kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-17 07:18:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

manager: fix digest auth for ami/http mechanism.

Browse Source 
Due to a fixed size buffer the digest authentication could be
incorrectly calculated if a large URI was provided, causing
authentication failure. The buffer is now dynamically allocated to allow
any size URI within the normal limits of the HTTP request size.

ASTERISK-27841

Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
This commit is contained in:
Jaco Kroon
2018-05-08 11:59:02 +02:00
committed by Sean Bright
parent d83a37f0cc
commit 9f1e1d153a
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
main/manager.c
View File

@@ -8006,13 +8006,20 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
/* compute the expected response to compare with what we received */
{
char a2[256];
char *a2;
char a2_hash[256];
char resp[256];
/* XXX Now request method are hardcoded in A2 */
snprintf(a2, sizeof(a2), "%s:%s", ast_get_http_method(method), d.uri);
if (ast_asprintf(&a2, "%s:%s", ast_get_http_method(method), d.uri) < 0) {
AST_RWLIST_UNLOCK(&users);
ast_http_request_close_on_completion(ser);
ast_http_error(ser, 500, "Server Error", "Internal Server Error (out of memory)");
return 0;
}
ast_md5_hash(a2_hash, a2);
ast_free(a2);
if (d.qop) {
/* RFC 2617 */