]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
projects / thirdparty / asterisk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 36706e0)
Fix a file descriptor leak in off nominal path
authorMatthew Jordan <mjordan@digium.com>
Wed, 27 Mar 2013 18:49:17 +0000 (18:49 +0000)
committerMatthew Jordan <mjordan@digium.com>
Wed, 27 Mar 2013 18:49:17 +0000 (18:49 +0000)
While looking at the security vulnerability in ASTERISK-20967, Walter noticed
a file descriptor leak and some other issues in off nominal code paths. This
patch corrects them.

Note that this patch is not related to the vulnerability in ASTERISK-20967,
but the patch was placed on that issue.

(closes issue ASTERISK-20967)
Reported by: wdoekes
patches:
  issueA20967_file_leak_and_unused_wkspace.patch uploaded by wdoekes (License 5674)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@384118 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/http.c patch | blob | blame | history

diff --git a/main/http.c b/main/http.c
index 4b73acbe954690205dc75e40001ce58555e905d3..e22468fcf3b94690eae79b7e1536cb7126c26c71 100644 (file)
--- a/main/http.c
+++ b/main/http.c
@@ -230,7 +230,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
                goto out403;
        }
 
-       /* Disallow any funny filenames at all */
+       /* Disallow any funny filenames at all (checking first character only??) */
        if ((uri[0] < 33) || strchr("./|~@#$%^&*() \t", uri[0])) {
                goto out403;
        }
@@ -245,6 +245,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
 
        if (!(mtype = ast_http_ftype2mtype(ftype))) {
                snprintf(wkspace, sizeof(wkspace), "text/%s", S_OR(ftype, "plain"));
+               mtype = wkspace;
        }
 
        /* Cap maximum length */
@@ -262,12 +263,12 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
                goto out404;
        }
 
-       fd = open(path, O_RDONLY);
-       if (fd < 0) {
+       if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
                goto out403;
        }
 
-       if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
+       fd = open(path, O_RDONLY);
+       if (fd < 0) {
                goto out403;
        }
 
@@ -290,6 +291,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
        }
 
        if ( (http_header = ast_str_create(255)) == NULL) {
+               close(fd);
                return -1;
        }
 
Mirror of https://github.com/asterisk/asterisk.git