From: <jpg...@us...> - 2008-07-01 16:14:05
|
Revision: 1439 http://iaxclient.svn.sourceforge.net/iaxclient/?rev=1439&view=rev Author: jpgrayson Date: 2008-07-01 09:14:08 -0700 (Tue, 01 Jul 2008) Log Message: ----------- Fix problem where outgoing calls would be in the active state (IAXC_CALL_STATE_ACTIVE) prior to the other end even ACCEPTing the call. This potentially allowed TEXT, DTMF, and other frames to go out prior to the call being ACCEPTed by the other end. Recent versions of asterisk (1.4.19+) have security fixes in-place that don't take to kindly to this kind of bogus protocol. - The fix is to only put the call into the active state after we have received an ACCEPT frame from the other end. Modified Paths: -------------- trunk/lib/iaxclient_lib.c Modified: trunk/lib/iaxclient_lib.c =================================================================== --- trunk/lib/iaxclient_lib.c 2008-07-01 15:52:43 UTC (rev 1438) +++ trunk/lib/iaxclient_lib.c 2008-07-01 16:14:08 UTC (rev 1439) @@ -1194,6 +1194,7 @@ iaxc_clear_call(callNo); break; case IAX_EVENT_ACCEPT: + calls[callNo].state |= IAXC_CALL_STATE_ACTIVE; calls[callNo].format = e->ies.format & IAXC_AUDIO_FORMAT_MASK; calls[callNo].vformat = e->ies.format & IAXC_VIDEO_FORMAT_MASK; #if USE_VIDEO @@ -1203,6 +1204,7 @@ "Failed video codec negotiation."); } #endif + iaxci_do_state_callback(callNo); iaxci_usermsg(IAXC_STATUS,"Call %d accepted", callNo); break; case IAX_EVENT_ANSWER: @@ -1372,7 +1374,7 @@ } else { // use selected call if not active, otherwise, get a new appearance - if ( calls[selected_call].state & IAXC_CALL_STATE_ACTIVE ) + if ( calls[selected_call].state & IAXC_CALL_STATE_ACTIVE ) { callNo = iaxc_first_free_call(); } else @@ -1426,7 +1428,7 @@ strncpy(calls[callNo].local , calls[callNo].callerid_name, IAXC_EVENT_BUFSIZ); strncpy(calls[callNo].local_context, "default", IAXC_EVENT_BUFSIZ); - calls[callNo].state = IAXC_CALL_STATE_ACTIVE | IAXC_CALL_STATE_OUTGOING; + calls[callNo].state = IAXC_CALL_STATE_OUTGOING; /* reset activity and ping "timers" */ iaxc_note_activity(callNo); @@ -1530,7 +1532,7 @@ EXPORT void iaxc_dump_call_number( int callNo ) { - if ( ( callNo >= 0 ) && ( callNo < max_calls ) ) + if ( callNo >= 0 && callNo < max_calls ) { get_iaxc_lock(); iaxc_dump_one_call(callNo); @@ -1558,7 +1560,7 @@ EXPORT void iaxc_reject_call_number( int callNo ) { - if ( ( callNo >= 0 ) && ( callNo < max_calls ) ) + if ( callNo >= 0 && callNo < max_calls ) { get_iaxc_lock(); iax_reject(calls[callNo].session, "Call rejected manually."); @@ -1591,13 +1593,13 @@ EXPORT void iaxc_send_text_call(int callNo, const char * text) { - if ( callNo < 0 || !(calls[callNo].state & IAXC_CALL_STATE_ACTIVE) ) - return; - - get_iaxc_lock(); - if ( calls[callNo].state & IAXC_CALL_STATE_ACTIVE ) - iax_send_text(calls[callNo].session, text); - put_iaxc_lock(); + if ( callNo >= 0 && callNo < max_calls ) + { + get_iaxc_lock(); + if ( calls[callNo].state & IAXC_CALL_STATE_ACTIVE ) + iax_send_text(calls[callNo].session, text); + put_iaxc_lock(); + } } EXPORT void iaxc_send_url(const char * url, int link) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |