func_db.c

SVN commits to the Digium repositories Thu, 20 Nov 2014 08:48:05 -0800

Author: bebuild
Date: Thu Nov 20 10:47:25 2014
New Revision: 428433

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428433
Log:
Merge r428363 for AST-2014-018


Modified:
    tags/11.14.1/   (props changed)
    tags/11.14.1/ChangeLog
    tags/11.14.1/funcs/func_db.c

Propchange: tags/11.14.1/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Propchange: tags/11.14.1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 20 10:47:25 2014
@@ -1,1 +1,1 @@
-/branches/11:427381,428417
+/branches/11:427381,428363,428417

Modified: tags/11.14.1/ChangeLog
URL: 
http://svnview.digium.com/svn/asterisk/tags/11.14.1/ChangeLog?view=diff&rev=428433&r1=428432&r2=428433
==============================================================================
--- tags/11.14.1/ChangeLog (original)
+++ tags/11.14.1/ChangeLog Thu Nov 20 10:47:25 2014
@@ -10,6 +10,19 @@
 
          ASTERISK-24469 #close
          Reported by Matt Jordan
+
+       * AST-2014-018 - func_db: DB Dialplan function permission escalation
+         via AMI.
+
+         The DB dialplan function when executed from an external protocol
+         (for instance AMI), could result in a privilege escalation.
+
+         Asterisk now inhibits the DB function from being executed from an
+         external interface if the live_dangerously option is set to no.
+
+         ASTERISK-24534
+         Reported by: Gareth Palmer
+         patches: submitted by Gareth Palmer (license 5169)
 
 2014-11-10  Asterisk Development Team <[email protected]>
 

Modified: tags/11.14.1/funcs/func_db.c
URL: 
http://svnview.digium.com/svn/asterisk/tags/11.14.1/funcs/func_db.c?view=diff&rev=428433&r1=428432&r2=428433
==============================================================================
--- tags/11.14.1/funcs/func_db.c (original)
+++ tags/11.14.1/funcs/func_db.c Thu Nov 20 10:47:25 2014
@@ -351,7 +351,7 @@
 {
        int res = 0;
 
-       res |= ast_custom_function_register(&db_function);
+       res |= ast_custom_function_register_escalating(&db_function, 
AST_CFE_BOTH);
        res |= ast_custom_function_register(&db_exists_function);
        res |= ast_custom_function_register_escalating(&db_delete_function, 
AST_CFE_READ);
        res |= ast_custom_function_register(&db_keys_function);


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

svn-commits mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/svn-commits

[svn-commits] bebuild: tag 11.14.1 r428433 - in /tags/11.14.1: ./ ChangeLog funcs/func_db.c

Reply via email to