bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
packages/net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch
florian f727451c17 [package] asterisk-1.8.x: add patch to fix CVE-2012-2186 
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33541 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-09-25 13:37:04 +00:00

11 lines
549 B
Diff
Raw Blame History

--- a/main/manager.c
+++ b/main/manager.c
@@ -4020,6 +4020,7 @@ static int action_originate(struct manse
TryExec(System(rm -rf /)) */
strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /)
EAGI(/bin/rm,-rf /) */
+ strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf) */
strstr(appdata, "SHELL") || /* NoOp(${SHELL(rm -rf /)}) */
strstr(appdata, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
)) {
Reference in New Issue View Git Blame Copy Permalink