This patch fixes several issues reported by the lgtm code analysis tool:

https://lgtm.com/projects/g/asterisk/asterisk

Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:

* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards

Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25

There is enough MWI functionality to warrant it having its own 'c' and header
files. This patch moves all current core MWI data structures, and functions
into the following files:

main/mwi.h
main/mwi.c

Note, code was simply moved, and not modified. However, this patch is also in
preparation for core MWI changes, and additions to come.

Change-Id: I9dde8bfae1e7ec254fa63166e090f77e4d3097e0

This fixes build warnings found by GCC 8.  In some cases format
truncation is intentional so the warning is just suppressed.

ASTERISK-27824 #close

Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84

Checking option_debug directly is incorrect as it ignores file/module
specific debug settings.  This system-wide change replaces nearly all
direct checks for option_debug with the DEBUG_ATLEAST macro.

Change-Id: Ic342d4799a945dbc40ac085ac142681094a4ebf0

Change-Id: I873c1c6d00f447269bd841494459efccdd2c19c0

Fix instances of:
* Retreive
* Recieve
* other then
* different then
* Repeated words ("the the", "an an", "and and", etc).
* othterwise, teh

ASTERISK-24198 #close

Change-Id: I3809a9c113b92fd9d0d9f9bac98e9c66dc8b2d31

Declare 'res' initialized to -1 to deal with earlier error paths that
could cause 'res' to be returned uninitialized.

Change-Id: I8ac2a5755bf4174d89ef893e924c940f702b104e

An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received.  The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.

* Add ast_safe_execvp() function.  This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding.  This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.

* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.

* Document code injection potential from untrusted data sources for other
shell commands that are under user control.

ASTERISK-27103

Change-Id: I7552472247a84cde24e1358aaf64af160107aef1

mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.

In the case of app_minivm, we also now properly clean up any temporary
files that we create.

ASTERISK-20858 #close
Reported by: Walter Doekes

Change-Id: I30ad04f0e115f0b11693ff678ba5184d8b938e43

GCC 7 has added capability to produce warnings, this fixes most of those
warnings.  The specific warnings are disabled in a few places:

* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().

ASTERISK-27156 #close

Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88

Cleaned up some of the incorrect uses of fread() and fwrite(), mostly in
the format modules. Neither of these functions will ever return a value
less than 0, which we were checking for in some cases.

I've introduced a fair amount of duplication in the format modules, but
I plan to change how format modules work internally in a subsequent
patch set, so this is simply a stop-gap.

Change-Id: I8ca1cd47c20b2c0b72088bd13b9046f6977aa872

* app_minivm: Use built-in completion facilities to complete optional
arguments.

* app_voicemail: Use built-in completion facilities to complete
optional arguments.

* app_confbridge: Add missing colons after 'Usage' text.

* chan_alsa: Use built-in completion facilities to complete optional
arguments.

* chan_sip: Use built-in completion facilities to complete optional
arguments. Add completions for 'load' for 'sip show user', 'sip show
peer', and 'sip qualify peer.'

* chan_skinny: Correct and extend completions for 'skinny reset' and
'skinny show line.'

* func_odbc: Correct completions for 'odbc read' and 'odbc write'

* main/astmm: Use built-in completion facilities to complete arguments
for 'memory' commands.

* main/bridge: Correct completions for 'bridge kick.'

* main/ccss: Use built-in completion facilities to complete arguments
for 'cc cancel' command.

* main/cli: Add 'all' completion for 'channel request hangup.' Correct
completions for 'core set debug channel.' Correct completions for 'core
show calls.'

* main/pbx_app: Remove redundant completions for 'core show
applications.'

* main/pbx_hangup_handler: Remove unused completions for 'core show
hanguphandlers all.'

* res_sorcery_memory_cache: Add completion for 'reload' argument of
'sorcery memory cache stale' and properly implement.

Change-Id: Iee58c7392f6fec34ad9d596109117af87697bbca

ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes
all traces of it.

Previously exported symbols removed:
* __ast_register_file
* __ast_unregister_file
* ast_complete_source_filename

This also removes the mtx_prof static variable that was declared when
MTX_PROFILE was enabled.  This variable was only used in lock.c so it
is now initialized in that file only.

ASTERISK-26480 #close

Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966

Change-Id: I082b239022fac462666e52a14a44304748908dc0

Fix some warnings found with clang.

