[Asterisk-code-review] curl, res_stir_shaken: refactor utility functions (asterisk[master])
Sean Bright
asteriskteam at digium.com
Mon Jan 31 09:53:17 CST 2022
Attention is currently required from: N A, Joshua Colp, George Joseph.
Sean Bright has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/17708 )
Change subject: curl, res_stir_shaken: refactor utility functions
......................................................................
Patch Set 3:
(1 comment)
File include/asterisk/utils.h:
https://gerrit.asterisk.org/c/asterisk/+/17708/comment/c5d691e3_481a4fb0
PS3, Line 415: int ast_url_is_vulnerable(const char *url);
> Unfortunately, the issue this was trying to prevent is still present in the version of libcurl in use by CentOS7
It was backported into the CentOS7 package in 2015 - from the spec file:
* Thu Jan 08 2015 Kamil Dudka <kdudka at redhat.com> 7.29.0-22
- reject CRLFs in URLs passed to proxy (CVE-2014-8150)
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17708
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ife478708c8f2b127239cb73c1755ef18c0bf431b
Gerrit-Change-Number: 17708
Gerrit-PatchSet: 3
Gerrit-Owner: N A <mail at interlinked.x10host.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Sean Bright <sean at seanbright.com>
Gerrit-CC: George Joseph <gjoseph at digium.com>
Gerrit-Attention: N A <mail at interlinked.x10host.com>
Gerrit-Attention: Joshua Colp <jcolp at sangoma.com>
Gerrit-Attention: George Joseph <gjoseph at digium.com>
Gerrit-Comment-Date: Mon, 31 Jan 2022 15:53:17 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Sean Bright <sean at seanbright.com>
Comment-In-Reply-To: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220131/e595b7f1/attachment.html>
More information about the asterisk-code-review
mailing list