[asterisk-bugs] [JIRA] (ASTERISK-30213) Make crypto_load() reentrant and handle symlinks correctly
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Mon Oct 10 10:11:09 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=260416#comment-260416 ]
Friendly Automation commented on ASTERISK-30213:
------------------------------------------------
Change 19396 merged by George Joseph:
res_crypto: use ast_file_read_dirs() to iterate
[https://gerrit.asterisk.org/c/asterisk/+/19396|https://gerrit.asterisk.org/c/asterisk/+/19396]
> Make crypto_load() reentrant and handle symlinks correctly
> ----------------------------------------------------------
>
> Key: ASTERISK-30213
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30213
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_crypto
> Affects Versions: 20.0.0, 19.6.0, 16.28.0, 18.14.0
> Reporter: Philip Prindeville
> Assignee: Philip Prindeville
> Severity: Major
>
> Currently readdir() is called in crypto_load() directly, rather than with the locking protection of ast_file_read_dirs().
> Also, when a symlink is discovered, we should check the ownership of its parent directories for being owned by the running uid or by root. Lastly, the key file itself should not have other read/write permissions set.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list