]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 183954b) | patch
manager.c: Prevent path traversal with GetConfig.
authorBen Ford <bford@digium.com>
Mon, 13 Nov 2023 17:08:50 +0000 (11:08 -0600)
committerasterisk-org-access-app[bot] <120671045+asterisk-org-access-app[bot]@users.noreply.github.com>
Thu, 14 Dec 2023 18:47:36 +0000 (18:47 +0000)
commit424be345639d75c6cb7d0bd2da5f0f407dbd0bd5
tree5726e174332055cb04070474c5d954e14e0e4d1atree
parent183954bed3ba9f9897979fd48d8375d7aab85b80commit | diff
manager.c: Prevent path traversal with GetConfig.

When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
main/manager.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git