[asterisk-commits] mjordan: trunk r384120 - in /trunk: ./ main/http.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Mar 27 13:52:20 CDT 2013
Author: mjordan
Date: Wed Mar 27 13:52:16 2013
New Revision: 384120
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=384120
Log:
Fix a file descriptor leak in off nominal path
While looking at the security vulnerability in ASTERISK-20967, Walter noticed
a file descriptor leak and some other issues in off nominal code paths. This
patch corrects them.
Note that this patch is not related to the vulnerability in ASTERISK-20967,
but the patch was placed on that issue.
(closes issue ASTERISK-20967)
Reported by: wdoekes
patches:
issueA20967_file_leak_and_unused_wkspace.patch uploaded by wdoekes (License 5674)
........
Merged revisions 384118 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 384119 from http://svn.asterisk.org/svn/asterisk/branches/11
Modified:
trunk/ (props changed)
trunk/main/http.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-11-merged' - no diff available.
Modified: trunk/main/http.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/http.c?view=diff&rev=384120&r1=384119&r2=384120
==============================================================================
--- trunk/main/http.c (original)
+++ trunk/main/http.c Wed Mar 27 13:52:16 2013
@@ -237,7 +237,7 @@
goto out403;
}
- /* Disallow any funny filenames at all */
+ /* Disallow any funny filenames at all (checking first character only??) */
if ((uri[0] < 33) || strchr("./|~@#$%^&*() \t", uri[0])) {
goto out403;
}
@@ -252,6 +252,7 @@
if (!(mtype = ast_http_ftype2mtype(ftype))) {
snprintf(wkspace, sizeof(wkspace), "text/%s", S_OR(ftype, "plain"));
+ mtype = wkspace;
}
/* Cap maximum length */
@@ -269,12 +270,12 @@
goto out404;
}
+ if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
+ goto out403;
+ }
+
fd = open(path, O_RDONLY);
if (fd < 0) {
- goto out403;
- }
-
- if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
goto out403;
}
@@ -297,6 +298,7 @@
}
if ( (http_header = ast_str_create(255)) == NULL) {
+ close(fd);
return -1;
}
More information about the asterisk-commits
mailing list