Change-Id: I5195b6189b148c2ee3ed4a19d015a6d4ef3e77bd

Change-Id: Icf88f9f861c6b2a16e5f626ff25795218a6f2723

Git does not support the ability to replace a token with a version
string during check-in. While it does have support for replacing a
token on clone, this is somewhat sub-optimal: the token is replaced
with the object hash, which is not particularly easy for human
consumption. What's more, in practice, the source file version was often
not terribly useful. Generally, when triaging bugs, the overall version
of Asterisk is far more useful than an individual SVN version of a file. As a
result, this patch removes Asterisk's support for showing source file
versions.

Specifically, it does the following:

* Rename ASTERISK_FILE_VERSION macro to ASTERISK_REGISTER_FILE, and
  remove passing the version in with the macro. Other facilities
  than 'core show file version' make use of the file names, such as
  setting a debug level only on a specific file. As such, the act of
  registering source files with the Asterisk core still has use. The
  macro rename now reflects the new macro purpose.

* main/asterisk:
  - Refactor the file_version structure to reflect that it no longer
    tracks a version field.
  - Remove the "core show file version" CLI command. Without the file
    version, it is no longer useful.
  - Remove the ast_file_version_find function. The file version is no
    longer tracked.
  - Rename ast_register_file_version/ast_unregister_file_version to
    ast_register_file/ast_unregister_file, respectively.

* main/manager: Remove value from the Version key of the ModuleCheck
  Action. The actual key itself has not been removed, as doing so would
  absolutely constitute a backwards incompatible change. However, since
  the file version is no longer tracked, there is no need to attempt to
  include it in the Version key.

* UPGRADE: Add notes for:
  - Modification to the ModuleCheck AMI Action
  - Removal of the "core show file version" CLI command

Change-Id: I6cf0ff280e1668bf4957dc21f32a5ff43444a40e

This patch fixes several warnings pointed out by the clang compiler.
* chan_pjsip: Removed check for data->text, as it will always be non-NULL.
* app_minivm: Fixed evaluation of etemplate->locale, which will always
  evaluate to 'true'. This patch changes the evaluation to use
  ast_strlen_zero.
* app_queue:
  - Fixed evaluation of qe->parent->monfmt, which always evaluates to
    true. Instead, we just check to see if the dereferenced pointer
    evaluates to true.
  - Fixed evaluation of mem->state_interface, wrapping it with a call to
    ast_strlen_zero.
* res_smdi: Wrapped search_msg->mesg_desk_term with calls to ast_strlen_zero.

Review: https://reviewboard.asterisk.org/r/4541

ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4541.patch submitted by dkdegroot (License 6600)
........

Merged revisions 434285 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 434286 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@434287 65c4cc65-6c06-0410-ace0-fbb531ad65f3

........

Merged revisions 430996 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 430998 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431000 65c4cc65-6c06-0410-ace0-fbb531ad65f3

ASTERISK-23919 #close
Reported by Malcolm Davenport

Review: https://reviewboard.asterisk.org/r/3802



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@419592 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This resolves a large number of compiler warnings from GCC 4.10 which
cause the build to fail under dev mode. The vast majority are
signed/unsigned mismatches in printf-style format strings.
........

Merged revisions 413586 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 413587 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 413588 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413589 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch implements the controls from ARI recordings. The controls
are:

 * DELETE /recordings/live/{recordingName} - stop recording and
   discard it
 * POST /recordings/live/{recordingName}/stop - stop recording
 * POST /recordings/live/{recordingName}/pause - pause recording
 * POST /recordings/live/{recordingName}/unpause - resume recording
 * POST /recordings/live/{recordingName}/mute - mute recording (record
   silence to the file)
 * POST /recordings/live/{recordingName}/unmute - unmute recording.

Since this underlying functionality did not already exist, is was
added to app.c by a set of control frames, similar to how playback
control works. The pause/mute control frames are toggles, even though
the ARI controls are idempotent, to be consistent with the playback
control frames.

(closes issue ASTERISK-22181)
Review: https://reviewboard.asterisk.org/r/2697/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@396331 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This prevents XML documentation duplication by expanding channel and
bridge snapshot tags into channel and bridge snapshot parameter sets
with a given prefix or defaulting to no prefix. This also prevents
documentation from becoming fractured and out of date by keeping all
variations of the documentation in template form such that it only
needs to be updated once and keeps maintenance to a minimum.

Review: https://reviewboard.asterisk.org/r/2708/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@395985 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch is the first step in adding recording support to the
Asterisk REST Interface.

Recordings are stored in /var/spool/recording. Since recordings may be
destructive (overwriting existing files), the API rejects attempts to
escape the recording directory (avoiding issues if someone attempts to
record to ../../lib/sounds/greeting, for example).

