]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c38e52) | patch
manager.c: Prevent path traversal with GetConfig.
authorBen Ford <bford@digium.com>
Mon, 13 Nov 2023 17:08:50 +0000 (11:08 -0600)
committerMike Bradeen <mbradeen@sangoma.com>
Thu, 14 Dec 2023 18:55:57 +0000 (11:55 -0700)
commit8f015af774dd0965a00c4b34e247bfb9c2abf05d
treec2ed224151b5c0c16ae818012e6074d3abc0ad56tree
parent5c38e52afcda9c65d422b0f7323d7dc63746dc7fcommit | diff
manager.c: Prevent path traversal with GetConfig.

When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
main/manager.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git