diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-04-24 21:34:53 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-04-24 21:34:53 +0000 |
commit | 75860448ac91c439f27537f1249ab494987cbcfe (patch) | |
tree | 13329f921679b076445ddcb49b6411faeb44d4ed /main | |
parent | 6376dbc08caf642ac1001797c870ada7485c9c37 (diff) |
Merged revisions 61786 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.2
........
r61786 | russell | 2007-04-24 16:33:59 -0500 (Tue, 24 Apr 2007) | 4 lines
Don't crash if a manager connection provides a username that exists in
manager.conf but does not have a password, and also requests MD5
authentication. (ASA-2007-012)
........
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@61787 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main')
-rw-r--r-- | main/manager.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/main/manager.c b/main/manager.c index 7c2e1b37a..e364fcfdb 100644 --- a/main/manager.c +++ b/main/manager.c @@ -926,7 +926,8 @@ static int authenticate(struct mansession *s, const struct message *m) } else if (ha) ast_free_ha(ha); if (!strcasecmp(authtype, "MD5")) { - if (!ast_strlen_zero(key) && s->challenge) { + if (!ast_strlen_zero(key) && + !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) { int x; int len = 0; char md5key[256] = ""; |