(closes issue ASTERISK-21594)
(closes issue ASTERISK-21581)
Review: https://reviewboard.asterisk.org/r/2612/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393550 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch moves a number of AMI events over to the Stasis-Core message bus.
This includes:
 * ChanSpyStart/Stop
 * MonitorStart/Stop
 * MusicOnHoldStart/Stop
 * FullyBooted/Reload
 * All Voicemail/MWI related events

In addition, it adds some Stasis-Core and AMI support for generic AMI messages,
refactors the message router in AMI to use a single router with topic
forwarding for the topics that AMI cares about, and refactors MWI message
types and topics to be more name compliant.

Review: https://reviewboard.asterisk.org/r/2532

(closes issue ASTERISK-21462)



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@389733 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Remove MWI's dependency on the event system by moving it to
Stasis-core. This also introduces forwarding topic pools in Stasis-core
which aggregate many dynamically allocated topics into a single primary
topic.

Review: https://reviewboard.asterisk.org/r/2368/
(closes issue ASTERISK-21097)
Patch-by: Kinsey Moore


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383284 65c4cc65-6c06-0410-ace0-fbb531ad65f3

An incorrect string initializations was left in ast_str_encode_mime from the
patch that converted string manipulations to use ast_str strings (r191140).
The string initialization causes a crash when ast_str_set is called on
the string later on in the function.

(closes issue ASTERISK-18697)
Reported by: Chris Boot
patches:
  minivm-null-pointer-dereference-fix.patch uploaded by bootc (license 6309)

(issue ASTERISK-20854)
Reported by: Chris Warr
Tested by: Chris Warr
........

Merged revisions 379608 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 379609 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@379612 65c4cc65-6c06-0410-ace0-fbb531ad65f3

* Whitespace, doc-blocks, spelling, case, missing and incorrect tags.
* Add cleanup to Makefile for the Doxygen configuration update
* Start updating Doxygen configuration for cleaner output
* Enable inclusion of configuration files into documentation
* remove mantisworkflow...
* update documentation README
* Add markup to Tilghman's email and talk with him about updating his email, he knows...
* no code changes on this commit other than the mentioned Makefile change

(issue ASTERISK-20259)


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373384 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The previous commit (r372554) was from a patch that was written before
r366880, which ensured that ast_str objects allocated in the sendmail
routine were free'd in off nominal paths.  This commit frees the
string objects in the off nominal path introduced in r372554.

(issue ASTERISK-17133)
Reported by: Tzafrir Cohen
........

Merged revisions 372581 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 372582 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 372583 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372584 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When MiniVM sends an e-mail and it has the volgain option set, it will spawn
sox in a separate process to handle the manipulation of the sound file.  In
doing so, it creates a temporary file.  There are two problems here:
  1) The file descriptor returned from mkstemp is leaked
  2) The finalfilename character pointer points to a buffer that loses scope
     once volgain processing is finished.

Note that in r316265, Russell fixed some gcc warnings by using the return
value of the mkstemp call.  A warning was placed in minivm that the file
descriptor was going to be leaked.  This patch reverts that change, as it
handles the leak and 'uses' the file descriptor returned from mkstemp.

(closes issue ASTERISK-17133)
Reported by: Tzafrir Cohen
patches:
  minivm_18501_demo.diff uploaded by Tzafrir Cohen (license #5035)
........

Merged revisions 372554 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 372555 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 372556 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372557 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This replaces all calls to alloca() with ast_alloca() which calls gcc's
__builtin_alloca() to avoid BSD semantics and removes all NULL checks
on memory allocated via ast_alloca() and ast_strdupa().

(closes issue ASTERISK-20125)
Review: https://reviewboard.asterisk.org/r/2032/
Patch-by: Walter Doekes (wdoekes)
........

Merged revisions 370642 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 370643 from http://svn.asterisk.org/svn/asterisk/branches/10


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370655 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch addresses a number of memory leaks in a variety of modules that were
found by a static analysis tool.  A brief summary of the changes:

