diff --git a/addons/chan_ooh323.c b/addons/chan_ooh323.c index 1b7525ef9b..f9ee8f9977 100644 --- a/addons/chan_ooh323.c +++ b/addons/chan_ooh323.c @@ -129,9 +129,9 @@ static struct ast_rtp_glue ooh323_rtp = { }; static struct ast_udptl_protocol ooh323_udptl = { - type: "H323", - get_udptl_info: ooh323_get_udptl_peer, - set_udptl_peer: ooh323_set_udptl_peer, + .type = "H323", + .get_udptl_info = ooh323_get_udptl_peer, + .set_udptl_peer = ooh323_set_udptl_peer, }; diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c index 0e83e2883f..03ef884c87 100644 --- a/apps/app_externalivr.c +++ b/apps/app_externalivr.c @@ -293,9 +293,9 @@ static int gen_generate(struct ast_channel *chan, void *data, int len, int sampl static struct ast_generator gen = { - alloc: gen_alloc, - release: gen_release, - generate: gen_generate, + .alloc = gen_alloc, + .release = gen_release, + .generate = gen_generate, }; static void ast_eivr_getvariable(struct ast_channel *chan, char *data, char *outbuf, int outbuflen) diff --git a/apps/app_milliwatt.c b/apps/app_milliwatt.c index 72a800933d..a093e974d2 100644 --- a/apps/app_milliwatt.c +++ b/apps/app_milliwatt.c @@ -117,9 +117,9 @@ static int milliwatt_generate(struct ast_channel *chan, void *data, int len, int } static struct ast_generator milliwattgen = { - alloc: milliwatt_alloc, - release: milliwatt_release, - generate: milliwatt_generate, + .alloc = milliwatt_alloc, + .release = milliwatt_release, + .generate = milliwatt_generate, }; static int old_milliwatt_exec(struct ast_channel *chan) diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 1f724882e1..eee69ccfbc 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -14144,12 +14144,12 @@ static int iax2_devicestate(void *data) static struct ast_switch iax2_switch = { - name: "IAX2", - description: "IAX Remote Dialplan Switch", - exists: iax2_exists, - canmatch: iax2_canmatch, - exec: iax2_exec, - matchmore: iax2_matchmore, + .name = "IAX2", + .description = "IAX Remote Dialplan Switch", + .exists = iax2_exists, + .canmatch = iax2_canmatch, + .exec = iax2_exec, + .matchmore = iax2_matchmore, }; /* diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 31037652cf..d8b7d92c98 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -3080,9 +3080,9 @@ static struct sip_registry *registry_addref(struct sip_registry *reg, char *tag) /*! \brief Interface structure with callbacks used to connect to UDPTL module*/ static struct ast_udptl_protocol sip_udptl = { - type: "SIP", - get_udptl_info: sip_get_udptl_peer, - set_udptl_peer: sip_set_udptl_peer, + .type = "SIP", + .get_udptl_info = sip_get_udptl_peer, + .set_udptl_peer = sip_set_udptl_peer, }; static void append_history_full(struct sip_pvt *p, const char *fmt, ...) @@ -13090,8 +13090,6 @@ static void state_notify_build_xml(struct state_notify_data *data, int full, con if ((data->state & AST_EXTENSION_RINGING) && sip_cfg.notifyringing) { const char *local_display = exten; char *local_target = ast_strdupa(mto); - const char *remote_display = exten; - char *remote_target = ast_strdupa(mfrom); /* There are some limitations to how this works. The primary one is that the callee must be dialing the same extension that is being monitored. Simply dialing @@ -13101,28 +13099,16 @@ static void state_notify_build_xml(struct state_notify_data *data, int full, con if ((caller = ast_channel_callback(find_calling_channel, NULL, p, 0))) { char *cid_num; - char *connected_num; int need; ast_channel_lock(caller); cid_num = S_COR(caller->caller.id.number.valid, caller->caller.id.number.str, ""); need = strlen(cid_num) + strlen(p->fromdomain) + sizeof("sip:@"); - remote_target = alloca(need); - snprintf(remote_target, need, "sip:%s@%s", cid_num, p->fromdomain); - - remote_display = ast_strdupa(S_COR(caller->caller.id.name.valid, - caller->caller.id.name.str, "")); - - connected_num = S_COR(caller->connected.id.number.valid, - caller->connected.id.number.str, ""); - need = strlen(connected_num) + strlen(p->fromdomain) + sizeof("sip:@"); local_target = alloca(need); - snprintf(local_target, need, "sip:%s@%s", connected_num, p->fromdomain); - - local_display = ast_strdupa(S_COR(caller->connected.id.name.valid, - caller->connected.id.name.str, "")); - + snprintf(local_target, need, "sip:%s@%s", cid_num, p->fromdomain); + local_display = ast_strdupa(S_COR(caller->caller.id.name.valid, + caller->caller.id.name.str, "")); ast_channel_unlock(caller); caller = ast_channel_unref(caller); } @@ -13144,10 +13130,10 @@ static void state_notify_build_xml(struct state_notify_data *data, int full, con "\n" "\n" "\n" - "%s\n" + "%s\n" "\n" "\n", - remote_display, remote_target, remote_target, local_display, local_target, local_target); + local_display, local_target, local_target, mto, mto); } else { ast_str_append(tmp, 0, "\n", exten); } @@ -22947,6 +22933,10 @@ static int handle_request_update(struct sip_pvt *p, struct sip_request *req) transmit_response(p, "501 Method Not Implemented", req); return 0; } + if (!p->owner) { + transmit_response(p, "481 Call/Transaction Does Not Exist", req); + return 0; + } if (get_rpid(p, req)) { struct ast_party_connected_line connected; struct ast_set_party_connected_line update_connected; diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c index 755584b85a..9ee5979ffd 100644 --- a/channels/chan_skinny.c +++ b/channels/chan_skinny.c @@ -6601,7 +6601,8 @@ static int handle_message(struct skinny_req *req, struct skinnysession *s) int res = 0; struct skinny_speeddial *sd; struct skinny_device *d = s->device; - + size_t len; + if ((!s->device) && (letohl(req->e) != REGISTER_MESSAGE && letohl(req->e) != ALARM_MESSAGE)) { ast_log(LOG_WARNING, "Client sent message #%d without first registering.\n", req->e); ast_free(req); @@ -6671,8 +6672,13 @@ static int handle_message(struct skinny_req *req, struct skinnysession *s) ast_log(LOG_WARNING, "Unsupported digit %d\n", digit); } - sub->exten[strlen(sub->exten)] = dgt; - sub->exten[strlen(sub->exten)+1] = '\0'; + len = strlen(sub->exten); + if (len < sizeof(sub->exten) - 1) { + sub->exten[len] = dgt; + sub->exten[len + 1] = '\0'; + } else { + ast_log(AST_LOG_WARNING, "Dropping digit with value %d because digit queue is full\n", dgt); + } } else res = handle_keypad_button_message(req, s); } diff --git a/main/app.c b/main/app.c index 6c7cb2895b..53a2f8a7cd 100644 --- a/main/app.c +++ b/main/app.c @@ -551,9 +551,9 @@ static void *linear_alloc(struct ast_channel *chan, void *params) static struct ast_generator linearstream = { - alloc: linear_alloc, - release: linear_release, - generate: linear_generator, + .alloc = linear_alloc, + .release = linear_release, + .generate = linear_generator, }; int ast_linear_stream(struct ast_channel *chan, const char *filename, int fd, int allowoverride) diff --git a/main/channel.c b/main/channel.c index 5e7b88050d..e7e63d2b5a 100644 --- a/main/channel.c +++ b/main/channel.c @@ -7932,9 +7932,9 @@ static int tonepair_generator(struct ast_channel *chan, void *data, int len, int } static struct ast_generator tonepair = { - alloc: tonepair_alloc, - release: tonepair_release, - generate: tonepair_generator, + .alloc = tonepair_alloc, + .release = tonepair_release, + .generate = tonepair_generator, }; int ast_tonepair_start(struct ast_channel *chan, int freq1, int freq2, int duration, int vol) diff --git a/main/manager.c b/main/manager.c index d5c95bac33..f8a4dbbd6e 100644 --- a/main/manager.c +++ b/main/manager.c @@ -1221,6 +1221,19 @@ static const struct permalias { { 0, "none" }, }; +/*! \brief Checks to see if a string which can be used to evaluate functions should be rejected */ +static int function_capable_string_allowed_with_auths(const char *evaluating, int writepermlist) +{ + if (!(writepermlist & EVENT_FLAG_SYSTEM) + && ( + strstr(evaluating, "SHELL") || /* NoOp(${SHELL(rm -rf /)}) */ + strstr(evaluating, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */ + )) { + return 0; + } + return 1; +} + /*! \brief Convert authority code to a list of options */ static const char *authority_to_str(int authority, struct ast_str **res) { @@ -3224,6 +3237,12 @@ static int action_getvar(struct mansession *s, const struct message *m) return 0; } + /* We don't want users with insufficient permissions using certain functions. */ + if (!