kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-31 02:37:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

pbx.c: Allow dangerous functions when adding a hint to dialplan.

Browse Source 
We can allow dangerous functions when adding a hint since altering
dialplan is itself a privileged activity.  Otherwise, we could never
execute dangerous functions.

ASTERISK-25996 #close
Reported by: Andrew Nagy

Change-Id: I4929ff100ad1200a0198262d069a34f2296e77ba
This commit is contained in:
Richard Mudgett
2016-07-27 17:17:53 -05:00
parent 4cbb735c28
commit 68ebf86e2f
3 changed files with 41 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
main/pbx.c
View File

@@ -7153,13 +7153,25 @@ static int ast_add_extension2_lockopt(struct ast_context *con,
/* If we are adding a hint evalulate in variables and global variables */
if (priority == PRIORITY_HINT && strstr(application, "${") && extension[0] != '_') {
int inhibited;
struct ast_channel *c = ast_dummy_channel_alloc();
if (c) {
ast_channel_exten_set(c, extension);
ast_channel_context_set(c, con->name);
}
/*
* We can allow dangerous functions when adding a hint since
* altering dialplan is itself a privileged activity. Otherwise,
* we could never execute dangerous functions.
*/
inhibited = ast_thread_inhibit_escalations_swap(0);
pbx_substitute_variables_helper(c, application, expand_buf, sizeof(expand_buf));
if (0 < inhibited) {
ast_thread_inhibit_escalations();
}
application = expand_buf;
if (c) {
ast_channel_unref(c);