Merged revisions 119744 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk ................ r119744 | russell | 2008-06-02 09:41:55 -0500 (Mon, 02 Jun 2008) | 13 lines Merged revisions 119742 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r119742 | russell | 2008-06-02 09:39:45 -0500 (Mon, 02 Jun 2008) | 5 lines Improve CLI command blacklist checking for the command manager action. Previously, it did not handle case or whitespace properly. This made it possible for blacklisted commands to get executed anyway. (closes issue #12765) ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@119745 f38db490-d61c-443f-a65b-d21fe96a405b
author: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-06-02 14:44:47 +0000
committer: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-06-02 14:44:47 +0000
commit: b47c6c5feff5059ce85a00e969dd52dfa031ac52 (patch)
tree: a689f5e62e9c0edc535511619dce017e7991bc26
parent: 26fb791337d4d8eab2862cd9c5f25b6e9e436d06 (diff)
1 files changed, 50 insertions, 9 deletions
diff --git a/main/manager.c b/main/manager.c
index 64be6d226..35c1fc83e 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -138,9 +138,12 @@ static int manager_debug;	/*!< enable some debugging code in the manager */
  * HTTP sessions have managerid != 0, the value is used as a search key
  * to lookup sessions (using the mansession_id cookie).
  */
-static const char *command_blacklist[] = {
-	"module load",
-	"module unload",
+#define MAX_BLACKLIST_CMD_LEN 2
+static struct {
+	char *words[AST_MAX_CMD_LEN];
+} command_blacklist[] = {
+	{{ "module", "load", NULL }},
+	{{ "module", "unload", NULL }},
 };
 
 struct mansession {
@@ -1944,6 +1947,41 @@ static int action_redirect(struct mansession *s, const struct message *m)
 	return 0;
 }
 
+static int check_blacklist(const char *cmd)
+{
+	char *cmd_copy, *cur_cmd;
+	char *cmd_words[MAX_BLACKLIST_CMD_LEN] = { NULL, };
+	int i;
+
+	cmd_copy = ast_strdupa(cmd);
+	for (i = 0; i < MAX_BLACKLIST_CMD_LEN && (cur_cmd = strsep(&cmd_copy, " ")); i++) {
+		cur_cmd = ast_strip(cur_cmd);
+		if (ast_strlen_zero(cur_cmd)) {
+			i--;
+			continue;
+		}
+
+		cmd_words[i] = cur_cmd;
+	}
+
+	for (i = 0; i < ARRAY_LEN(command_blacklist); i++) {
+		int j, match = 1;
+
+		for (j = 0; command_blacklist[i].words[j]; j++) {
+			if (ast_strlen_zero(cmd_words[j]) || strcasecmp(cmd_words[j], command_blacklist[i].words[j])) {
+				match = 0;
+				break;
+			}
+		}
+
+		if (match) {
+			return 1;
+		}
+	}
+
+	return 0;
+}
+
 static char mandescr_command[] =
 "Description: Run a CLI command.\n"
 "Variables: (Names marked with * are required)\n"
@@ -1957,14 +1995,17 @@ static int action_command(struct mansession *s, const struct message *m)
 	const char *id = astman_get_header(m, "ActionID");
 	char *buf, *final_buf;
 	char template[] = "/tmp/ast-ami-XXXXXX";	/* template for temporary file */
-	int fd = mkstemp(template), i = 0;
+	int fd = mkstemp(template);
 	off_t l;
 
-	for (i = 0; i < sizeof(command_blacklist) / sizeof(command_blacklist[0]); i++) {
-		if (!strncmp(cmd, command_blacklist[i], strlen(command_blacklist[i]))) {
-			astman_send_error(s, m, "Command blacklisted");
-			return 0;
-		}
+	if (ast_strlen_zero(cmd)) {
+		astman_send_error(s, m, "No command provided");
+		return 0;
+	}
+
+	if (check_blacklist(cmd)) {
+		astman_send_error(s, m, "Command blacklisted");
+		return 0;
 	}
 
 	astman_append(s, "Response: Follows\r\nPrivilege: Command\r\n");
author	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-06-02 14:44:47 +0000
committer	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-06-02 14:44:47 +0000
commit	b47c6c5feff5059ce85a00e969dd52dfa031ac52 (patch)
tree	a689f5e62e9c0edc535511619dce017e7991bc26
parent	26fb791337d4d8eab2862cd9c5f25b6e9e436d06 (diff)