[asterisk-commits] russell: branch 1.2 r61786 - /branches/1.2/manager.c

asterisk-commits at lists.digium.com asterisk-commits at lists.digium.com
Tue Apr 24 14:33:59 MST 2007


Author: russell
Date: Tue Apr 24 16:33:59 2007
New Revision: 61786

URL: http://svn.digium.com/view/asterisk?view=rev&rev=61786
Log:
Don't crash if a manager connection provides a username that exists in
manager.conf but does not have a password, and also requests MD5 
authentication. (ASA-2007-012)

Modified:
    branches/1.2/manager.c

Modified: branches/1.2/manager.c
URL: http://svn.digium.com/view/asterisk/branches/1.2/manager.c?view=diff&rev=61786&r1=61785&r2=61786
==============================================================================
--- branches/1.2/manager.c (original)
+++ branches/1.2/manager.c Tue Apr 24 16:33:59 2007
@@ -533,7 +533,8 @@
 				} else if (ha)
 					ast_free_ha(ha);
 				if (!strcasecmp(authtype, "MD5")) {
-					if (!ast_strlen_zero(key) && s->challenge) {
+					if (!ast_strlen_zero(key) && 
+					    !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) {
 						int x;
 						int len=0;
 						char md5key[256] = "";



More information about the asterisk-commits mailing list