kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-09 03:18:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9f0b565c8d90c55c1c0dded6bbcee4d51c10d05
asterisk/funcs
History
Mark Michelson c9f0b565c8 Mitigate possible HTTP injection attacks using CURL() function in Asterisk. 
CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.

Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.

ASTERISK-24676 #close
Reported by Matt Jordan

Review: https://reviewboard.asterisk.org/r/4364

AST-2015-002



git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431297 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2015-01-28 17:05:26 +00:00
..
func_aes.c
Fix many issues from the NULL_RETURNS Coverity report
2012-05-04 22:17:38 +00:00
func_audiohookinherit.c
func_audiohookinheritance: Check If A Channel Was Specified
2014-03-04 19:33:31 +00:00
func_base64.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_blacklist.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_callcompletion.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_callerid.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_cdr.c
Coverity Report: Fix issues for error type UNINIT in Core supported modules
2012-05-10 15:57:26 +00:00
func_channel.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_config.c
func_config: Change 'Not Found' message from ERROR to DEBUG
2014-08-18 20:16:08 +00:00
func_curl.c
Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
2015-01-28 17:05:26 +00:00
func_cut.c
Clean up and ensure proper usage of alloca()
2012-07-31 20:21:43 +00:00
func_db.c
AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.
2014-11-20 16:22:50 +00:00
func_devstate.c
Prevent exhaustion of system resources through exploitation of event cache
2013-01-02 18:09:55 +00:00
func_dialgroup.c
Fix incorrect usages of ast_realloc().
2013-09-10 17:56:56 +00:00
func_dialplan.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_enum.c
Allow ENUM query functions to report lookup errors
2011-08-09 17:08:33 +00:00
func_env.c
Fix 32bit build for func_env
2014-05-09 23:08:38 +00:00
func_extstate.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_frame_trace.c
datastores: Audit ast_channel_datastore_remove usage.
2014-07-28 18:34:18 +00:00
func_global.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_groupcount.c
Fix typo's (retrieve, specified, address).
2015-01-23 14:51:03 +00:00
func_hangupcause.c
Fix typo's (retrieve, specified, address).
2015-01-23 14:51:03 +00:00
func_iconv.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:28:40 +00:00
func_jitterbuffer.c
func_jitterbuffer: fix frame leaks.
2014-11-02 07:35:36 +00:00
func_lock.c
security: Inhibit execution of privilege escalating functions
2013-12-16 17:14:14 +00:00
func_logic.c
Clean up and ensure proper usage of alloca()
2012-07-31 20:21:43 +00:00
func_math.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_md5.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_module.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_odbc.c
func_odbc: Fix fixed size buffers fix (r414968).
2014-06-03 07:32:30 +00:00
func_pitchshift.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_presencestate.c
Fix documentation for PRESENCE_STATE to properly illustrate how to create a presence hint.
2014-03-05 18:45:52 +00:00
func_rand.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_realtime.c
security: Inhibit execution of privilege escalating functions
2013-12-16 17:14:14 +00:00
func_sha1.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_shell.c
security: Inhibit execution of privilege escalating functions
2013-12-16 17:14:14 +00:00
func_speex.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
func_sprintf.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_srv.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:28:40 +00:00
func_strings.c
Allow the PUSH and UNSHIFT functions to set inheritable channel variables.
2014-06-17 18:40:35 +00:00
func_sysinfo.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:28:40 +00:00
func_timeout.c
verbosity: Fix performance of console verbose messages.
2014-01-14 17:26:35 +00:00
func_uri.c
func_uri: URIENCODE/URIDECODE - allow empty strings as argument
2014-07-15 17:32:15 +00:00
func_version.c
Fix documentation for ${VERSION(ASTERISK_VERSION_NUM)}.
2012-04-19 22:01:20 +00:00
func_vmcount.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
func_volume.c
Fix dialplan function NULL channel safety issues
2014-03-27 19:13:09 +00:00
Makefile
Merged revisions 207647 via svnmerge from
2009-07-21 13:28:04 +00:00