From c2859f89975d63bf1ccbb949e174f376bc0056c8 Mon Sep 17 00:00:00 2001
From: jowiemann <jowiemann@2b470e98-0d58-463d-a4d8-8e2adae1ed80>
Date: Mon, 17 Apr 2023 11:31:55 +0000
Subject: [PATCH] 72_FB_CALLMONITOR.pm: Passwort Sicherheit

git-svn-id: https://svn.fhem.de/fhem/trunk@27455 2b470e98-0d58-463d-a4d8-8e2adae1ed80
---
 fhem/FHEM/72_FB_CALLMONITOR.pm | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/fhem/FHEM/72_FB_CALLMONITOR.pm b/fhem/FHEM/72_FB_CALLMONITOR.pm
index ccb61fc18..3e0da2394 100755
--- a/fhem/FHEM/72_FB_CALLMONITOR.pm
+++ b/fhem/FHEM/72_FB_CALLMONITOR.pm
@@ -40,7 +40,7 @@ use HttpUtils;
 use DevIo;
 use FritzBoxUtils;
 
-my $ModulVersion = "07.50.3a";
+my $ModulVersion = "07.50.3b";
 my %tellows = ();
 my %connection_type = (
      0 => "FON1",
@@ -2320,6 +2320,17 @@ sub FB_CALLMONITOR_readPassword($;$)
     my ($hash, $testPassword) = @_;
     my $name = $hash->{NAME};
 
+   my $xline       = ( caller(0) )[2];
+   my $xsubroutine = ( caller(1) )[3];
+   my $sub         = ( split( ':', $xsubroutine ) )[2];
+   $sub =~ s/FB_CALLMONITOR_//       if ( defined $sub );
+   $sub ||= 'no-subroutine-specified';
+
+   if ($sub !~ /readRemotePhonebookViaTelnet|requestHTTPviaTR064|identifyPhoneBooksViaWeb|readRemotePhonebookViaWeb/) {
+     FB_CALLMONITOR_Log $hash, 2, "EMERGENCY: unauthorized call for reading password from: $sub";
+     return undef;
+   }
+
     my $index = $hash->{TYPE}."_".$hash->{NAME}."_passwd";
     my $key = getUniqueId().$index;