packages/net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch

--- a/main/manager.c
+++ b/main/manager.c
@@ -4020,6 +4020,7 @@ static int action_originate(struct manse
 				                                     TryExec(System(rm -rf /)) */
 				strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
 				                                     EAGI(/bin/rm,-rf /)       */
+				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
 				strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
 				strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
 				)) {
[package] asterisk-1.8.x: add patch to fix CVE-2012-2186 git-svn-id: svn://svn.openwrt.org/openwrt/packages@33541 3c298f89-4303-0410-b956-a3cf2f4a3e73 2012-09-25 13:37:04 +00:00			`--- a/main/manager.c`
			`+++ b/main/manager.c`
			`@@ -4020,6 +4020,7 @@ static int action_originate(struct manse`
			`TryExec(System(rm -rf /)) */`
			`strcasestr(app, "agi") \|\| /* AGI(/bin/rm,-rf /)`
			`EAGI(/bin/rm,-rf /) */`
			`+ strcasestr(app, "externalivr") \|\| /* ExternalIVR(rm -rf) */`
			`strstr(appdata, "SHELL") \|\| /* NoOp(${SHELL(rm -rf /)}) */`
			`strstr(appdata, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */`
			`)) {`