sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
asterisk/funcs
History
Mark Michelson 3cccfac399 Multiple revisions 431297-431298 
........
  r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines
  
  Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
  
  CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
  can be performed given properly-crafted URLs.
  
  Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
  get cURL URLs from user input or remote sources, we have made a patch to Asterisk
  to prevent such HTTP injection attacks from originating from Asterisk.
  
  ASTERISK-24676 #close
  Reported by Matt Jordan
  
  Review: https://reviewboard.asterisk.org/r/4364
  
  AST-2015-002
........
  r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines
  
  Fix compilation error from previous patch.
........

Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 431299 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 431301 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431302 65c4cc65-6c06-0410-ace0-fbb531ad65f3
 		2015-01-28 17:34:57 +00:00
..
Makefile Title update 2012-10-14 21:56:13 +00:00
func_aes.c Add module support level to ast_module_info structure. Print it in CLI "module show" . 2014-07-25 16:47:17 +00:00
func_audiohookinherit.c Add module support level to ast_module_info structure. Print it in CLI "module show" . 2014-07-25 16:47:17 +00:00
func_base64.c Merged revisions 328247 via svnmerge from 2011-07-14 20:28:54 +00:00
func_blacklist.c Fix dialplan function NULL channel safety issues 2014-03-27 19:21:44 +00:00
func_callcompletion.c Fix dialplan function NULL channel safety issues 2014-03-27 19:21:44 +00:00
func_callerid.c Fix dialplan function NULL channel safety issues 2014-03-27 19:21:44 +00:00
func_cdr.c func_cdr: Fix CDR_PROP payload leak 2014-10-28 11:12:03 +00:00
func_channel.c CHANNEL(peer), chan_iax2, res_fax, SNMP agent: Fix deadlock from reaching across a bridge. 2015-01-20 16:59:30 +00:00
func_config.c func_config: Add ability to retrieve specific occurrence of a variable 2015-01-07 17:54:13 +00:00
func_curl.c Multiple revisions 431297-431298 2015-01-28 17:34:57 +00:00
func_cut.c Clean up and ensure proper usage of alloca() 2012-07-31 20:21:43 +00:00
func_db.c AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI. 2014-11-20 16:35:21 +00:00
func_devstate.c Add module support level to ast_module_info structure. Print it in CLI "module show" . 2014-07-25 16:47:17 +00:00
func_dialgroup.c Fix incorrect usages of ast_realloc(). 2013-09-10 18:05:47 +00:00
func_dialplan.c Add module support level to ast_module_info structure. Print it in CLI "module show" . 2014-07-25 16:47:17 +00:00
func_enum.c Allow ENUM query functions to report lookup errors 2011-08-09 17:08:33 +00:00
func_env.c Fix 32bit build for func_env 2014-05-09 23:18:21 +00:00
func_extstate.c Merged revisions 328247 via svnmerge from 2011-07-14 20:28:54 +00:00
func_frame_trace.c chan_pjsip: Fix deadlock when masquerading PJSIP channels. 2014-10-03 17:47:42 +00:00
func_global.c Fix dialplan function NULL channel safety issues 2014-03-27 19:21:44 +00:00
func_groupcount.c Fix typo's (retrieve, specified, address). 2015-01-23 15:13:08 +00:00
func_hangupcause.c Fix typo's (retrieve, specified, address). 2015-01-23 15:13:08 +00:00
func_iconv.c Allow Asterisk to compile under GCC 4.10 2014-05-09 22:49:26 +00:00
func_jitterbuffer.c funcs/func_jitterbuffer: Tweak documentation 2014-08-11 01:31:56 +00:00
func_lock.c security: Inhibit execution of privilege escalating functions 2013-12-16 19:11:51 +00:00
func_logic.c Clean up and ensure proper usage of alloca() 2012-07-31 20:21:43 +00:00
func_math.c Fix dialplan function NULL channel safety issues 2014-03-27 19:21:44 +00:00
func_md5.c Merged revisions 328247 via svnmerge from 2011-07-14 20:28:54 +00:00
func_module.c Merged revisions 328247 via svnmerge from 2011-07-14 20:28:54 +00:00
func_odbc.c Add module support level to ast_module_info structure. Print it in CLI "module show" . 2014-07-25 16:47:17 +00:00
func_periodic_hook.c Add module support level to ast_module_info structure. Print it in CLI "module show" . 2014-07-25 16:47:17 +00:00
func_periodic_hook.exports.in Fix error loading res_monitor. 2014-04-23 15:02:39 +00:00
func_pitchshift.c Add module support level to ast_module_info structure. Print it in CLI "module show" . 2014-07-25 16:47:17 +00:00
func_pjsip_aor.c pjsip: Add 'PJSIP_AOR' and 'PJSIP_CONTACT' dialplan functions. 2015-01-05 17:53:42 +00:00
func_pjsip_contact.c pjsip: Add 'PJSIP_AOR' and 'PJSIP_CONTACT' dialplan functions. 2015-01-05 17:53:42 +00:00
func_pjsip_endpoint.c func_pjsip_endpoint: Add PJSIP_ENDPOINT function for querying endpoint details 2013-12-11 12:31:57 +00:00
func_presencestate.c Various fixes for OS X 2015-01-26 14:50:40 +00:00
func_rand.c Merged revisions 328247 via svnmerge from 2011-07-14 20:28:54 +00:00
func_realtime.c security: Inhibit execution of privilege escalating functions 2013-12-16 19:11:51 +00:00
func_sha1.c Merged revisions 328247 via svnmerge from 2011-07-14 20:28:54 +00:00
func_shell.c security: Inhibit execution of privilege escalating functions 2013-12-16 19:11:51 +00:00
func_sorcery.c sorcery: Create AST_SORCERY dialplan function. 2014-03-06 22:39:54 +00:00
func_speex.c media formats: re-architect handling of media for performance improvements 2014-07-20 22:06:33 +00:00
func_sprintf.c Merged revisions 328247 via svnmerge from 2011-07-14 20:28:54 +00:00
func_srv.c Allow Asterisk to compile under GCC 4.10 2014-05-09 22:49:26 +00:00
func_strings.c Allow the PUSH and UNSHIFT functions to set inheritable channel variables. 2014-06-17 18:45:11 +00:00
func_sysinfo.c Allow Asterisk to compile under GCC 4.10 2014-05-09 22:49:26 +00:00
func_talkdetect.c func_talkdetect: Fix stasis message leak in audiohook callback. 2014-11-04 19:46:33 +00:00
func_timeout.c verbosity: Fix performance of console verbose messages. 2014-01-14 18:14:02 +00:00
func_uri.c func_uri: URIENCODE/URIDECODE - allow empty strings as argument 2014-07-15 17:57:17 +00:00
func_version.c Fix documentation for ${VERSION(ASTERISK_VERSION_NUM)}. 2012-04-19 22:01:20 +00:00
func_vmcount.c Voicemail: Remove mailbox identifier format (box@context) assumptions in the system. 2013-12-19 16:52:43 +00:00
func_volume.c Fix dialplan function NULL channel safety issues 2014-03-27 19:21:44 +00:00