[asterisk-commits] bebuild: tag 1.8.11.1 r363208 - in /tags/1.8.11.1: ./ channels/ main/

[SVN commits to the Asterisk project]

Author: bebuild
Date: Mon Apr 23 10:51:51 2012
New Revision: 363208

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=363208
Log:
Merge 363102, 363106, 363141 for 1.8.11.1

Modified:
    tags/1.8.11.1/   (props changed)
    tags/1.8.11.1/.version
    tags/1.8.11.1/ChangeLog
    tags/1.8.11.1/channels/chan_sip.c
    tags/1.8.11.1/channels/chan_skinny.c
    tags/1.8.11.1/main/manager.c

Propchange: tags/1.8.11.1/
------------------------------------------------------------------------------
Binary property 'branch-1.6.2-merged' - no diff available.

Propchange: tags/1.8.11.1/
------------------------------------------------------------------------------
--- svn:externals (original)
+++ svn:externals Mon Apr 23 10:51:51 2012
@@ -1,1 +1,1 @@
-menuselect https://origsvn.digium.com/svn/menuselect/tags/autotag_for_asterisk/1.8.11.0-rc2
+menuselect https://origsvn.digium.com/svn/menuselect/trunk

Propchange: tags/1.8.11.1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Apr 23 10:51:51 2012
@@ -1,1 +1,1 @@
-/branches/1.8:357665,359656,359706,359979
+/branches/1.8:357665,359656,359706,359979,363102,363106,363141

Modified: tags/1.8.11.1/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.11.1/.version?view=diff&rev=363208&r1=363207&r2=363208
==============================================================================
--- tags/1.8.11.1/.version (original)
+++ tags/1.8.11.1/.version Mon Apr 23 10:51:51 2012
@@ -1,1 +1,1 @@
-1.8.11.0
+1.8.11.1

Modified: tags/1.8.11.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.11.1/ChangeLog?view=diff&rev=363208&r1=363207&r2=363208
==============================================================================
--- tags/1.8.11.1/ChangeLog (original)
+++ tags/1.8.11.1/ChangeLog Mon Apr 23 10:51:51 2012
@@ -1,3 +1,13 @@
+2012-04-23  Asterisk Development Team <asteriskteam at digium.com>
+
+	* Asterisk 1.8.11.1 Released.
+
+	* AST-2012-004
+
+	* AST-2012-005
+
+	* AST-2012-006
+
 2012-03-29  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Asterisk 1.8.11.0 Released.

Modified: tags/1.8.11.1/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.11.1/channels/chan_sip.c?view=diff&rev=363208&r1=363207&r2=363208
==============================================================================
--- tags/1.8.11.1/channels/chan_sip.c (original)
+++ tags/1.8.11.1/channels/chan_sip.c Mon Apr 23 10:51:51 2012
@@ -22126,6 +22126,10 @@
 		transmit_response(p, "501 Method Not Implemented", req);
 		return 0;
 	}
+	if (!p->owner) {
+		transmit_response(p, "481 Call/Transaction Does Not Exist", req);
+		return 0;
+	}
 	if (get_rpid(p, req)) {
 		struct ast_party_connected_line connected;
 		struct ast_set_party_connected_line update_connected;

Modified: tags/1.8.11.1/channels/chan_skinny.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.11.1/channels/chan_skinny.c?view=diff&rev=363208&r1=363207&r2=363208
==============================================================================
--- tags/1.8.11.1/channels/chan_skinny.c (original)
+++ tags/1.8.11.1/channels/chan_skinny.c Mon Apr 23 10:51:51 2012
@@ -6141,7 +6141,8 @@
 	struct skinny_speeddial *sd;
 	struct skinny_line *l;
 	struct skinny_device *d = s->device;
-	
+	size_t len;
+
 	if ((!s->device) && (letohl(req->e) != REGISTER_MESSAGE && letohl(req->e) != ALARM_MESSAGE)) {
 		ast_log(LOG_WARNING, "Client sent message #%d without first registering.\n", req->e);
 		ast_free(req);
@@ -6206,8 +6207,13 @@
 				ast_log(LOG_WARNING, "Unsupported digit %d\n", digit);
 			}
 
-			d->exten[strlen(d->exten)] = dgt;
-			d->exten[strlen(d->exten)+1] = '\0';
+			len = strlen(d->exten);
+			if (len < sizeof(d->exten) - 1) {
+				d->exten[len] = dgt;
+				d->exten[len + 1] = '\0';
+			} else {
+				ast_log(AST_LOG_WARNING, "Dropping digit with value %d because digit queue is full\n", dgt);
+			}
 		} else
 			res = handle_keypad_button_message(req, s);
 		}

Modified: tags/1.8.11.1/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.11.1/main/manager.c?view=diff&rev=363208&r1=363207&r2=363208
==============================================================================
--- tags/1.8.11.1/main/manager.c (original)
+++ tags/1.8.11.1/main/manager.c Mon Apr 23 10:51:51 2012
@@ -1179,6 +1179,19 @@
 	{ 0, "none" },
 };
 
+/*! \brief Checks to see if a string which can be used to evaluate functions should be rejected */
+static int function_capable_string_allowed_with_auths(const char *evaluating, int writepermlist)
+{
+	if (!(writepermlist & EVENT_FLAG_SYSTEM)
+		&& (
+			strstr(evaluating, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
+			strstr(evaluating, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+		)) {
+		return 0;
+	}
+	return 1;
+}
+
 /*! \brief Convert authority code to a list of options */
 static const char *authority_to_str(int authority, struct ast_str **res)
 {
@@ -3177,6 +3190,12 @@
 		return 0;
 	}
 
+	/* We don't want users with insufficient permissions using certain functions. */
+	if (!(function_capable_string_allowed_with_auths(varname, s->session->writeperm))) {
+		astman_send_error(s, m, "GetVar Access Forbidden: Variable");
+		return 0;
+	}
+
 	if (!ast_strlen_zero(name)) {
 		if (!(c = ast_channel_get_by_name(name))) {
 			astman_send_error(s, m, "No such channel");
@@ -3235,6 +3254,11 @@
 		snprintf(idText, sizeof(idText), "ActionID: %s\r\n", id);
 	} else {
 		idText[0] = '\0';
+	}
+
+	if (!(function_capable_string_allowed_with_auths(variables, s->session->writeperm))) {
+		astman_send_error(s, m, "Status Access Forbidden: Variables");
+		return 0;
 	}
 
 	if (all) {
@@ -4028,6 +4052,7 @@
 		ast_parse_allow_disallow(NULL, &format, codecs, 1);
 	}
 	if (!ast_strlen_zero(app)) {
+		int bad_appdata = 0;
 		/* To run the System application (or anything else that goes to
 		 * shell), you must have the additional System privilege */
 		if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
@@ -4038,10 +4063,13 @@
 				                                     TryExec(System(rm -rf /)) */
 				strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
 				                                     EAGI(/bin/rm,-rf /)       */
-				strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
-				strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
+				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
+				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
 				)) {
-			astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have.");
+			char error_buf[64];
+			snprintf(error_buf, sizeof(error_buf), "Originate Access Forbidden: %s", bad_appdata ? "Data" : "Application");
+			astman_send_error(s, m, error_buf);
 			return 0;
 		}
 	}