diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-04-24 21:33:59 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-04-24 21:33:59 +0000 |
commit | 2b4c20088ff86fceab51a734440de475489f680b (patch) | |
tree | 3011173cd077585b60f41e87a79feb99468b1cac /manager.c | |
parent | c35b8feb796ede6c15a88f288c4207c4f12eae8f (diff) |
Don't crash if a manager connection provides a username that exists in
manager.conf but does not have a password, and also requests MD5
authentication. (ASA-2007-012)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@61786 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'manager.c')
-rw-r--r-- | manager.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -533,7 +533,8 @@ static int authenticate(struct mansession *s, struct message *m) } else if (ha) ast_free_ha(ha); if (!strcasecmp(authtype, "MD5")) { - if (!ast_strlen_zero(key) && s->challenge) { + if (!ast_strlen_zero(key) && + !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) { int x; int len=0; char md5key[256] = ""; |