Merged revisions 61787 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4 ................ r61787 | russell | 2007-04-24 16:34:53 -0500 (Tue, 24 Apr 2007) | 12 lines Merged revisions 61786 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.2 ........ r61786 | russell | 2007-04-24 16:33:59 -0500 (Tue, 24 Apr 2007) | 4 lines Don't crash if a manager connection provides a username that exists in manager.conf but does not have a password, and also requests MD5 authentication. (ASA-2007-012) ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/trunk@61788 f38db490-d61c-443f-a65b-d21fe96a405b
author: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2007-04-24 21:37:00 +0000
committer: russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> 2007-04-24 21:37:00 +0000
commit: 86e2deef748a10abfd18d6ea0591ea0b458711ec (patch)
tree: f37804e8b78b9ad8974c59b8f62140c550774570 /main
parent: 73d01d3d215dfec6633d4066808bf8d214ee5d52 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/main/manager.c b/main/manager.c
index 88dba48ee..8b0381e61 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -984,7 +984,8 @@ static int authenticate(struct mansession *s, const struct message *m)
 	}
 	if (!strcasecmp(astman_get_header(m, "AuthType"), "MD5")) {
 		const char *key = astman_get_header(m, "Key");
-		if (!ast_strlen_zero(key) && !ast_strlen_zero(s->challenge)) {
+		if (!ast_strlen_zero(key) && !ast_strlen_zero(s->challenge) &&
+		    !ast_strlen_zero(password)) {
 			int x;
 			int len = 0;
 			char md5key[256] = "";
author	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2007-04-24 21:37:00 +0000
committer	russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b>	2007-04-24 21:37:00 +0000
commit	86e2deef748a10abfd18d6ea0591ea0b458711ec (patch)
tree	f37804e8b78b9ad8974c59b8f62140c550774570 /main
parent	73d01d3d215dfec6633d4066808bf8d214ee5d52 (diff)