[Asterisk-code-review] curl, res_stir_shaken: refactor utility functions (asterisk[master])

N A asteriskteam at digium.com
Mon Jan 31 11:22:55 CST 2022 

Attention is currently required from: Sean Bright, Joshua Colp, George Joseph.
N A has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/17708 )

Change subject: curl, res_stir_shaken: refactor utility functions
......................................................................


Patch Set 3:

(1 comment)

File include/asterisk/utils.h:

https://gerrit.asterisk.org/c/asterisk/+/17708/comment/8a438beb_80c4cd41 
PS3, Line 415: int ast_url_is_vulnerable(const char *url);
> > Unfortunately, the issue this was trying to prevent is still present in the version of libcurl in  […]
Making it a macro makes sense to me I guess.

If it's the semantics you don't like, maybe it could be ast_contains_cr_lf instead?

I don't see the point in duplicating in this multiple places if it's the same logic, that's the thing we're trying to prevent here.

Inevitably, certainly modules will not manually replicate the logic and then security goes out the window.

If it's not resolved on ALL Linux and BSD distros then there is a legitimate use case for it. If there's no need for it anymore, then we don't need it at all anywhere.



-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17708
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ife478708c8f2b127239cb73c1755ef18c0bf431b
Gerrit-Change-Number: 17708
Gerrit-PatchSet: 3
Gerrit-Owner: N A <mail at interlinked.x10host.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Sean Bright <sean at seanbright.com>
Gerrit-CC: George Joseph <gjoseph at digium.com>
Gerrit-Attention: Sean Bright <sean at seanbright.com>
Gerrit-Attention: Joshua Colp <jcolp at sangoma.com>
Gerrit-Attention: George Joseph <gjoseph at digium.com>
Gerrit-Comment-Date: Mon, 31 Jan 2022 17:22:55 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Sean Bright <sean at seanbright.com>
Comment-In-Reply-To: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220131/9f0fbfb4/attachment.html>

More information about the asterisk-code-review mailing list