[Asterisk-code-review] manager: fix digest auth for ami/http mechanism. (asterisk[15])

Jaco Kroon asteriskteam at digium.com
Tue May 8 06:27:32 CDT 2018 

Jaco Kroon has uploaded this change for review. ( https://gerrit.asterisk.org/8940


Change subject: manager: fix digest auth for ami/http mechanism.
......................................................................

manager: fix digest auth for ami/http mechanism.

Due to a fixed size buffer the digest authentication could be
incorrectly calculated if a large URI was provided, causing
authentication failure. The buffer is now dynamically allocated to allow
any size URI within the normal limits of the HTTP request size.

ASTERISK-27841

Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
---
M main/manager.c
1 file changed, 9 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/40/8940/1

diff --git a/main/manager.c b/main/manager.c
index ace44c2..b347898 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -7997,12 +7997,17 @@
 
 	/* compute the expected response to compare with what we received */
 	{
-		char a2[256];
+		char *a2;
 		char a2_hash[256];
 		char resp[256];
 
 		/* XXX Now request method are hardcoded in A2 */
-		snprintf(a2, sizeof(a2), "%s:%s", ast_get_http_method(method), d.uri);
+		if (ast_asprintf(&a2, "%s:%s", ast_get_http_method(method), d.uri) < 0) {
+			ast_http_request_close_on_completion(ser);
+			ast_http_error(ser, 500, "Server Error", "Internal Server Error (out of memory)");
+			return 0;
+		}
+
 		ast_md5_hash(a2_hash, a2);
 
 		if (d.qop) {
@@ -8013,6 +8018,8 @@
 			snprintf(resp, sizeof(resp), "%s:%08lx:%s", user->a1_hash, nonce, a2_hash);
 		}
 		ast_md5_hash(resp_hash, resp);
+
+		ast_free(a2);
 	}
 
 	if (strncasecmp(d.response, resp_hash, strlen(resp_hash))) {

-- 
To view, visit https://gerrit.asterisk.org/8940
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: newchange
Gerrit-Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
Gerrit-Change-Number: 8940
Gerrit-PatchSet: 1
Gerrit-Owner: Jaco Kroon <jaco at uls.co.za>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180508/c309a49f/attachment.html>

More information about the asterisk-code-review mailing list