]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d20c3e2) | patch
manager.c: Prevent path traversal with GetConfig.
authorBen Ford <bford@digium.com>
Mon, 13 Nov 2023 17:08:50 +0000 (11:08 -0600)
committerBen Ford <bford@digium.com>
Thu, 14 Dec 2023 18:47:29 +0000 (18:47 +0000)
commitb05d7e890153cf35737bc7f1efe3d298ca3e6b4b
tree005d45d5b18210036890f8139b12bc824ff4ce54tree
parentd20c3e2f6fbf391f4f769209c43e446ae9603fb4commit | diff
manager.c: Prevent path traversal with GetConfig.

When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
main/manager.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git