Don't crash if a manager connection provides a username that exists in

manager.conf but does not have a password, and also requests MD5
authentication. (ASA-2007-012)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@61786 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/manager.c b/manager.c
index e83c55e20cfbad0cc089b3511c0a4c645e8eceba..f884a9d2445d8dc5c63abf33aff0f41e21ef2c6e 100644 (file)
--- a/manager.c
+++ b/manager.c
@@ -533,7 +533,8 @@ static int authenticate(struct mansession *s, struct message *m)
                                } else if (ha)
                                        ast_free_ha(ha);
                                if (!strcasecmp(authtype, "MD5")) {
-                                       if (!ast_strlen_zero(key) && s->challenge) {
+                                       if (!ast_strlen_zero(key) && 
+                                           !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) {
                                                int x;
                                                int len=0;
                                                char md5key[256] = "";