Jerry
/
asterisk-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix whois command injection vulnerability

This commit is contained in:
JerryXiao 2021-11-20 23:04:37 +08:00
parent 1e8fb5e9c0
commit 17905cc485
Signed by: Jerry
GPG Key ID: 22618F758B5BE2E5
1 changed files with 10 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
extensions.conf
View File

@ -4,9 +4,6 @@ writeprotect=no
clearglobalvars=no
[extdn42whois]
;exten => i,1,NoOp()
;exten => t,1,Goto(s,1)
exten => _X.,5,Set(CALLNUM=${EXTEN})
same => n,Goto(s,1)
@ -17,24 +14,23 @@ exten => s,1,Playback(silence/1)
same => n,GotoIf($["${USERINPUT}" = ""]?extmymenu,${CALLNUM},5:whois,1)
exten => whois,1,Set(SESSIONUNID=${RAND(0,100000)})
same => n,TrySystem(/var/lib/asterisk/scripts/jerry/whois.py ${USERINPUT} ${SESSIONUNID})
same => n,TrySystem(/var/lib/asterisk/scripts/jerry/whois.py "${USERINPUT}" "${SESSIONUNID}")
same => n,Playback(/var/tmp/ast-dynamic/${SESSIONUNID})
same => n,GotoIf($["${PLAYBACKSTATUS}" = "SUCCESS"]?whois,whoisend:)
same => n,Playback(im-sorry&something-terribly-wrong)
same => n(whoisend),Goto(s,1)
[extmymenu]
exten => i,1,Playback(silence/1&goodbye)
same => n,Hangup()
exten => _X.,5,Set(CALLNUM=${EXTEN})
same => n,Goto(s,1)
exten => s,1,Wait(1)
;same => n(loop),Background(vm-press&letters/a&number)
same => n(loop),Background(jerry-intro)
same => n,WaitExten(15)
exten => i,1,Playback(silence/1&goodbye)
same => n,Hangup()
exten => t,1,Goto(s,loop)
exten => _X,1,NoOp()
@ -60,12 +56,10 @@ exten => 3,100,NoOp()
exten => 4,100,NoOp()
same => n,Read(TMPNOM,z-external,1,,1,0.1)
;same => n,Playback(z-external)
same => n,Goto(menuend,1)
exten => 5,100,NoOp()
same => n,Read(TMPNOM,z-macroform-cold_day,1,,1,0.1)
;same => n,Playback(z-macroform-cold_day)
same => n,Goto(menuend,1)
exten => _X,100,NoOp()
@ -79,7 +73,7 @@ exten => menuend,1,NoOp()
exten => i,1,NoOp()
exten => chanunavail,1,Playback(im-sorry&number-not-answering&please-try-call-later)
exten => chanunavail,2,Hangup()
same => n,Hangup()
exten => 424036180001,5,Dial(PJSIP/REDACTED,300,m)
exten => 424036180002,5,Dial(PJSIP/REDACTED,300,m)
@ -89,10 +83,8 @@ exten => 424036180005,5,Dial(PJSIP/REDACTED,300,m)
exten => _X.,6,GotoIf($["${DIALSTATUS}" = "CHANUNAVAIL"]?chanunavail,1:)
exten => 424036180000,5,Goto(extmymenu,${EXTEN},5)
exten => 424036183618,5,Playback(silence/1&your&number&is)
same => 6,SayAlpha(${CALLERID(num)})
same => 7,Playback(silence/1)
;same => 8,SayAlpha(${CALLERID(name)})
;same => 9,Playback(silence/1)
same => n,SayAlpha(${CALLERID(num)})
same => n,Playback(silence/1)
exten => 424036184242,5,Goto(extdn42whois,${EXTEN},5)
exten => _42403618XXXX,5,Playback(im-sorry&check-number-dial-again)
@ -102,7 +94,6 @@ exten => _42403618XXXX,5,Answer()
exten => _42401332XXXX,5,NoOp()
same => n,Dial(PJSIP/${EXTEN}@nia)
;same => n,Dial(PJSIP/${EXTEN:-4}@nia)
exten => _42403315XXXX,5,NoOp()
same => n,Dial(PJSIP/${EXTEN}@zane)
@ -117,11 +108,8 @@ exten => _42400119XXXX,5,NoOp()
same => n,Dial(PJSIP/${EXTEN}@jrb0001)
[jerry]
;exten => _X.,1,Set(CHANNEL(musicclass)=custom)
exten => _XXXX,1,Goto(42403618${EXTEN},1)
exten => _XXXXXXXX,1,Goto(4240${EXTEN},1)
exten => _X.,1,NoOp()
exten => _XXXX,2,Goto(42403618${EXTEN},1)
exten => _XXXXXXXX,2,Goto(4240${EXTEN},1)
exten => _X.,2,NoOp()
exten => _X.,3,Goto(extpeers,${EXTEN},5)
exten => _X.,2,Goto(extpeers,${EXTEN},5)