diff options
| author | Matthew Jordan <mjordan@digium.com> | 2013-03-27 18:52:16 +0000 |
|---|---|---|
| committer | Matthew Jordan <mjordan@digium.com> | 2013-03-27 18:52:16 +0000 |
| commit | 15b892323a501b8e99f50d97379c38ce61af76ec (patch) | |
| tree | 98910dccf8f4b08410461b2c74396a87ee56e4e7 /main/http.c | |
| parent | 15bbfb941f2faf637e00d6246be6799579836a90 (diff) | |
Fix a file descriptor leak in off nominal path
While looking at the security vulnerability in ASTERISK-20967, Walter noticed
a file descriptor leak and some other issues in off nominal code paths. This
patch corrects them.
Note that this patch is not related to the vulnerability in ASTERISK-20967,
but the patch was placed on that issue.
(closes issue ASTERISK-20967)
Reported by: wdoekes
patches:
issueA20967_file_leak_and_unused_wkspace.patch uploaded by wdoekes (License 5674)
........
Merged revisions 384118 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 384119 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@384120 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/http.c')
| -rw-r--r-- | main/http.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/main/http.c b/main/http.c index a92c77db9..aff38c3aa 100644 --- a/main/http.c +++ b/main/http.c @@ -237,7 +237,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser, goto out403; } - /* Disallow any funny filenames at all */ + /* Disallow any funny filenames at all (checking first character only??) */ if ((uri[0] < 33) || strchr("./|~@#$%^&*() \t", uri[0])) { goto out403; } @@ -252,6 +252,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser, if (!(mtype = ast_http_ftype2mtype(ftype))) { snprintf(wkspace, sizeof(wkspace), "text/%s", S_OR(ftype, "plain")); + mtype = wkspace; } /* Cap maximum length */ @@ -269,12 +270,12 @@ static int static_callback(struct ast_tcptls_session_instance *ser, goto out404; } - fd = open(path, O_RDONLY); - if (fd < 0) { + if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) { goto out403; } - if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) { + fd = open(path, O_RDONLY); + if (fd < 0) { goto out403; } @@ -297,6 +298,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser, } if ( (http_header = ast_str_create(255)) == NULL) { + close(fd); return -1; } |