCE_EXT` — newer OTP encodes refs with this tag; spawn replies from modern nodes were silently dropped to the default branch.
- Handle `ERL_EXIT2` — processes killed via `erlang:exit/2` arrive with this tag, not `ERL_EXIT`. Without it, sessions stayed attached to dead Erlang pids.
- Modernize `-spec` syntax in `freeswitch.erl` — old `-spec(F/N :: (...))` form was removed in OTP 21+; module no longer compiled.
- Fix multiple memory issues:
  - `ei_hash_ref()`: replace unbounded `sprintf` with `snprintf` + shared `EI_HASH_REF_LEN`.
  - `handle_msg_sendevent` / `handle_msg_sendmsg`: free the heap `value` on `ei_decode_string` failure; remove dead `if (!fail)` branches.
  - `listener_main_loop`: free `buf`/`rbuf` on the two `handle_msg` early-exit paths.
  - `erlang_sendmsg_function` app: move `ei_x_new_with_version` past arg validation and add `ei_x_free` at the end.
2026-05-26 00:12:08 +03:00
Andrey Volk 1544dfb755 [Core, modules] Fix various dead assignments. 2026-05-25 23:56:13 +03:00
Gustavo Almeida 7d35ea2986 [mod_sofia] Fix handling of sip-options-respond-503-on-busy profile parameter 2026-05-25 21:15:13 +03:00
Niall Dooley 90da63c0d1 [mod_commands] Fix reloadacl description 2026-05-25 21:11:10 +03:00
Andrey Volk 4bc49f57b7 [Build-System] Update libks requirements to 2.0.11 (#3025) 2026-05-20 23:18:38 +03:00
Andrey Volk 7fbfe11d01 version bump 2026-05-08 02:26:52 +03:00
Serhii Ivanov f40469efcc [GHA] Use release libs for trixie releases (#3016) 2026-05-08 00:53:07 +03:00
Andrey Volk 1eff3afde1 swigall (#3015) 2026-05-07 21:52:56 +03:00
Andrey Volk 1e1cecd474 Merge commit from fork 2026-05-07 20:20:52 +03:00
Andrey Volk 2a7100053a Merge commit from fork 2026-05-07 20:18:11 +03:00
Andrey Volk ce12717ad7 Merge commit from fork
Co-authored-by: Jakub Karolczyk <jakub.karolczyk@signalwire.com>
2026-05-07 20:14:34 +03:00
Serhii Ivanov 1a97ed38e6 [GHA] Treat v1.11 as a release branch (#2873)
* [GHA] Add `v1.11` branch target
* [GHA] Treat `v1.11` as a release branch

---------

Co-authored-by: Andrey Volk <andywolk@gmail.com>
2026-05-07 18:19:08 +03:00
praveen-kd-23 8babcee3ea [Core] Fix DTLS Peer Certificate verification 2026-04-02 18:03:28 +03:00
Andrey Volk 14b8295dbc [mod_cdr_mongodb] Remove from tree (#2992) 2026-03-06 01:26:20 +03:00
Andrey Volk 88fa1f95ca [libesl] Fix heap buffer overflow in esl_buffer_write (#2979) 2026-01-16 23:10:23 +03:00
Andrey Volk 418edb8e2b [Build-System] Use unique .orig.tar.xz filenames across different Debian distributions. Update Debian distributions since stable is Trixie now. Use codename instead of suite when generating the distribution field in .changes files. (#2953) 2025-11-21 17:47:45 +03:00
Serhii Ivanov 4c93f3ce2b [UTILS] Add additional token prefix (#2950) 2025-11-19 01:37:49 +03:00
Ahron Greenberg (agree) 2062d2c483 [mod_curl] Add curl exit code to response 2025-11-15 00:47:08 +03:00
Andrey Volk 02549c10d9 [mod_dialplan_xml] Fix double free after upgrade to pcre2. (#2946) 2025-11-13 17:42:04 +03:00
Andrey Volk 9b0bbeaac9 [Build-System] Update OpenSSL to v3.4.3, bump libks to 2.0.7 on Windows. (#2934) 2025-10-16 21:47:51 +03:00
Jakub Karolczyk caa50b6c4f Merge pull request #2915 from signalwire/fix_missing_ice_mutex
[core] Fix - add missing ice_mutex to protect dtls
2025-09-15 17:24:48 +01:00
Jakub Karolczyk 1585ca7aaf [core] Fix - add missing ice_mutex to protect dtls 2025-09-15 16:59:30 +01:00
Jakub Karolczyk aede363606 Merge pull request #2914 from signalwire/fix_old_port_log 2025-09-14 16:55:16 +01:00
Jakub Karolczyk 2059e933be [core] Fix logging of old remote RTP port 2025-09-14 16:17:08 +01:00
Jakub Karolczyk 5aee26556a Merge pull request #2913 from signalwire/fix_from_addr
[core] Fix initialization of rtp_session from_addr
2025-09-14 16:14:10 +01:00
Jakub Karolczyk 1258044125 [core] Fix initialization of rtp_session from_addr 2025-09-14 15:52:35 +01:00
Jakub Karolczyk 7034d6cfda Merge pull request #2912 from signalwire/fix_timer_check
[core] Fix - should take the amount of time until the timer next expires
2025-09-14 15:49:06 +01:00
Jakub Karolczyk 96d086820b [core] Fix - should take the amount of time until the timer next expires 2025-09-14 15:23:29 +01:00
s3rj1k b00a0de0ba [GHA] Bump trixie image version (#2906) 2025-09-04 01:45:18 +03:00
s3rj1k 70a29c48d3 [core] Cleanup .DS_Store (#2897) 2025-09-04 00:26:45 +03:00
s3rj1k ece5cf7b48 [GHA] Remove pinned cmake version in MacOS (#2905) 2025-09-03 23:52:35 +03:00
s3rj1k b0b646a8d6 [GHA] More robust MacOS dependency install (#2898) 2025-08-30 00:27:03 +03:00
Adnan Elezovic d22aec67c6 [mod_conference] Avoid race conditions touching conference->variables without a mutex.
Co-authored-by: aelezovic <adnan.elezovic@infobip.com>
2025-08-14 12:27:28 +03:00
Seven Du 7f9dd270b4 [core] add uuidv7 support 2025-07-31 19:38:54 +03:00