[Asterisk-code-review] curl, res_stir_shaken: refactor utility functions (asterisk[master])
Sean Bright
asteriskteam at digium.com
Mon Jan 31 09:38:39 CST 2022
Attention is currently required from: N A, Joshua Colp, George Joseph.
Sean Bright has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/17708 )
Change subject: curl, res_stir_shaken: refactor utility functions
......................................................................
Patch Set 3:
(1 comment)
File include/asterisk/utils.h:
https://gerrit.asterisk.org/c/asterisk/+/17708/comment/166c7434_7a61063e
PS3, Line 415: int ast_url_is_vulnerable(const char *url);
> > Do not make this API. The name is bad, the implementation is trivial, and it is all predicated on a library that may or may not be in use and may or may not be an appropriate version.
> >
> > If you really need this just copy it into your code.
>
> Unfortunately, the issue this was trying to prevent is still present in the version of libcurl in use by CentOS7. How about renaming it ast_is_url_safe() and just make it a macro:
> #define ast_is_url_safe(u) (strpbrk(u, "\r\n") == NULL)
That is unfortunate but doesn't address any of my comments. It doesn't need to be made API.
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17708
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ife478708c8f2b127239cb73c1755ef18c0bf431b
Gerrit-Change-Number: 17708
Gerrit-PatchSet: 3
Gerrit-Owner: N A <mail at interlinked.x10host.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Sean Bright <sean at seanbright.com>
Gerrit-CC: George Joseph <gjoseph at digium.com>
Gerrit-Attention: N A <mail at interlinked.x10host.com>
Gerrit-Attention: Joshua Colp <jcolp at sangoma.com>
Gerrit-Attention: George Joseph <gjoseph at digium.com>
Gerrit-Comment-Date: Mon, 31 Jan 2022 15:38:39 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Sean Bright <sean at seanbright.com>
Comment-In-Reply-To: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220131/a0c61577/attachment.html>
More information about the asterisk-code-review
mailing list