mirror of
https://github.com/asterisk/asterisk.git
synced 2026-06-30 12:10:12 -07:00
manager: Use remote address in user error logging
To avoid a potential null dereference use the remote address in error logging when there is no user or the user acl fails. Resolves: #GHSA-3rhj-hhw7-m6fw
This commit is contained in:
committed by
George Joseph
parent
70b0abcd03
commit
fbaabcaaa2
+2
-2
@@ -8672,7 +8672,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
|
||||
user = get_manager_by_name_locked(d.username);
|
||||
if(!user) {
|
||||
AST_RWLIST_UNLOCK(&users);
|
||||
ast_log(LOG_NOTICE, "%s tried to authenticate with nonexistent user '%s'\n", ast_sockaddr_stringify_addr(&session->addr), d.username);
|
||||
ast_log(LOG_NOTICE, "%s tried to authenticate with nonexistent user '%s'\n", ast_sockaddr_stringify_addr(remote_address), d.username);
|
||||
nonce = 0;
|
||||
goto out_401;
|
||||
}
|
||||
@@ -8680,7 +8680,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
|
||||
/* --- We have User for this auth, now check ACL */
|
||||
if (user->acl && !ast_apply_acl(user->acl, remote_address, "Manager User ACL:")) {
|
||||
AST_RWLIST_UNLOCK(&users);
|
||||
ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_sockaddr_stringify_addr(&session->addr), d.username);
|
||||
ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_sockaddr_stringify_addr(remote_address), d.username);
|
||||
ast_http_request_close_on_completion(ser);
|
||||
ast_http_error(ser, 403, "Permission denied", "Permission denied");
|
||||
return 0;
|
||||
|
||||
Reference in New Issue
Block a user