manager.c: Prevent the Originate action from running the Originate app

If an AMI user without the "system" authorization calls the Originate AMI command with the Originate application, the second Originate could run the "System" command. Action: Originate Channel: Local/1111 Application: Originate Data: Local/2222,app,System,touch /tmp/owned If the "system" authorization isn't set, we now block the Originate app as well as the System, Exec, etc. apps. ASTERISK-28580 Reported by: Eliel Sardañons Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
7 years ago · 32e599f16a
parent 144f7f4c7e
commit 32e599f16a
2 changed files with 6 additions and 0 deletions
--- a/doc/UPGRADE-staging/AMI-Originate.txt
+++ b/doc/UPGRADE-staging/AMI-Originate.txt
@ -0,0 +1,5 @@
+Subject: AMI
+
+The AMI Originate action, which optionally takes a dialplan application as
+an argument, no longer accepts "Originate" as the application due to
+security concerns.
--- a/main/manager.c
+++ b/main/manager.c
@ -5596,6 +5596,7 @@ static int action_originate(struct mansession *s, const struct message *m)
 				                                     EAGI(/bin/rm,-rf /)       */
 				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
 				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
+				strcasestr(app, "originate") ||   /* Originate(Local/1234,app,System,rm -rf) */
 				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
 				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
 				)) {