manager.c: Prevent the Originate action from running the Originate app

If an AMI user without the "system" authorization calls the Originate AMI command with the Originate application, the second Originate could run the "System" command. Action: Originate Channel: Local/1111 Application: Originate Data: Local/2222,app,System,touch /tmp/owned If the "system" authorization isn't set, we now block the Originate app as well as the System, Exec, etc. apps. ASTERISK-28580 Reported by: Eliel Sardañons Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
6 years ago · 1b9281a5de
parent bb732e4292
commit 1b9281a5de
2 changed files with 6 additions and 0 deletions
--- a/doc/UPGRADE-staging/AMI-Originate.txt
+++ b/doc/UPGRADE-staging/AMI-Originate.txt
@ -0,0 +1,5 @@
+Subject: AMI
+
+The AMI Originate action, which optionally takes a dialplan application as
+an argument, no longer accepts "Originate" as the application due to
+security concerns.
--- a/main/manager.c
+++ b/main/manager.c
@ -5708,6 +5708,7 @@ static int action_originate(struct mansession *s, const struct message *m)
 				                                     EAGI(/bin/rm,-rf /)       */
 				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
 				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
+				strcasestr(app, "originate") ||   /* Originate(Local/1234,app,System,rm -rf) */
 				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
 				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
 				)) {