(function_capable_string_allowed_with_auths(varname, s->session->writeperm))) { + astman_send_error(s, m, "GetVar Access Forbidden: Variable"); + return 0; + } + if (!ast_strlen_zero(name)) { if (!(c = ast_channel_get_by_name(name))) { astman_send_error(s, m, "No such channel"); @@ -3284,6 +3303,11 @@ static int action_status(struct mansession *s, const struct message *m) idText[0] = '\0'; } + if (!(function_capable_string_allowed_with_auths(variables, s->session->writeperm))) { + astman_send_error(s, m, "Status Access Forbidden: Variables"); + return 0; + } + if (all) { if (!(iter = ast_channel_iterator_all_new())) { ast_free(str); @@ -4087,6 +4111,7 @@ static int action_originate(struct mansession *s, const struct message *m) } if (!ast_strlen_zero(app) && s->session) { + int bad_appdata = 0; /* To run the System application (or anything else that goes to * shell), you must have the additional System privilege */ if (!(s->session->writeperm & EVENT_FLAG_SYSTEM) @@ -4097,10 +4122,13 @@ static int action_originate(struct mansession *s, const struct message *m) TryExec(System(rm -rf /)) */ strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /) EAGI(/bin/rm,-rf /) */ - strstr(appdata, "SHELL") || /* NoOp(${SHELL(rm -rf /)}) */ - strstr(appdata, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */ + strcasestr(app, "mixmonitor") || /* MixMonitor(blah,,rm -rf) */ + (strstr(appdata, "SHELL") && (bad_appdata = 1)) || /* NoOp(${SHELL(rm -rf /)}) */ + (strstr(appdata, "EVAL") && (bad_appdata = 1)) /* NoOp(${EVAL(${some_var_containing_SHELL})}) */ )) { - astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have."); + char error_buf[64]; + snprintf(error_buf, sizeof(error_buf), "Originate Access Forbidden: %s", bad_appdata ? "Data" : "Application"); + astman_send_error(s, m, error_buf); res = 0; goto fast_orig_cleanup; } diff --git a/pbx/pbx_loopback.c b/pbx/pbx_loopback.c index 915a0cb10a..5f35613434 100644 --- a/pbx/pbx_loopback.c +++ b/pbx/pbx_loopback.c @@ -163,12 +163,12 @@ static int loopback_matchmore(struct ast_channel *chan, const char *context, con static struct ast_switch loopback_switch = { - name: "Loopback", - description: "Loopback Dialplan Switch", - exists: loopback_exists, - canmatch: loopback_canmatch, - exec: loopback_exec, - matchmore: loopback_matchmore, + .name = "Loopback", + .description = "Loopback Dialplan Switch", + .exists = loopback_exists, + .canmatch = loopback_canmatch, + .exec = loopback_exec, + .matchmore = loopback_matchmore, }; static int unload_module(void) diff --git a/pbx/pbx_realtime.c b/pbx/pbx_realtime.c index e952f8f2f1..82261b1797 100644 --- a/pbx/pbx_realtime.c +++ b/pbx/pbx_realtime.c @@ -388,12 +388,12 @@ static int realtime_matchmore(struct ast_channel *chan, const char *context, con static struct ast_switch realtime_switch = { - name: "Realtime", - description: "Realtime Dialplan Switch", - exists: realtime_exists, - canmatch: realtime_canmatch, - exec: realtime_exec, - matchmore: realtime_matchmore, + .name = "Realtime", + .description = "Realtime Dialplan Switch", + .exists = realtime_exists, + .canmatch = realtime_canmatch, + .exec = realtime_exec, + .matchmore = realtime_matchmore, }; static int unload_module(void) diff --git a/res/res_fax_spandsp.c b/res/res_fax_spandsp.c index ffbb8999d1..901ec48c04 100644 --- a/res/res_fax_spandsp.c +++ b/res/res_fax_spandsp.c @@ -759,9 +759,9 @@ static int spandsp_fax_gateway_start(struct ast_fax_session *s) { int i; struct ast_channel *peer; static struct ast_generator t30_gen = { - alloc: spandsp_fax_gw_gen_alloc, - release: spandsp_fax_gw_gen_release, - generate: spandsp_fax_gw_t30_gen, + .alloc = spandsp_fax_gw_gen_alloc, + .release = spandsp_fax_gw_gen_release, + .generate = spandsp_fax_gw_t30_gen, }; #if SPANDSP_RELEASE_DATE >= 20081012