[Asterisk-code-review] manager: fix digest auth for ami/http mechanisms. (asterisk[master])

Jaco Kroon asteriskteam at digium.com
Mon May 7 08:20:21 CDT 2018 

Jaco Kroon has uploaded this change for review. ( https://gerrit.asterisk.org/8933


Change subject: manager: fix digest auth for ami/http mechanisms.
......................................................................

manager: fix digest auth for ami/http mechanisms.

ASTERISK-27841

Change-Id: I8bc5d148fd1ee6687a0f6680635ad16e34c5f01a
---
M main/manager.c
1 file changed, 20 insertions(+), 10 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/33/8933/1

diff --git a/main/manager.c b/main/manager.c
index 577c7f9..f7cbdfe 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -8006,22 +8006,32 @@
 
 	/* compute the expected response to compare with what we received */
 	{
-		char a2[256];
+		char *a2;
 		char a2_hash[256];
 		char resp[256];
+		int a2len;
 
 		/* XXX Now request method are hardcoded in A2 */
-		snprintf(a2, sizeof(a2), "%s:%s", ast_get_http_method(method), d.uri);
-		ast_md5_hash(a2_hash, a2);
+		a2len = snprintf(NULL, 0, "%s:%s", ast_get_http_method(method), d.uri);
+		if (a2len < 0) {
+			*resp_hash = 0;
+			ast_log(LOG_ERROR, "Failed to compute alloc length for manager digest auth calculation for %s:%s.\n", ast_get_http_method(method), d.uri);
+		} else {
+			a2 = alloca(a2len + 1);
+			snprintf(a2, a2len + 1, "%s:%s", ast_get_http_method(method), d.uri);
+			ast_md5_hash(a2_hash, a2);
 
-		if (d.qop) {
-			/* RFC 2617 */
-			snprintf(resp, sizeof(resp), "%s:%08lx:%s:%s:auth:%s", user->a1_hash, nonce, d.nc, d.cnonce, a2_hash);
-		}  else {
-			/* RFC 2069 */
-			snprintf(resp, sizeof(resp), "%s:%08lx:%s", user->a1_hash, nonce, a2_hash);
+			if (d.qop) {
+				/* RFC 2617 */
+				if (snprintf(resp, sizeof(resp), "%s:%08lx:%s:%s:auth:%s", user->a1_hash, nonce, d.nc, d.cnonce, a2_hash) >= sizeof(resp))
+					ast_log(LOG_ERROR, "snprintf overflow issue for RFC 2167 handling in digest auth.\n");
+			}  else {
+				/* RFC 2069 */
+				if (snprintf(resp, sizeof(resp), "%s:%08lx:%s", user->a1_hash, nonce, a2_hash) >= sizeof(resp))
+					ast_log(LOG_ERROR, "snprintf overflow issue for RFC 2069 handling in digest auth.\n");
+			}
+			ast_md5_hash(resp_hash, resp);
 		}
-		ast_md5_hash(resp_hash, resp);
 	}
 
 	if (strncasecmp(d.response, resp_hash, strlen(resp_hash))) {

-- 
To view, visit https://gerrit.asterisk.org/8933
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8bc5d148fd1ee6687a0f6680635ad16e34c5f01a
Gerrit-Change-Number: 8933
Gerrit-PatchSet: 1
Gerrit-Owner: Jaco Kroon <jaco at uls.co.za>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180507/fe1824db/attachment.html>

More information about the asterisk-code-review mailing list