[asterisk-commits] bebuild: tag 1.6.2.24 r363207 - in /tags/1.6.2.24: ./ channels/ contrib/realt...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Apr 23 10:41:49 CDT 2012


Author: bebuild
Date: Mon Apr 23 10:41:46 2012
New Revision: 363207

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=363207
Log:
Merge r363100, r363117 for 1.6.2.24

Modified:
    tags/1.6.2.24/   (props changed)
    tags/1.6.2.24/.version
    tags/1.6.2.24/ChangeLog
    tags/1.6.2.24/channels/chan_skinny.c
    tags/1.6.2.24/contrib/realtime/mysql/iaxfriends.sql   (props changed)
    tags/1.6.2.24/contrib/realtime/mysql/meetme.sql   (props changed)
    tags/1.6.2.24/contrib/realtime/mysql/sipfriends.sql   (props changed)
    tags/1.6.2.24/contrib/realtime/mysql/voicemail.sql   (props changed)
    tags/1.6.2.24/contrib/realtime/postgresql/realtime.sql   (props changed)
    tags/1.6.2.24/main/manager.c
    tags/1.6.2.24/sounds/Makefile   (props changed)

Propchange: tags/1.6.2.24/
------------------------------------------------------------------------------
    svn:mergeinfo = /branches/1.6.2:363100,363117

Modified: tags/1.6.2.24/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/.version?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/.version (original)
+++ tags/1.6.2.24/.version Mon Apr 23 10:41:46 2012
@@ -1,1 +1,1 @@
-1.6.2.23
+1.6.2.24

Modified: tags/1.6.2.24/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/ChangeLog?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/ChangeLog (original)
+++ tags/1.6.2.24/ChangeLog Mon Apr 23 10:41:46 2012
@@ -1,3 +1,11 @@
+2012-04-23  Asterisk Development Team <asteriskteam at digium.com>
+
+	* Asterisk 1.6.2.24 Released.
+
+	* AST-2012-004
+
+	* AST-2012-005
+
 2012-03-15  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Asterisk 1.6.2.23 Released.

Modified: tags/1.6.2.24/channels/chan_skinny.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/channels/chan_skinny.c?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/channels/chan_skinny.c (original)
+++ tags/1.6.2.24/channels/chan_skinny.c Mon Apr 23 10:41:46 2012
@@ -6072,6 +6072,7 @@
 static int handle_message(struct skinny_req *req, struct skinnysession *s)
 {
 	int res = 0;
+	size_t len;
 
 	if ((!s->device) && (letohl(req->e) != REGISTER_MESSAGE && letohl(req->e) != ALARM_MESSAGE)) {
 		ast_log(LOG_WARNING, "Client sent message #%d without first registering.\n", req->e);
@@ -6137,8 +6138,13 @@
 				ast_log(LOG_WARNING, "Unsupported digit %d\n", digit);
 			}
 
-			d->exten[strlen(d->exten)] = dgt;
-			d->exten[strlen(d->exten)+1] = '\0';
+			len = strlen(d->exten);
+			if (len < sizeof(d->exten) - 1) {
+				d->exten[len] = dgt;
+				d->exten[len + 1] = '\0';
+			} else {
+				ast_log(AST_LOG_WARNING, "Dropping digit with value %d because digit queue is full\n", dgt);
+			}
 		} else
 			res = handle_keypad_button_message(req, s);
 		}

Propchange: tags/1.6.2.24/contrib/realtime/mysql/iaxfriends.sql
            ('svn:mergeinfo' removed)

Propchange: tags/1.6.2.24/contrib/realtime/mysql/meetme.sql
            ('svn:mergeinfo' removed)

Propchange: tags/1.6.2.24/contrib/realtime/mysql/sipfriends.sql
            ('svn:mergeinfo' removed)

Propchange: tags/1.6.2.24/contrib/realtime/mysql/voicemail.sql
            ('svn:mergeinfo' removed)

Propchange: tags/1.6.2.24/contrib/realtime/postgresql/realtime.sql
            ('svn:mergeinfo' removed)

Modified: tags/1.6.2.24/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.24/main/manager.c?view=diff&rev=363207&r1=363206&r2=363207
==============================================================================
--- tags/1.6.2.24/main/manager.c (original)
+++ tags/1.6.2.24/main/manager.c Mon Apr 23 10:41:46 2012
@@ -415,6 +415,19 @@
 	{ 0, "none" },
 };
 
+/*! \brief Checks to see if a string which can be used to evaluate functions should be rejected */
+static int check_user_can_execute_function(const char *evaluating, int writepermlist)
+{
+	if (!(writepermlist & EVENT_FLAG_SYSTEM)
+		&& (
+			strstr(evaluating, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
+			strstr(evaluating, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+		)) {
+		return 0;
+	}
+	return 1;
+}
+
 /*! \brief Convert authority code to a list of options */
 static char *authority_to_str(int authority, struct ast_str **res)
 {
@@ -1918,6 +1931,12 @@
 		return 0;
 	}
 
+	/* We don't want users with insufficient permissions using certain functions. */
+	if (!(check_user_can_execute_function(varname, s->session->writeperm))) {
+		astman_send_error(s, m, "GetVar Access Forbidden: Variable");
+		return 0;
+	}
+
 	if (!ast_strlen_zero(name)) {
 		c = ast_get_channel_by_name_locked(name);
 		if (!c) {
@@ -1984,6 +2003,11 @@
 		snprintf(idText, sizeof(idText), "ActionID: %s\r\n", id);
 	else
 		idText[0] = '\0';
+
+	if (!(check_user_can_execute_function(variables, s->session->writeperm))) {
+		astman_send_error(s, m, "Status Access Forbidden: Variables");
+		return 0;
+	}
 
 	if (all)
 		c = ast_channel_walk_locked(NULL);
@@ -2567,6 +2591,24 @@
 			}
 		}
 	} else if (!ast_strlen_zero(app)) {
+		int bad_appdata = 0;
+		/* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
+		if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
+			&& (
+				strcasestr(app, "system") ||      /* System(rm -rf /)
+				                                     TrySystem(rm -rf /)       */
+				strcasestr(app, "exec") ||        /* Exec(System(rm -rf /))
+				                                     TryExec(System(rm -rf /)) */
+				strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
+				                                     EAGI(/bin/rm,-rf /)       */
+				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
+				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+				)) {
+			char error_buf[64];
+			snprintf(error_buf, sizeof(error_buf), "Originate Access Forbidden: %s", bad_appdata ? "Data" : "Application");
+			astman_send_error(s, m, error_buf);
+			return 0;
+		}
 		res = ast_pbx_outgoing_app(tech, format, data, to, app, appdata, &reason, 1, l, n, vars, account, NULL);
 	} else {
 		if (exten && context && pi)

Propchange: tags/1.6.2.24/sounds/Makefile
            ('svn:mergeinfo' removed)




More information about the asterisk-commits mailing list