<p>Jenkins2 <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/7954">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Joshua Colp: Looks good to me, but someone else must approve
Matthew Fredrickson: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved
Jenkins2: Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_stasis_recording: Allow symbolic links in configured recordings dir.<br><br>If any component of ast_config_AST_RECORDING_DIR is a symbolic link we<br>would incorrectly assume the ARI user was trying to escape the recording<br>path. Create additional check to check the recording directory's<br>realpath, only deny access if both do not match.<br><br>This is needed by the testsuite when run by 'run-local'.<br><br>Change-Id: I9145e841865edadcb5f75cead3471ad06bbb56c0<br>---<br>M res/stasis_recording/stored.c<br>1 file changed, 18 insertions(+), 7 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/res/stasis_recording/stored.c b/res/stasis_recording/stored.c<br>index 9df5d75..ac216ff 100644<br>--- a/res/stasis_recording/stored.c<br>+++ b/res/stasis_recording/stored.c<br>@@ -330,6 +330,7 @@<br> RAII_VAR(char *, file_with_ext, NULL, ast_free);<br> int res;<br> struct stat file_stat;<br>+ int prefix_len = strlen(ast_config_AST_RECORDING_DIR);<br> <br> errno = 0;<br> <br>@@ -350,18 +351,28 @@<br> ast_string_field_build(recording, file, "%s/%s", dir, file);<br> <br> if (!ast_begins_with(dir, ast_config_AST_RECORDING_DIR)) {<br>- /* Attempt to escape the recording directory */<br>- ast_log(LOG_WARNING, "Attempt to access invalid recording %s\n",<br>- name);<br>- errno = EACCES;<br>- return NULL;<br>+ /* It's possible that one or more component of the recording path is<br>+ * a symbolic link, this would prevent dir from ever matching. */<br>+ char *real_basedir = realpath(ast_config_AST_RECORDING_DIR, NULL);<br>+<br>+ if (!real_basedir || !ast_begins_with(dir, real_basedir)) {<br>+ /* Attempt to escape the recording directory */<br>+ ast_log(LOG_WARNING, "Attempt to access invalid recording directory %s\n",<br>+ dir);<br>+ ast_std_free(real_basedir);<br>+ errno = EACCES;<br>+<br>+ return NULL;<br>+ }<br>+<br>+ prefix_len = strlen(real_basedir);<br>+ ast_std_free(real_basedir);<br> }<br> <br> /* The actual name of the recording is file with the config dir<br> * prefix removed.<br> */<br>- ast_string_field_set(recording, name,<br>- recording->file + strlen(ast_config_AST_RECORDING_DIR) + 1);<br>+ ast_string_field_set(recording, name, recording->file + prefix_len + 1);<br> <br> file_with_ext = find_recording(dir, file);<br> if (!file_with_ext) {<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7954">change 7954</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7954"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I9145e841865edadcb5f75cead3471ad06bbb56c0 </div>
<div style="display:none"> Gerrit-Change-Number: 7954 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Corey Farrell <git@cfware.com> </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins2 </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Matthew Fredrickson <creslin@digium.com> </div>