]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c705078) | patch
manager.c: Prevent path traversal with GetConfig.
authorBen Ford <bford@digium.com>
Mon, 13 Nov 2023 17:08:50 +0000 (11:08 -0600)
committerBen Ford <bford@digium.com>
Thu, 14 Dec 2023 18:47:33 +0000 (18:47 +0000)
commit705cd2845da9e702acf40ebe674b165c745917a5
tree9773cc80975248cb9cb9af404acb094708272c47tree | snapshot
parentc7050787f36180583608cc7908dad662cdcb95abcommit | diff
manager.c: Prevent path traversal with GetConfig.

When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
main/manager.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git