From f8848a7fe844e744b30009e8833dab3dd857d870 Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Wed, 23 Apr 2008 17:55:31 +0000 Subject: [PATCH] Store the manager session ID explicitly as 4 byte ID instead of a ulong. The mansession_id cookie is coded to be limited to 8 characters of hex, and this could break logins from 64-bit machines in some cases. (inspired by AST-20) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@114591 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- include/asterisk/manager.h | 4 ++-- main/manager.c | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/asterisk/manager.h b/include/asterisk/manager.h index 39a0ca478a..cc4e971c96 100644 --- a/include/asterisk/manager.h +++ b/include/asterisk/manager.h @@ -111,7 +111,7 @@ int ast_manager_unregister( char *action ); * \param perm permission mask to verify * \returns 1 if the session has the permission mask capabilities, otherwise 0 */ -int astman_verify_session_readpermissions(unsigned long ident, int perm); +int astman_verify_session_readpermissions(uint32_t ident, int perm); /*! * \brief Verify a session's write permissions against a permission mask. @@ -119,7 +119,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm); * \param perm permission mask to verify * \returns 1 if the session has the permission mask capabilities, otherwise 0 */ -int astman_verify_session_writepermissions(unsigned long ident, int perm); +int astman_verify_session_writepermissions(uint32_t ident, int perm); /*! External routines may send asterisk manager events this way */ /*! \param category Event category, matches manager authorization diff --git a/main/manager.c b/main/manager.c index 3204edad8d..4d1d8ceeac 100644 --- a/main/manager.c +++ b/main/manager.c @@ -151,7 +151,7 @@ struct mansession { /*! Whether an HTTP session has someone waiting on events */ pthread_t waiting_thread; /*! Unique manager identifer */ - unsigned long managerid; + uint32_t managerid; /*! Session timeout if HTTP */ time_t sessiontimeout; /*! Output from manager interface */ @@ -2578,7 +2578,7 @@ int ast_manager_register2(const char *action, int auth, int (*func)(struct manse /*! @} END Doxygen group */ -static struct mansession *find_session(unsigned long ident) +static struct mansession *find_session(uint32_t ident) { struct mansession *s; @@ -2596,7 +2596,7 @@ static struct mansession *find_session(unsigned long ident) return s; } -int astman_verify_session_readpermissions(unsigned long ident, int perm) +int astman_verify_session_readpermissions(uint32_t ident, int perm) { int result = 0; struct mansession *s; @@ -2615,7 +2615,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm) return result; } -int astman_verify_session_writepermissions(unsigned long ident, int perm) +int astman_verify_session_writepermissions(uint32_t ident, int perm) { int result = 0; struct mansession *s; @@ -2644,7 +2644,7 @@ static char *contenttype[] = { "plain", "html", "xml" }; static char *generic_http_callback(int format, struct sockaddr_in *requestor, const char *uri, struct ast_variable *params, int *status, char **title, int *contentlength) { struct mansession *s = NULL; - unsigned long ident = 0; + uint32_t ident = 0; char workspace[512]; char cookie[128]; size_t len = sizeof(workspace); @@ -2655,7 +2655,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co for (v = params; v; v = v->next) { if (!strcasecmp(v->name, "mansession_id")) { - sscanf(v->value, "%lx", &ident); + sscanf(v->value, "%x", &ident); break; } } @@ -2728,7 +2728,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co s->needdestroy = 1; } ast_build_string(&c, &len, "Content-type: text/%s\r\n", contenttype[format]); - sprintf(tmp, "%08lx", s->managerid); + sprintf(tmp, "%08x", s->managerid); ast_build_string(&c, &len, "%s\r\n", ast_http_setcookie("mansession_id", tmp, httptimeout, cookie, sizeof(cookie))); if (format == FORMAT_HTML) ast_build_string(&c, &len, "Asterisk™ Manager Interface");