[asterisk-commits] bebuild: tag 1.6.2.24 r363207 - in /tags/1.6.2.24: ./ channels/ contrib/realt...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Apr 23 10:41:49 CDT 2012
Author: bebuild
Date: Mon Apr 23 10:41:46 2012
New Revision: 363207
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=363207
Log:
Merge r363100, r363117 for 1.6.2.24
Modified:
tags/1.6.2.24/ (props changed)
tags/1.6.2.24/.version
tags/1.6.2.24/ChangeLog
tags/1.6.2.24/channels/chan_skinny.c
tags/1.6.2.24/contrib/realtime/mysql/iaxfriends.sql (props changed)
tags/1.6.2.24/contrib/realtime/mysql/meetme.sql (props changed)
tags/1.6.2.24/contrib/realtime/mysql/sipfriends.sql (props changed)
tags/1.6.2.24/contrib/realtime/mysql/voicemail.sql (props changed)
tags/1.6.2.24/contrib/realtime/postgresql/realtime.sql (props changed)
tags/1.6.2.24/main/manager.c
tags/1.6.2.24/sounds/Makefile (props changed)
Propchange: tags/1.6.2.24/
------------------------------------------------------------------------------
svn:mergeinfo = /branches/1.6.2:363100,363117
Modified: tags/1.6.2.24/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/.version?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/.version (original)
+++ tags/1.6.2.24/.version Mon Apr 23 10:41:46 2012
@@ -1,1 +1,1 @@
-1.6.2.23
+1.6.2.24
Modified: tags/1.6.2.24/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/ChangeLog?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/ChangeLog (original)
+++ tags/1.6.2.24/ChangeLog Mon Apr 23 10:41:46 2012
@@ -1,3 +1,11 @@
+2012-04-23 Asterisk Development Team <asteriskteam at digium.com>
+
+ * Asterisk 1.6.2.24 Released.
+
+ * AST-2012-004
+
+ * AST-2012-005
+
2012-03-15 Asterisk Development Team <asteriskteam at digium.com>
* Asterisk 1.6.2.23 Released.
Modified: tags/1.6.2.24/channels/chan_skinny.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/channels/chan_skinny.c?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/channels/chan_skinny.c (original)
+++ tags/1.6.2.24/channels/chan_skinny.c Mon Apr 23 10:41:46 2012
@@ -6072,6 +6072,7 @@
static int handle_message(struct skinny_req *req, struct skinnysession *s)
{
int res = 0;
+ size_t len;
if ((!s->device) && (letohl(req->e) != REGISTER_MESSAGE && letohl(req->e) != ALARM_MESSAGE)) {
ast_log(LOG_WARNING, "Client sent message #%d without first registering.\n", req->e);
@@ -6137,8 +6138,13 @@
ast_log(LOG_WARNING, "Unsupported digit %d\n", digit);
}
- d->exten[strlen(d->exten)] = dgt;
- d->exten[strlen(d->exten)+1] = '\0';
+ len = strlen(d->exten);
+ if (len < sizeof(d->exten) - 1) {
+ d->exten[len] = dgt;
+ d->exten[len + 1] = '\0';
+ } else {
+ ast_log(AST_LOG_WARNING, "Dropping digit with value %d because digit queue is full\n", dgt);
+ }
} else
res = handle_keypad_button_message(req, s);
}
Propchange: tags/1.6.2.24/contrib/realtime/mysql/iaxfriends.sql
('svn:mergeinfo' removed)
Propchange: tags/1.6.2.24/contrib/realtime/mysql/meetme.sql
('svn:mergeinfo' removed)
Propchange: tags/1.6.2.24/contrib/realtime/mysql/sipfriends.sql
('svn:mergeinfo' removed)
Propchange: tags/1.6.2.24/contrib/realtime/mysql/voicemail.sql
('svn:mergeinfo' removed)
Propchange: tags/1.6.2.24/contrib/realtime/postgresql/realtime.sql
('svn:mergeinfo' removed)
Modified: tags/1.6.2.24/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/main/manager.c?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/main/manager.c (original)
+++ tags/1.6.2.24/main/manager.c Mon Apr 23 10:41:46 2012
@@ -415,6 +415,19 @@
{ 0, "none" },
};
+/*! \brief Checks to see if a string which can be used to evaluate functions should be rejected */
+static int check_user_can_execute_function(const char *evaluating, int writepermlist)
+{
+ if (!(writepermlist & EVENT_FLAG_SYSTEM)
+ && (
+ strstr(evaluating, "SHELL") || /* NoOp(${SHELL(rm -rf /)}) */
+ strstr(evaluating, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+ )) {
+ return 0;
+ }
+ return 1;
+}
+
/*! \brief Convert authority code to a list of options */
static char *authority_to_str(int authority, struct ast_str **res)
{
@@ -1918,6 +1931,12 @@
return 0;
}
+ /* We don't want users with insufficient permissions using certain functions. */
+ if (!(check_user_can_execute_function(varname, s->session->writeperm))) {
+ astman_send_error(s, m, "GetVar Access Forbidden: Variable");
+ return 0;
+ }
+
if (!ast_strlen_zero(name)) {
c = ast_get_channel_by_name_locked(name);
if (!c) {
@@ -1984,6 +2003,11 @@
snprintf(idText, sizeof(idText), "ActionID: %s\r\n", id);
else
idText[0] = '\0';
+
+ if (!(check_user_can_execute_function(variables, s->session->writeperm))) {
+ astman_send_error(s, m, "Status Access Forbidden: Variables");
+ return 0;
+ }
if (all)
c = ast_channel_walk_locked(NULL);
@@ -2567,6 +2591,24 @@
}
}
} else if (!ast_strlen_zero(app)) {
+ int bad_appdata = 0;
+ /* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
+ if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
+ && (
+ strcasestr(app, "system") || /* System(rm -rf /)
+ TrySystem(rm -rf /) */
+ strcasestr(app, "exec") || /* Exec(System(rm -rf /))
+ TryExec(System(rm -rf /)) */
+ strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /)
+ EAGI(/bin/rm,-rf /) */
+ (strstr(appdata, "SHELL") && (bad_appdata = 1)) || /* NoOp(${SHELL(rm -rf /)}) */
+ (strstr(appdata, "EVAL") && (bad_appdata = 1)) /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+ )) {
+ char error_buf[64];
+ snprintf(error_buf, sizeof(error_buf), "Originate Access Forbidden: %s", bad_appdata ? "Data" : "Application");
+ astman_send_error(s, m, error_buf);
+ return 0;
+ }
res = ast_pbx_outgoing_app(tech, format, data, to, app, appdata, &reason, 1, l, n, vars, account, NULL);
} else {
if (exten && context && pi)
Propchange: tags/1.6.2.24/sounds/Makefile
('svn:mergeinfo' removed)
More information about the asterisk-commits
mailing list