diff options
Diffstat (limited to 'main/tcptls.c')
| -rw-r--r-- | main/tcptls.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index 2b4842638..76da51260 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -48,6 +48,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/options.h" #include "asterisk/manager.h" #include "asterisk/astobj2.h" +#include "asterisk/pbx.h" /*! \brief * replacement read/write functions for SSL support. @@ -164,6 +165,16 @@ static void *handle_tcptls_connection(void *data) char err[256]; #endif + /* TCP/TLS connections are associated with external protocols, and + * should not be allowed to execute 'dangerous' functions. This may + * need to be pushed down into the individual protocol handlers, but + * this seems like a good general policy. + */ + if (ast_thread_inhibit_escalations()) { + ast_log(LOG_ERROR, "Failed to inhibit privilege escalations; killing connection\n"); + return NULL; + } + /* * open a FILE * as appropriate. */ |