[asterisk-commits] mjordan: branch 11 r384119 - in /branches/11: ./ main/http.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Mar 27 13:51:14 CDT 2013 

Author: mjordan
Date: Wed Mar 27 13:51:11 2013
New Revision: 384119

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=384119
Log:
Fix a file descriptor leak in off nominal path

While looking at the security vulnerability in ASTERISK-20967, Walter noticed
a file descriptor leak and some other issues in off nominal code paths. This
patch corrects them.

Note that this patch is not related to the vulnerability in ASTERISK-20967,
but the patch was placed on that issue.

(closes issue ASTERISK-20967)
Reported by: wdoekes
patches:
  issueA20967_file_leak_and_unused_wkspace.patch uploaded by wdoekes (License 5674)
........

Merged revisions 384118 from http://svn.asterisk.org/svn/asterisk/branches/1.8

Modified:
    branches/11/   (props changed)
    branches/11/main/http.c

Propchange: branches/11/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: branches/11/main/http.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/main/http.c?view=diff&rev=384119&r1=384118&r2=384119
==============================================================================
--- branches/11/main/http.c (original)
+++ branches/11/main/http.c Wed Mar 27 13:51:11 2013
@@ -229,7 +229,7 @@
 		goto out403;
 	}
 
-	/* Disallow any funny filenames at all */
+	/* Disallow any funny filenames at all (checking first character only??) */
 	if ((uri[0] < 33) || strchr("./|~@#$%^&*() \t", uri[0])) {
 		goto out403;
 	}
@@ -244,6 +244,7 @@
 
 	if (!(mtype = ast_http_ftype2mtype(ftype))) {
 		snprintf(wkspace, sizeof(wkspace), "text/%s", S_OR(ftype, "plain"));
+		mtype = wkspace;
 	}
 
 	/* Cap maximum length */
@@ -261,12 +262,12 @@
 		goto out404;
 	}
 
+	if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
+		goto out403;
+	}
+
 	fd = open(path, O_RDONLY);
 	if (fd < 0) {
-		goto out403;
-	}
-
-	if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
 		goto out403;
 	}
 
@@ -289,6 +290,7 @@
 	}
 
 	if ( (http_header = ast_str_create(255)) == NULL) {
+		close(fd);
 		return -1;
 	}

More information about the asterisk-commits mailing list