* app_minivm:       free ast_str objects on off nominal paths
* app_page:         free the ast_dial object if the requested channel technology
                    cannot be appended to the dialing structure
* app_queue:        if a penalty rule failed to match any existing rule list
                    names, the created rule would not be inserted and its memory
                    would be leaked
* app_read:         dispose of the created silence detector in the presence of
                    off nominal circumstances
* app_voicemail:    dispose of an allocated unique ID field for MWI event
                    un-subscribe requests in off nominal paths; dispose of
                    configuration objects when using the secret.conf option
* chan_dahdi:       dispose of the allocated frame produced by ast_dsp_process
* chan_iax2:        properly unref peer in CLI command "iax2 unregister"
* chan_sip:         dispose of the allocated frame produced by sip_rtp_read's
                    call of ast_dsp_process; free memory in parse unit tests
* func_dialgroup:   properly deref ao2 object grhead in nominal path of
                    dialgroup_read
* func_odbc:        free resultset in off nominal paths of odbc_read
* cli:              free match_list in off nominal paths of CLI match completion
* config:           free comment_buffer/list_buffer when configuration file load
                    is unchanged; free the same buffers any time they were
                    created and config files were processed
* data:             free XML nodes in various places
* enum:             free context buffer in off nominal paths
* features:         free ast_call_feature in off nominal paths of applicationmap
                    config processing
* netsock2:         users of ast_sockaddr_resolve pass in an ast_sockaddr struct
                    that is allocated by the method.  Failures in
                    ast_sockaddr_resolve could result in the users of the method
                    not knowing whether or not the buffer was allocated.  The
                    method will now not allocate the ast_sockaddr struct if it
                    will return failure.
* pbx:              cleanup hash table traversals in off nominal paths; free
                    ignore pattern buffer if it already exists for the specified
                    context
* xmldoc:           cleanup various nodes when we no longer need them
* main/editline:    various cleanup of pointers not being freed before being
                    assigned to other memory, cleanup along off nominal paths
* menuselect/mxml:  cleanup of value buffer for an attribute when that attribute
                    did not specify a value
* res_calendar*:    responses are allocated via the various *_request method
                    returns and should not be allocated in the various
                    write_event methods; ensure attendee buffer is freed if no
                    data exists in the parsed node; ensure that calendar objects
                    are de-ref'd appropriately
* res_jabber:       free buffer in off nominal path
* res_musiconhold:  close the DIR* object in off nominal paths
* res_rtp_asterisk: if we run out of ports, close the rtp socket object and free
                    the rtp object
* res_srtp:         if we fail to create the session in libsrtp, destroy the
                    temporary ast_srtp object

(issue ASTERISK-19665)
Reported by: Matt Jordan

Review: https://reviewboard.asterisk.org/r/1922
........

Merged revisions 366880 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 366881 from http://svn.asterisk.org/svn/asterisk/branches/10


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@366917 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The warnings were about argv[0] being used uninitialized, which is correct.
Just remove setting username to this value, since username is set again before
it actually gets used.


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@364438 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Patch by: junky
Review: https://reviewboard.asterisk.org/r/1743/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362307 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Review: https://reviewboard.asterisk.org/r/1773/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@357542 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Review: https://reviewboard.asterisk.org/r/1753/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@356042 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Review: https://reviewboard.asterisk.org/r/1733/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@354968 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Patch by: Clod Patry
Review: https://reviewboard.asterisk.org/r/1651


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@354429 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Continue channel opaque-ification by wrapping all of the stringfields.
Eventually, we will restrict what can actually set these variables, but
the purpose for now is to hide the implementation and keep people from
adding code that directly accesses the channel structure. Semantic
changes will follow afterward.

Review: https://reviewboard.asterisk.org/r/1661/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@352348 65c4cc65-6c06-0410-ace0-fbb531ad65f3

There are many benefits to making the ast_channel an opaque handle, from
increasing maintainability to presenting ways to kill masquerades. This patch
kicks things off by taking things a field at a time, renaming the field to
'__do_not_use_${fieldname}' and then writing setters/getters and converting the
existing code to using them. When all fields are done, we can move ast_channel
to a C file from channel.h and lop off the '__do_not_use_'.

This patch sets up main/channel_interal_api.c to be the only file that actually
accesses the ast_channel's fields directly. The intent would be for any API
functions in channel.c to use the accessor functions. No more monkeying around
with channel internals. We should use our own APIs.

The interesting changes in this patch are the addition of
channel_internal_api.c, the moving of the AST_DATA stuff from channel.c to
channel_internal_api.c (note: the AST_DATA stuff will have to be reworked to
use accessor functions when ast_channel is really opaque), and some re-working
of the way channel iterators/callbacks are handled so as to avoid creating fake
ast_channels on the stack to pass in matching data by directly accessing fields
(since "name" is a stringfield and the fake channel doesn't init the
stringfields, you can't use the ast_channel_name_set() function). I went with
ast_channel_name(chan) for a getter, and ast_channel_name_set(chan, name) for a
setter.

The majority of the grunt-work for this change was done by writing a semantic
patch using Coccinelle ( http://coccinelle.lip6.fr/ ).

Review: https://reviewboard.asterisk.org/r/1655/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@350223 65c4cc65-6c06-0410-ace0-fbb531ad65f3