From 8f15bfbb0fd17bad62098bcc3435bdd304310772 Mon Sep 17 00:00:00 2001
From: Sebastian Kemper <sebastian_ml@gmx.net>
Date: Sun, 7 Mar 2021 11:07:20 +0100
Subject: [PATCH] asterisk-16.x: add patch for AST-2021-001

180-AST-2019-007-16.diff refreshed.

Upstream patch for AST-2021-001 added. This patch is mainly for
res_pjsip_diversion, but the part that is patched there was added later
("res_pjsip_diversion: implement support for History-Info"), so asterisk
16.3.0 is not affected. Hence the res_pjsip_diversion part was removed
from the patch. The patch resolves similar overflow situations in
res_pjsip_path and res_pjsip_outbound_registration, so these were kept.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
---
 net/asterisk-16.x/Makefile                    |  2 +-
 .../patches/180-AST-2019-007-16.diff          |  7 +-
 .../patches/210-AST-2021-001-16.diff          | 87 +++++++++++++++++++
 3 files changed, 89 insertions(+), 7 deletions(-)
 create mode 100644 net/asterisk-16.x/patches/210-AST-2021-001-16.diff

diff --git a/net/asterisk-16.x/Makefile b/net/asterisk-16.x/Makefile
index 7ff382a..bd3ad12 100644
--- a/net/asterisk-16.x/Makefile
+++ b/net/asterisk-16.x/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 AST_MAJOR_VERSION:=16
 PKG_NAME:=asterisk$(AST_MAJOR_VERSION)
 PKG_VERSION:=$(AST_MAJOR_VERSION).3.0
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 
 PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://downloads.asterisk.org/pub/telephony/asterisk/releases
diff --git a/net/asterisk-16.x/patches/180-AST-2019-007-16.diff b/net/asterisk-16.x/patches/180-AST-2019-007-16.diff
index 0f187c1..3ae5553 100644
--- a/net/asterisk-16.x/patches/180-AST-2019-007-16.diff
+++ b/net/asterisk-16.x/patches/180-AST-2019-007-16.diff
@@ -21,9 +21,6 @@ Reported by: Eliel SardaÃ±ons
 Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
 ---
 
-diff --git a/doc/UPGRADE-staging/AMI-Originate.txt b/doc/UPGRADE-staging/AMI-Originate.txt
-new file mode 100644
-index 0000000..f2d3133
 --- /dev/null
 +++ b/doc/UPGRADE-staging/AMI-Originate.txt
 @@ -0,0 +1,5 @@
@@ -32,11 +29,9 @@ index 0000000..f2d3133
 +The AMI Originate action, which optionally takes a dialplan application as
 +an argument, no longer accepts "Originate" as the application due to
 +security concerns.
-diff --git a/main/manager.c b/main/manager.c
-index f138801..1963151 100644
 --- a/main/manager.c
 +++ b/main/manager.c
-@@ -5744,6 +5744,7 @@
+@@ -5697,6 +5697,7 @@ static int action_originate(struct manse
  				                                     EAGI(/bin/rm,-rf /)       */
  				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
  				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
diff --git a/net/asterisk-16.x/patches/210-AST-2021-001-16.diff b/net/asterisk-16.x/patches/210-AST-2021-001-16.diff
new file mode 100644
index 0000000..9bb13d3
--- /dev/null
+++ b/net/asterisk-16.x/patches/210-AST-2021-001-16.diff
@@ -0,0 +1,87 @@
+From 757b7f8d7cfee4f541e8d7586e2408556a74201d Mon Sep 17 00:00:00 2001
+From: Ivan Poddubnyi <ivan.poddubny@gmail.com>
+Date: Mon, 28 Dec 2020 13:43:23 +0100
+Subject: [PATCH] res_pjsip_diversion: Fix adding more than one histinfo to
+ Supported
+
+New responses sent within a PJSIP sessions are based on those that were
+sent before. Therefore, adding/modifying a header once causes it to be
+sent on all responses that follow.
+
+Sending 181 Call Is Being Forwarded many times first adds "histinfo"
+duplicated more and more, and eventually overflows past the array
+boundary.
+
+This commit adds a check preventing adding "histinfo" more than once,
+and skipping it if there is no more space in the header.
+
+Similar overflow situations can also occur in res_pjsip_path and
+res_pjsip_outbound_registration so those were also modified to
+check the bounds and suppress duplicate Supported values.
+
+ASTERISK-29227
+Reported by: Ivan Poddubny
+
+Change-Id: Id43704a1f1a0293e35cc7f844026f0b04f2ac322
+---
+ res/res_pjsip_diversion.c             | 14 ++++++++++++++
+ res/res_pjsip_outbound_registration.c | 12 ++++++++++++
+ res/res_pjsip_path.c                  | 12 ++++++++++++
+ 3 files changed, 38 insertions(+)
+
+--- a/res/res_pjsip_outbound_registration.c
++++ b/res/res_pjsip_outbound_registration.c
+@@ -580,6 +580,7 @@ static int handle_client_registration(vo
+ 
+ 	if (client_state->support_path) {
+ 		pjsip_supported_hdr *hdr;
++		int i;
+ 
+ 		hdr = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_SUPPORTED, NULL);
+ 		if (!hdr) {
+@@ -593,6 +594,17 @@ static int handle_client_registration(vo
+ 			pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *)hdr);
+ 		}
+ 
++		/* Don't add the value if it's already there */
++		for (i = 0; i < hdr->count; ++i) {
++			if (pj_stricmp(&hdr->values[i], &PATH_NAME) == 0) {
++				return 1;
++			}
++		}
++
++		if (hdr->count >= PJSIP_GENERIC_ARRAY_MAX_COUNT) {
++			return 0;
++		}
++
+ 		/* add on to the existing Supported header */
+ 		pj_strassign(&hdr->values[hdr->count++], &PATH_NAME);
+ 	}
+--- a/res/res_pjsip_path.c
++++ b/res/res_pjsip_path.c
+@@ -122,6 +122,7 @@ static int path_get_string(pj_pool_t *po
+ static int add_supported(pjsip_tx_data *tdata)
+ {
+ 	pjsip_supported_hdr *hdr;
++	int i;
+ 
+ 	hdr = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_SUPPORTED, NULL);
+ 	if (!hdr) {
+@@ -134,6 +135,17 @@ static int add_supported(pjsip_tx_data *
+ 		pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr *)hdr);
+ 	}
+ 
++	/* Don't add the value if it's already there */
++	for (i = 0; i < hdr->count; ++i) {
++		if (pj_stricmp(&hdr->values[i], &PATH_SUPPORTED_NAME) == 0) {
++			return 0;
++		}
++	}
++
++	if (hdr->count >= PJSIP_GENERIC_ARRAY_MAX_COUNT) {
++		return -1;
++	}
++
+ 	/* add on to the existing Supported header */
+ 	pj_strassign(&hdr->values[hdr->count++], &PATH_SUPPORTED_NAME);
+ 
-- 
2.30.2