1 From 7574be5110e049a44b8c8ead52cd1c2a5d442afa Mon Sep 17 00:00:00 2001
2 From: George Joseph <gjoseph@digium.com>
3 Date: Thu, 24 Oct 2019 11:41:23 -0600
4 Subject: [PATCH] manager.c: Prevent the Originate action from running the Originate app
6 If an AMI user without the "system" authorization calls the
7 Originate AMI command with the Originate application,
8 the second Originate could run the "System" command.
12 Application: Originate
13 Data: Local/2222,app,System,touch /tmp/owned
15 If the "system" authorization isn't set, we now block the
16 Originate app as well as the System, Exec, etc. apps.
19 Reported by: Eliel SardaƱons
21 Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
24 diff --git a/doc/UPGRADE-staging/AMI-Originate.txt b/doc/UPGRADE-staging/AMI-Originate.txt
26 index 0000000..f2d3133
28 +++ b/doc/UPGRADE-staging/AMI-Originate.txt
32 +The AMI Originate action, which optionally takes a dialplan application as
33 +an argument, no longer accepts "Originate" as the application due to
35 diff --git a/main/manager.c b/main/manager.c
36 index f138801..1963151 100644
40 EAGI(/bin/rm,-rf /) */
41 strcasestr(app, "mixmonitor") || /* MixMonitor(blah,,rm -rf) */
42 strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf) */
43 + strcasestr(app, "originate") || /* Originate(Local/1234,app,System,rm -rf) */
44 (strstr(appdata, "SHELL") && (bad_appdata = 1)) || /* NoOp(${SHELL(rm -rf /)}) */
45 (strstr(appdata, "EVAL") && (bad_appdata = 1)) /* NoOp(${EVAL(${some_var_containing_SHELL})}) */