X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=net%2Fasterisk-13.x%2Fpatches%2F150-AST-2019-007-13.diff;fp=net%2Fasterisk-13.x%2Fpatches%2F150-AST-2019-007-13.diff;h=e32524de3423c73d996f6055359419ded69c357f;hb=74e09c7c8334905b9c728c72260f18c229d079e1;hp=0000000000000000000000000000000000000000;hpb=06a5323734038c3866f507787256581dba3d8522;p=feed%2Ftelephony.git

diff --git a/net/asterisk-13.x/patches/150-AST-2019-007-13.diff b/net/asterisk-13.x/patches/150-AST-2019-007-13.diff
new file mode 100644
index 0000000..e32524d
--- /dev/null
+++ b/net/asterisk-13.x/patches/150-AST-2019-007-13.diff
@@ -0,0 +1,46 @@
+From 1b9281a5ded62e5d30af2959e5aa33bc5a0fc285 Mon Sep 17 00:00:00 2001
+From: George Joseph <gjoseph@digium.com>
+Date: Thu, 24 Oct 2019 11:41:23 -0600
+Subject: [PATCH] manager.c:  Prevent the Originate action from running the Originate app
+
+If an AMI user without the "system" authorization calls the
+Originate AMI command with the Originate application,
+the second Originate could run the "System" command.
+
+Action: Originate
+Channel: Local/1111
+Application: Originate
+Data: Local/2222,app,System,touch /tmp/owned
+
+If the "system" authorization isn't set, we now block the
+Originate app as well as the System, Exec, etc. apps.
+
+ASTERISK-28580
+Reported by: Eliel SardaÃ±ons
+
+Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
+---
+
+diff --git a/doc/UPGRADE-staging/AMI-Originate.txt b/doc/UPGRADE-staging/AMI-Originate.txt
+new file mode 100644
+index 0000000..f2d3133
+--- /dev/null
++++ b/doc/UPGRADE-staging/AMI-Originate.txt
+@@ -0,0 +1,5 @@
++Subject: AMI
++
++The AMI Originate action, which optionally takes a dialplan application as
++an argument, no longer accepts "Originate" as the application due to
++security concerns.
+diff --git a/main/manager.c b/main/manager.c
+index fc602bc..44e25b8 100644
+--- a/main/manager.c
++++ b/main/manager.c
+@@ -5708,6 +5708,7 @@
+ 				                                     EAGI(/bin/rm,-rf /)       */
+ 				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
+ 				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
++				strcasestr(app, "originate") ||   /* Originate(Local/1234,app,System,rm -rf) */
+ 				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
+ 				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+ 				)) {