[Asterisk-code-review] curl, res_stir_shaken: refactor utility functions (asterisk[master])

George Joseph asteriskteam at digium.com
Mon Jan 31 09:36:19 CST 2022 

Attention is currently required from: Sean Bright, N A, Joshua Colp.
George Joseph has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/17708 )

Change subject: curl, res_stir_shaken: refactor utility functions
......................................................................


Patch Set 3:

(1 comment)

File include/asterisk/utils.h:

https://gerrit.asterisk.org/c/asterisk/+/17708/comment/616a4bb9_5f7d4671 
PS3, Line 415: int ast_url_is_vulnerable(const char *url);
> Do not make this API. The name is bad, the implementation is trivial, and it is all predicated on a library that may or may not be in use and may or may not be an appropriate version.
> 
> If you really need this just copy it into your code.

Unfortunately, the issue this was trying to prevent is still present in the version of libcurl in use by CentOS7.  How about renaming it ast_is_url_safe() and just make it a macro:
#define ast_is_url_safe(u) (strpbrk(u, "\r\n") == NULL)



-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17708
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ife478708c8f2b127239cb73c1755ef18c0bf431b
Gerrit-Change-Number: 17708
Gerrit-PatchSet: 3
Gerrit-Owner: N A <mail at interlinked.x10host.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Sean Bright <sean at seanbright.com>
Gerrit-CC: George Joseph <gjoseph at digium.com>
Gerrit-Attention: Sean Bright <sean at seanbright.com>
Gerrit-Attention: N A <mail at interlinked.x10host.com>
Gerrit-Attention: Joshua Colp <jcolp at sangoma.com>
Gerrit-Comment-Date: Mon, 31 Jan 2022 15:36:19 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Sean Bright <sean at seanbright.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220131/033c1f06/attachment-0001.html>

More information about the asterisk-code-review mailing list