manager: fix digest auth for ami/http mechanism.
authorJaco Kroon <jaco@uls.co.za>
Tue, 8 May 2018 09:59:02 +0000 (11:59 +0200)
committerSean Bright <sean.bright@gmail.com>
Tue, 8 May 2018 14:25:20 +0000 (08:25 -0600)
Due to a fixed size buffer the digest authentication could be
incorrectly calculated if a large URI was provided, causing
authentication failure. The buffer is now dynamically allocated to allow
any size URI within the normal limits of the HTTP request size.

ASTERISK-27841

Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3

main/manager.c

index 577c7f9..f1e44b3 100644 (file)
@@ -8006,13 +8006,20 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
 
        /* compute the expected response to compare with what we received */
        {
-               char a2[256];
+               char *a2;
                char a2_hash[256];
                char resp[256];
 
                /* XXX Now request method are hardcoded in A2 */
-               snprintf(a2, sizeof(a2), "%s:%s", ast_get_http_method(method), d.uri);
+               if (ast_asprintf(&a2, "%s:%s", ast_get_http_method(method), d.uri) < 0) {
+                       AST_RWLIST_UNLOCK(&users);
+                       ast_http_request_close_on_completion(ser);
+                       ast_http_error(ser, 500, "Server Error", "Internal Server Error (out of memory)");
+                       return 0;
+               }
+
                ast_md5_hash(a2_hash, a2);
+               ast_free(a2);
 
                if (d.qop) {
                        /* RFC 2617 */