kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-01 11:32:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a9ee948e902595ce0d6da88733027e90f5069b25
asterisk/main
History
David M. Lee a9ee948e90 security: Inhibit execution of privilege escalating functions 
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.

A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.

Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.

(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
........

Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@403917 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2013-12-16 17:14:14 +00:00
..
editline
memory leaks: Memory leak cleanup patch by Corey Farrell (first set)
2013-10-23 19:55:05 +00:00
stdtime
Cleanup core main on exit.
2012-12-03 20:43:03 +00:00
abstract_jb.c
Fix jitter buffer log file creation
2013-09-18 19:55:46 +00:00
acl.c
Trivial patch to make 'best_score' defined for all architectures.
2012-10-07 17:31:53 +00:00
adsi.c
Fix crash in unloading of res_adsi module
2012-06-26 13:23:12 +00:00
alaw.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
aoc.c
Cleanup CLI commands on exit for several files.
2012-12-11 22:01:13 +00:00
app.c
memory leaks: Memory leak cleanup patch by Corey Farrell (second set)
2013-10-24 16:40:59 +00:00
ast_expr2.c
Allow the REALTIME() function to report errors back to the caller.
2012-07-11 17:16:50 +00:00
ast_expr2.fl
Avoid cppcheck warnings; removing unused vars and a bit of cleanup.
2012-04-17 18:57:40 +00:00
ast_expr2.h
Allow the REALTIME() function to report errors back to the caller.
2012-07-11 17:16:50 +00:00
ast_expr2.y
Multiple revisions 360356-360357
2012-03-24 02:42:42 +00:00
ast_expr2f.c
Allow the REALTIME() function to report errors back to the caller.
2012-07-11 17:16:50 +00:00
asterisk.c
security: Inhibit execution of privilege escalating functions
2013-12-16 17:14:14 +00:00
asterisk.dynamics
Remove the old stub files, preferring the optional_api method.
2010-07-14 20:48:59 +00:00
asterisk.exports.in
Add _IO_stdin_used in version-script to fix SIGBUSes on Sparc.
2013-08-22 08:22:39 +00:00
astfd.c
Unregister CLI commands on exit
2013-08-20 15:27:16 +00:00
astmm.c
MALLOC_DEBUG: Change fence magic number to be completely different from the freed magic number.
2013-09-09 23:21:46 +00:00
astobj2.c
astobj2: Unregister debug CLI commands at exit
2013-10-24 19:28:10 +00:00
audiohook.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
autochan.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
autoservice.c
Stopped spamming of debug messages during attended transfer.
2013-02-15 17:17:27 +00:00
bridging.c
Fix bridging thread leak.
2012-07-06 15:31:52 +00:00
buildinfo.c
fix a few small things found by using sparse
2008-10-30 16:49:02 +00:00
callerid.c
Clean up and ensure proper usage of alloca()
2012-07-31 20:21:43 +00:00
ccss.c
Prevent exhaustion of system resources through exploitation of event cache
2013-01-02 18:09:55 +00:00
cdr.c
Check result of ast_var_assign() calls for memory allocation failure.
2013-08-06 08:19:42 +00:00
cel.c
Protect CEL from an invalid config on reload
2013-08-20 14:07:45 +00:00
channel_internal_api.c
Prevent exhaustion of system resources through exploitation of event cache
2013-01-02 18:09:55 +00:00
channel.c
Remove some spammy debug messages; improve clarity of others
2013-10-29 12:49:53 +00:00
chanvars.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
cli.c
Fix incorrect usages of ast_realloc().
2013-09-10 17:56:56 +00:00
config_options.c
Ensure global types in the config framework are initialized
2013-09-20 22:35:00 +00:00
config.c
config: Allow ConfBridge DTMF menus to have '#' as the first digit.
2013-11-01 23:52:45 +00:00
cygload.c
Kill off red blobs in most of main/*
2012-03-22 19:51:16 +00:00
data.c
memory leaks: Memory leak cleanup patch by Corey Farrell (second set)
2013-10-24 16:40:59 +00:00
datastore.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
db.c
Properly finalize prepared SQLite3 statements to prevent memory leak
2012-11-04 01:17:25 +00:00
devicestate.c
Distributed Device State broken at sites using res_xmpp or res_jabber where Secuity Advisory AST-2012-015 is inplace
2013-04-16 23:13:58 +00:00
dial.c
Separate option_types[] from the struct definition.
2013-02-05 18:10:46 +00:00
dns.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
dnsmgr.c
Cleanup dnsmgr on exit.
2012-12-11 00:34:46 +00:00
dsp.c
dsp.c User Configurable DTMF_HITS_TO_BEGIN and DTMF_MISSES_TO_END
2012-10-04 20:18:59 +00:00
ecdisa.h
Kill off red blobs in most of main/*
2012-03-22 19:51:16 +00:00
enum.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
event.c
Fix incorrect usages of ast_realloc().
2013-09-10 17:56:56 +00:00
features.c
Fix Segfault When Syntax Of A Line Under [applicationmap] Is Invalid
2013-09-18 01:34:09 +00:00
