Asterisk - The Open Source Telephony Project
21.4.1
|
Curl - Load a URL. More...
#include "asterisk.h"
#include <curl/curl.h>
#include "asterisk/lock.h"
#include "asterisk/file.h"
#include "asterisk/channel.h"
#include "asterisk/pbx.h"
#include "asterisk/cli.h"
#include "asterisk/module.h"
#include "asterisk/app.h"
#include "asterisk/utils.h"
#include "asterisk/threadstorage.h"
#include "asterisk/test.h"
Go to the source code of this file.
Data Structures | |
struct | curl_args |
struct | curl_settings |
struct | curl_write_callback_data |
Callback data passed to WriteMemoryCallback. More... | |
struct | global_curl_info |
Enumerations | |
enum | hashcompat { HASHCOMPAT_NO = 0, HASHCOMPAT_YES, HASHCOMPAT_LEGACY } |
enum | optiontype { OT_BOOLEAN, OT_INTEGER, OT_INTEGER_MS, OT_STRING, OT_ENUM } |
Functions | |
static void | __init_curl_instance (void) |
static void | __init_thread_escapebuf (void) |
static void | __reg_module (void) |
static void | __unreg_module (void) |
static int | acf_curl_exec (struct ast_channel *chan, const char *cmd, char *info, struct ast_str **buf, ssize_t len) |
static int | acf_curl_helper (struct ast_channel *chan, struct curl_args *args) |
static int | acf_curl_write (struct ast_channel *chan, const char *cmd, char *name, const char *value) |
static int | acf_curlopt_helper (struct ast_channel *chan, const char *cmd, char *data, char *buf, struct ast_str **bufstr, ssize_t len) |
static int | acf_curlopt_read (struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t len) |
static int | acf_curlopt_read2 (struct ast_channel *chan, const char *cmd, char *data, struct ast_str **buf, ssize_t len) |
static int | acf_curlopt_write (struct ast_channel *chan, const char *cmd, char *name, const char *value) |
struct ast_module * | AST_MODULE_SELF_SYM (void) |
static void | curl_instance_cleanup (void *data) |
static int | curl_instance_init (void *data) |
static void | curlds_free (void *data) |
static int | load_module (void) |
static int | parse_curlopt_key (const char *name, CURLoption *key, enum optiontype *ot) |
static int | unload_module (void) |
static int | url_is_vulnerable (const char *url) |
Check for potential HTTP injection risk. More... | |
static size_t | WriteMemoryCallback (void *ptr, size_t size, size_t nmemb, void *data) |
Variables | |
static struct ast_module_info | __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_LOAD_ORDER , .description = "Load external URL" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "da6642af068ee5e6490c5b1d2cc1d238" , .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_REALTIME_DEPEND2, .requires = "res_curl", } |
static struct ast_custom_function | acf_curl |
static struct ast_custom_function | acf_curlopt |
static const struct ast_module_info * | ast_module_info = &__mod_info |
static const struct ast_datastore_info | curl_info |
static struct ast_threadstorage | curl_instance = { .once = PTHREAD_ONCE_INIT , .key_init = __init_curl_instance , .custom_init = curl_instance_init , } |
struct global_curl_info | global_curl_info = { .first = NULL, .last = NULL, .lock = { PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP , NULL, {1, 0} } , } |
static struct ast_threadstorage | thread_escapebuf = { .once = PTHREAD_ONCE_INIT , .key_init = __init_thread_escapebuf , .custom_init = NULL , } |
Curl - Load a URL.
Definition in file func_curl.c.
|
static |
Check for potential HTTP injection risk.
CVE-2014-8150 brought up the fact that HTTP proxies are subject to injection attacks. An HTTP URL sent to a proxy contains a carriage-return linefeed combination, followed by a complete HTTP request. Proxies will handle this as two separate HTTP requests rather than as a malformed URL.
libcURL patched this vulnerability in version 7.40.0, but we have no guarantee that Asterisk systems will be using an up-to-date cURL library. Therefore, we implement the same fix as libcURL for determining if a URL is vulnerable to an injection attack.
url | The URL to check for vulnerability |
0 | The URL is not vulnerable |
1 | The URL is vulnerable. |
Definition at line 658 of file func_curl.c.
|
static |
Definition at line 903 of file func_curl.c.
|
static |
Definition at line 216 of file func_curl.c.