Recently my collegaue found an interesting vector of possible attacks on Asterisk.
Imagine having following construction
[endpoints]
exten => _X.,1,GoTo(check_rights,${EXTEN},1)
....
[check_rights]
exten => _X.,1,AGI(my_check.agi)
same => 2,GoTo(all_ok,${EXTEN},1)
I know, looks a bit dully, but quite common situation. You may believe, that all calls from [endpoints] context will bypass your script of checking auth. my_check.agi, actually.
But imagine calling not to 12345, for example, but 12345,2.
What will happen, that line
exten => _X.,1,GoTo(check_rights,${EXTEN},1)
will evaluate to
Goto("PJSIP/anonymous-00000579", "check_rights,12345,2,1")
So, you can attach desired priority to your number and in example above - just bypass auth.
I'm not saying it's very common case, but don't forget to use something like FILTER
Possible good idea would be using something like
GoToIf($[ "${EXTEN}" == "${FILTER(+0-9,${EXTEN})}" ]?number_ok:number_not_ok)
to filter only + and digits.
No comments:
Post a Comment