- Added warning about potential for OS Command Injection
- Updated invalid examples
previous example gives the following error:
pv_parse_spec2(): error searching pvar "rU.txt"
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master …
[View More]branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, ...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [x] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [x] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
Misuse of the exec module functions is a security concern. This PR updates the documentation to help Kamailio administrators use these functions securely.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/3338
-- Commit Summary --
* exec: docs - added security warning
-- File Changes --
M src/modules/exec/doc/exec_admin.xml (24)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/3338.patchhttps://github.com/kamailio/kamailio/pull/3338.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3338
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/3338(a)github.com>
[View Less]
<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for feature requests.
If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:
* http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:
* http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev…
[View More]Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.
If you submit a feature request (or enhancement) add the description of what you would like to be added.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment).
-->
### Description
<!--
Explain what you did, what you expected to happen, and what actually happened.
-->
### Expected behavior
#### Actual observed behavior
#### Debugging Data
```
(paste your debugging data here)
```
#### Log Messages
<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
(paste your log messages here)
```
#### SIP Traffic
<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
(paste your sip traffic here)
```
### Possible Solutions
<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a improvement.
-->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
(paste your output here)
```
* **Operating System**:
<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `uname -a`)
-->
```
(paste your output here)
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3342
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3342(a)github.com>
[View Less]
Module: kamailio
Branch: master
Commit: 5dabd1e7aa3574a41fc30ead60f9e3f68de0f471
URL: https://github.com/kamailio/kamailio/commit/5dabd1e7aa3574a41fc30ead60f9e3f…
Author: Kamailio Dev <kamailio.dev(a)kamailio.org>
Committer: Kamailio Dev <kamailio.dev(a)kamailio.org>
Date: 2023-01-25T08:31:17+01:00
modules: readme files regenerated - tls ... [skip ci]
---
Modified: src/modules/tls/README
---
Diff: https://github.com/kamailio/kamailio/commit/5dabd1e7aa3574a41fc30ead60f9e3f……
[View More]Patch: https://github.com/kamailio/kamailio/commit/5dabd1e7aa3574a41fc30ead60f9e3f…
---
diff --git a/src/modules/tls/README b/src/modules/tls/README
index 21740840b4..a8b83eda17 100644
--- a/src/modules/tls/README
+++ b/src/modules/tls/README
@@ -1271,12 +1271,18 @@ modparam("tls", "renegotiation", 1)
Allow setting flags that control how the module is initialized and
works at runtime. Many flags (bits) can be set at the same time (set
- the parameter to the sum of corresponding values).
-
- If flag (bit) 1 is set (value 1), the memory management operations
- registered for TLS are wapped within a pthread mutex lock. It can be
- useful with newer versions of libssl and libcrypto, which have a more
- pthread multi-threading oriented design.
+ the parameter to the sum of corresponding values). The flags are
+ refered with 0-indexing.
+
+ If flag (bit) at index 0 is set (value 1), the memory management
+ operations registered for TLS are wapped within a pthread mutex lock.
+ It can be useful with newer versions of libssl and libcrypto, which
+ have a more pthread multi-threading oriented design.
+
+ If flag (bit) at index 1 is set (value 2), the module executes openssl
+ fork prepare API functions (see
+ https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html).
+ It is done only for openssl version greater or equal with 1.1.1.
Default value is 0.
[View Less]
Module: kamailio
Branch: master
Commit: 331aa5753beccd3ddb241219cf1988a506fa2de3
URL: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2023-01-25T08:26:09+01:00
tls: update docs for init_mode with details about fork prepare option
---
Modified: src/modules/tls/doc/params.xml
---
Diff: https://github.com/kamailio/kamailio/commit/…
[View More]331aa5753beccd3ddb241219cf1988a…
Patch: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a…
---
diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
index 49f1d1f85f..d90157ca24 100644
--- a/src/modules/tls/doc/params.xml
+++ b/src/modules/tls/doc/params.xml
@@ -1037,13 +1037,20 @@ modparam("tls", "renegotiation", 1)
<para>
Allow setting flags that control how the module is initialized and works
at runtime. Many flags (bits) can be set at the same time (set the
- parameter to the sum of corresponding values).
+ parameter to the sum of corresponding values). The flags are refered
+ with 0-indexing.
</para>
<para>
- If flag (bit) 1 is set (value 1), the memory management operations registered for TLS are
- wapped within a pthread mutex lock. It can be useful with newer versions
- of libssl and libcrypto, which have a more pthread multi-threading oriented
- design.
+ If flag (bit) at index 0 is set (value 1), the memory management operations
+ registered for TLS are wapped within a pthread mutex lock. It can be useful
+ with newer versions of libssl and libcrypto, which have a more pthread
+ multi-threading oriented design.
+ </para>
+ <para>
+ If flag (bit) at index 1 is set (value 2), the module executes openssl fork
+ prepare API functions (see
+ <ulink url="https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html">https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html</ulink>). It is done only for openssl version greater or equal
+ with 1.1.1.
</para>
<para>
Default value is 0.
[View Less]
### Description
When running kamdbctl for the first time with `DBENGINE=MYSQL` , it will try to create the same user twice which causes a failure. Because the user is already there, the create fails and the install script fails
As a new user this is very confusing as it leads you to believe that you're blocked. However, if you enable prompt and run it twice and then skip adding access the second time, you can continue.
```
root@924dfe238957:/# /usr/sbin/kamdbctl create
Create the database …
[View More]'kamailio'? (y/n): y
-e \E[37;33mINFO: creating database kamailio ...
Create database users with access privileges? (y/n): y
-e \E[37;33mINFO: granting privileges to database kamailio ...
ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'kamailio'@'mariadb'
ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'kamailioro'@'mariadb'
```
### Troubleshooting
If you modify `./usr/lib/x86_64-linux-gnu/kamailio/kamctl/kamdbctl.mysql` to echo the command instead, then you get the following debugging info.
```
root@924dfe238957:/# /usr/sbin/kamdbctl create
Create the database 'kamailio'? (y/n): y
-e \E[37;33mINFO: creating database kamailio ...
mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE DATABASE kamailio CHARACTER SET latin1;
Create database users with access privileges? (y/n): y
-e \E[37;33mINFO: granting privileges to database kamailio ...
mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'mariadb' IDENTIFIED BY 'kamailiorw';
GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'mariadb';
mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'mariadb' IDENTIFIED BY 'kamailioro';
GRANT SELECT ON kamailio.* TO 'kamailioro'@'mariadb';
mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'localhost' IDENTIFIED BY 'kamailiorw';
GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'localhost';
mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'localhost' IDENTIFIED BY 'kamailioro';
GRANT SELECT ON kamailio.* TO 'kamailioro'@'localhost';
mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'mariadb' IDENTIFIED BY 'kamailiorw';
GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'mariadb';
mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'mariadb' IDENTIFIED BY 'kamailioro';
GRANT SELECT ON kamailio.* TO 'kamailioro'@'mariadb';
```
As you can see ` 'kamailioro'@'mariadb'` and ` 'kamailioro'@'mariadb'` are added twice which creates a 1396 error.
#### Reproduction
```
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3280
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3280(a)github.com>
[View Less]