Merged revisions 61786 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.2 ........ r61786 | russell | 2007-04-24 16:33:59 -0500 (Tue, 24 Apr 2007) | 4 lines Don't crash if a manager connection provides a username that exists in manager.conf but does not have a password, and also requests MD5 authentication. (ASA-2007-012) ........ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@61787 f38db490-d61c-443f-a65b-d21fe96a405b
author: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2007-04-24 21:34:53 +0000
committer: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2007-04-24 21:34:53 +0000
commit: 75860448ac91c439f27537f1249ab494987cbcfe (patch)
tree: 13329f921679b076445ddcb49b6411faeb44d4ed /main
parent: 6376dbc08caf642ac1001797c870ada7485c9c37 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/main/manager.c b/main/manager.c
index 7c2e1b37a..e364fcfdb 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -926,7 +926,8 @@ static int authenticate(struct mansession *s, const struct message *m)
 				} else if (ha)
 					ast_free_ha(ha);
 				if (!strcasecmp(authtype, "MD5")) {
-					if (!ast_strlen_zero(key) && s->challenge) {
+					if (!ast_strlen_zero(key) && 
+					    !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) {
 						int x;
 						int len = 0;
 						char md5key[256] = "";
author	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2007-04-24 21:34:53 +0000
committer	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2007-04-24 21:34:53 +0000
commit	75860448ac91c439f27537f1249ab494987cbcfe (patch)
tree	13329f921679b076445ddcb49b6411faeb44d4ed /main
parent	6376dbc08caf642ac1001797c870ada7485c9c37 (diff)