From 7574be5110e049a44b8c8ead52cd1c2a5d442afa Mon Sep 17 00:00:00 2001
From: George Joseph <gjoseph@digium.com>
Date: Thu, 24 Oct 2019 11:41:23 -0600
Subject: [PATCH] manager.c:  Prevent the Originate action from running the Originate app

If an AMI user without the "system" authorization calls the
Originate AMI command with the Originate application,
the second Originate could run the "System" command.

Action: Originate
Channel: Local/1111
Application: Originate
Data: Local/2222,app,System,touch /tmp/owned

If the "system" authorization isn't set, we now block the
Originate app as well as the System, Exec, etc. apps.

ASTERISK-28580
Reported by: Eliel Sardañons

Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
---

--- /dev/null
+++ b/doc/UPGRADE-staging/AMI-Originate.txt
@@ -0,0 +1,5 @@
+Subject: AMI
+
+The AMI Originate action, which optionally takes a dialplan application as
+an argument, no longer accepts "Originate" as the application due to
+security concerns.
--- a/main/manager.c
+++ b/main/manager.c
@@ -5697,6 +5697,7 @@ static int action_originate(struct manse
 				                                     EAGI(/bin/rm,-rf /)       */
 				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
 				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
+				strcasestr(app, "originate") ||   /* Originate(Local/1234,app,System,rm -rf) */
 				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
 				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
 				)) {