From: Jaco Kroon <jaco@uls.co.za>
Date: Tue, 8 May 2018 09:59:02 +0000 (+0200)
Subject: manager: fix digest auth for ami/http mechanism.
X-Git-Tag: 15.5.0-rc1~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30c710ee23ccbf000ce09861e01082da8c7e4268;p=thirdparty%2Fasterisk.git

manager: fix digest auth for ami/http mechanism.

Due to a fixed size buffer the digest authentication could be
incorrectly calculated if a large URI was provided, causing
authentication failure. The buffer is now dynamically allocated to allow
any size URI within the normal limits of the HTTP request size.

ASTERISK-27841

Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
---

diff --git a/main/manager.c b/main/manager.c
index ace44c2880..0edc002284 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -7997,13 +7997,20 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
 
 	/* compute the expected response to compare with what we received */
 	{
-		char a2[256];
+		char *a2;
 		char a2_hash[256];
 		char resp[256];
 
 		/* XXX Now request method are hardcoded in A2 */
-		snprintf(a2, sizeof(a2), "%s:%s", ast_get_http_method(method), d.uri);
+		if (ast_asprintf(&a2, "%s:%s", ast_get_http_method(method), d.uri) < 0) {
+			AST_RWLIST_UNLOCK(&users);
+			ast_http_request_close_on_completion(ser);
+			ast_http_error(ser, 500, "Server Error", "Internal Server Error (out of memory)");
+			return 0;
+		}
+
 		ast_md5_hash(a2_hash, a2);
+		ast_free(a2);
 
 		if (d.qop) {
 			/* RFC 2617 */