From 15b892323a501b8e99f50d97379c38ce61af76ec Mon Sep 17 00:00:00 2001
From: Matthew Jordan <mjordan@digium.com>
Date: Wed, 27 Mar 2013 18:52:16 +0000
Subject: [PATCH] Fix a file descriptor leak in off nominal path

While looking at the security vulnerability in ASTERISK-20967, Walter noticed
a file descriptor leak and some other issues in off nominal code paths. This
patch corrects them.

Note that this patch is not related to the vulnerability in ASTERISK-20967,
but the patch was placed on that issue.

(closes issue ASTERISK-20967)
Reported by: wdoekes
patches:
  issueA20967_file_leak_and_unused_wkspace.patch uploaded by wdoekes (License 5674)
........

Merged revisions 384118 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 384119 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@384120 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 main/http.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/main/http.c b/main/http.c
index a92c77d..aff38c3 100644
--- a/main/http.c
+++ b/main/http.c
@@ -237,7 +237,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
 		goto out403;
 	}
 
-	/* Disallow any funny filenames at all */
+	/* Disallow any funny filenames at all (checking first character only??) */
 	if ((uri[0] < 33) || strchr("./|~@#$%^&*() \t", uri[0])) {
 		goto out403;
 	}
@@ -252,6 +252,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
 
 	if (!(mtype = ast_http_ftype2mtype(ftype))) {
 		snprintf(wkspace, sizeof(wkspace), "text/%s", S_OR(ftype, "plain"));
+		mtype = wkspace;
 	}
 
 	/* Cap maximum length */
@@ -269,12 +270,12 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
 		goto out404;
 	}
 
-	fd = open(path, O_RDONLY);
-	if (fd < 0) {
+	if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
 		goto out403;
 	}
 
-	if (strstr(path, "/private/") && !astman_is_authed(ast_http_manid_from_vars(headers))) {
+	fd = open(path, O_RDONLY);
+	if (fd < 0) {
 		goto out403;
 	}
 
@@ -297,6 +298,7 @@ static int static_callback(struct ast_tcptls_session_instance *ser,
 	}
 
 	if ( (http_header = ast_str_create(255)) == NULL) {
+		close(fd);
 		return -1;
 	}
 
-- 
1.7.9.5