From: Russell Bryant <russell@russellbryant.com>
Date: Tue, 24 Apr 2007 21:33:59 +0000 (+0000)
Subject: Don't crash if a manager connection provides a username that exists in
X-Git-Tag: 1.2.18~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5a87ff71d622e667c526abe2e96bd248c610b91;p=thirdparty%2Fasterisk.git

Don't crash if a manager connection provides a username that exists in
manager.conf but does not have a password, and also requests MD5
authentication. (ASA-2007-012)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@61786 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/manager.c b/manager.c
index e83c55e20c..f884a9d244 100644
--- a/manager.c
+++ b/manager.c
@@ -533,7 +533,8 @@ static int authenticate(struct mansession *s, struct message *m)
 				} else if (ha)
 					ast_free_ha(ha);
 				if (!strcasecmp(authtype, "MD5")) {
-					if (!ast_strlen_zero(key) && s->challenge) {
+					if (!ast_strlen_zero(key) && 
+					    !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) {
 						int x;
 						int len=0;
 						char md5key[256] = "";