]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c94e2b2) | patch
manager.c: Prevent path traversal with GetConfig.
authorBen Ford <bford@digium.com>
Mon, 13 Nov 2023 17:08:50 +0000 (11:08 -0600)
committerMike Bradeen <mbradeen@sangoma.com>
Thu, 14 Dec 2023 19:00:19 +0000 (12:00 -0700)
commitd44f07244a408f9e86197bc03638d7d1f7d3defd
treeee811f3f5f8d546c3ecfe42ea3425fad9d841fc3tree | snapshot
parentc94e2b2000cd9781cd2be7b4050b7f3cde851e01commit | diff
manager.c: Prevent path traversal with GetConfig.

When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
main/manager.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git