file.c
Change cleanup ordering in filestream destructor.
2013-01-28 01:57:26 +00:00
fixedjitterbuf.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
fixedjitterbuf.h
Kill off red blobs in most of main/*
2012-03-22 19:51:16 +00:00
format_cap.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
format_pref.c
Address uninitialized conditional that valgrind found
2013-03-27 19:51:29 +00:00
format.c
Fix memory leak while loading priority modules and adding formats
2013-06-12 02:25:23 +00:00
frame.c
Rewrite a comment that didn't adequately explain the code it was documenting.
2012-07-24 16:54:26 +00:00
framehook.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
fskmodem_float.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
fskmodem_int.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
fskmodem.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
global_datastores.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
hashtab.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
heap.c
Fix incorrect usages of ast_realloc().
2013-09-10 17:56:56 +00:00
http.c
Complete http_shutdown.
2013-08-21 17:07:06 +00:00
image.c
Cleanup CLI commands on exit for several files.
2012-12-11 22:01:13 +00:00
indications.c
Fix incorrect usages of ast_realloc().
2013-09-10 17:56:56 +00:00
io.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
jitterbuf.c
jitterbuf: Fix memory leak on jitter buffer reset
2013-10-24 19:41:07 +00:00
libasteriskssl.c
Resolve memory leaks in TLS initialization and TLS client connections
2012-09-14 19:50:40 +00:00
libasteriskssl.exports.in
Address OpenSSL initialization issues when using third-party libraries.
2012-01-30 21:21:16 +00:00
loader.c
core/loader: Don't call dlclose in a while loop
2013-10-31 15:59:50 +00:00
lock.c
Fix DEBUG_THREADS when lock is acquired in __constructor__
2013-09-09 20:02:32 +00:00
logger.c
Logging: Logging types ignored after specifying a verbose level
2013-10-24 20:44:09 +00:00
Makefile
Remove unneeded linux-gnueabi*
2013-02-26 19:19:51 +00:00
manager.c
Memory leak fix
2013-08-30 17:53:56 +00:00
md5.c
md5: supress some compiler warnings.
2012-04-28 01:33:49 +00:00
message.c
Fix lock errors on startup.
2013-04-18 16:07:03 +00:00
named_acl.c
Fix various memory leaks
2013-08-30 19:16:20 +00:00
netsock2.c
Fix NULL pointer segfault in ast_sockaddr_parse()
2012-06-20 02:07:00 +00:00
netsock.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
pbx.c
security: Inhibit execution of privilege escalating functions
2013-12-16 17:14:14 +00:00
plc.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
poll.c
Merged revisions 285268 via svnmerge from
2010-09-07 19:09:08 +00:00
presencestate.c
Fix crash in PresenceState AMI action when specifying an invalid provider
2013-02-15 23:23:49 +00:00
privacy.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
rtp_engine.c
rtp_engine: fix rtp payloads copy and improve argument names
2013-10-25 23:32:19 +00:00
say.c
Fix saying of date in Dutch.
2012-09-25 23:09:40 +00:00
sched.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
security_events.c
Fix security events for AMI invalid password
2013-10-03 19:22:41 +00:00
sha1.c
Kill off red blobs in most of main/*
2012-03-22 19:51:16 +00:00
sip_api.c
Don't make chan_sip export global symbols.
2012-10-11 15:31:10 +00:00
slinfactory.c
Fix a memory copying bug in slinfactory which was causing mixmonitor issues.
2013-05-28 17:43:23 +00:00
srv.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
strcompat.c
Add builtin roundf() for systems lacking it.
2013-01-19 20:49:43 +00:00
strings.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
stun.c
Cleanup CLI commands on exit for several files.
2012-12-11 22:01:13 +00:00
syslog.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
taskprocessor.c
Cleanup taskprocessor on exit.
2012-12-11 20:45:02 +00:00
tcptls.c
security: Inhibit execution of privilege escalating functions
2013-12-16 17:14:14 +00:00
tdd.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
term.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
test.c
memory leaks: Memory leak cleanup patch by Corey Farrell (first set)
2013-10-23 19:55:05 +00:00
threadstorage.c
Unregister CLI commands on exit
2013-08-20 15:27:16 +00:00
timing.c
Cleanup CLI commands on exit for several files.
2012-12-11 22:01:13 +00:00
translate.c
translate: Move freeing of frame to after it is used.
2013-11-22 17:11:07 +00:00
udptl.c
UDPTL: Backport some fixes from v12 that should be in v11.
2013-09-18 23:36:12 +00:00
ulaw.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
utils.c
utils: Fix memory leaks and missed unregistration of CLI commands on shutdown
2013-10-24 20:33:37 +00:00
xml.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
xmldoc.c
Remove some spammy debug messages; improve clarity of others
2013-10-29 12:49:53 +00:00