]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c0d3fbb) | patch
manager.c: Restrict ModuleLoad to the configured modules directory.
authorBen Ford <bford@digium.com>
Wed, 25 Sep 2024 18:05:58 +0000 (13:05 -0500)
committerasterisk-org-access-app[bot] <120671045+asterisk-org-access-app[bot]@users.noreply.github.com>
Mon, 30 Sep 2024 16:28:45 +0000 (16:28 +0000)
commite19da5d86f118bf723ab8d5ac388d932b01b705c
treedf9063f5be084e6abee8e62dd139439055145552tree
parentc0d3fbb5ae0088ff25cee71f5f07462eb0e26905commit | diff
manager.c: Restrict ModuleLoad to the configured modules directory.

When using the ModuleLoad AMI action, it was possible to traverse
upwards through the directories to files outside of the configured
modules directory. We decided it would be best to restrict access to
modules exclusively in the configured directory. You will now get an
error when the specified module is outside of this limitation.

Fixes: #897
UserNote: The ModuleLoad AMI action now restricts modules to the
configured modules directory.
main/manager.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git