Curl - Load a URL. More...
#include "asterisk.h"
#include <curl/curl.h>
#include "asterisk/lock.h"
#include "asterisk/file.h"
#include "asterisk/channel.h"
#include "asterisk/pbx.h"
#include "asterisk/cli.h"
#include "asterisk/module.h"
#include "asterisk/app.h"
#include "asterisk/utils.h"
#include "asterisk/threadstorage.h"
#include "asterisk/test.h"
Go to the source code of this file.
Data Structures | |
struct | curl_settings |
struct | global_curl_info |
Macros | |
#define | CURLOPT_SPECIAL_HASHCOMPAT -500 |
#define | CURLVERSION_ATLEAST(a, b, c) ((LIBCURL_VERSION_MAJOR > (a)) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR > (b))) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR == (b)) && (LIBCURL_VERSION_PATCH >= (c)))) |
Enumerations | |
enum | optiontype { OT_BOOLEAN, OT_INTEGER, OT_INTEGER_MS, OT_STRING, OT_ENUM } |
Functions | |
static void | __init_curl_instance (void) |
static void | __init_thread_escapebuf (void) |
static void | __reg_module (void) |
static void | __unreg_module (void) |
static int | acf_curl2_exec (struct ast_channel *chan, const char *cmd, char *info, struct ast_str **buf, ssize_t len) |
static int | acf_curl_exec (struct ast_channel *chan, const char *cmd, char *info, char *buf, size_t len) |
static int | acf_curl_helper (struct ast_channel *chan, const char *cmd, char *info, char *buf, struct ast_str **input_str, ssize_t len) |
static int | acf_curlopt_helper (struct ast_channel *chan, const char *cmd, char *data, char *buf, struct ast_str **bufstr, ssize_t len) |
static int | acf_curlopt_read (struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t len) |
static int | acf_curlopt_read2 (struct ast_channel *chan, const char *cmd, char *data, struct ast_str **buf, ssize_t len) |
static int | acf_curlopt_write (struct ast_channel *chan, const char *cmd, char *name, const char *value) |
AST_TEST_DEFINE (vulnerable_url) | |
static void | curl_instance_cleanup (void *data) |
static int | curl_instance_init (void *data) |
static void | curlds_free (void *data) |
static int | load_module (void) |
static int | parse_curlopt_key (const char *name, CURLoption *key, enum optiontype *ot) |
static int | unload_module (void) |
static int | url_is_vulnerable (const char *url) |
Check for potential HTTP injection risk. More... | |
static size_t | WriteMemoryCallback (void *ptr, size_t size, size_t nmemb, void *data) |
Variables | |
static struct ast_module_info | __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_LOAD_ORDER , .description = "Load external URL" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "ac1f6a56484a8820659555499174e588" , .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_REALTIME_DEPEND2, } |
static struct ast_custom_function | acf_curl |
static struct ast_custom_function | acf_curlopt |
static struct ast_module_info * | ast_module_info = &__mod_info |
static struct ast_datastore_info | curl_info |
static struct ast_threadstorage | curl_instance = { .once = PTHREAD_ONCE_INIT , .key_init = __init_curl_instance , .custom_init = curl_instance_init , } |
struct global_curl_info | global_curl_info = { .first = NULL, .last = NULL, .lock = { PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP , NULL, 1 } , } |
static const char *const | global_useragent = "asterisk-libcurl-agent/1.0" |
static struct ast_threadstorage | thread_escapebuf = { .once = PTHREAD_ONCE_INIT , .key_init = __init_thread_escapebuf , .custom_init = NULL , } |
Curl - Load a URL.
Definition in file func_curl.c.
#define CURLOPT_SPECIAL_HASHCOMPAT -500 |
Definition at line 165 of file func_curl.c.
Referenced by acf_curl_helper(), and parse_curlopt_key().
#define CURLVERSION_ATLEAST | ( | a, | |
b, | |||
c | |||
) | ((LIBCURL_VERSION_MAJOR > (a)) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR > (b))) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR == (b)) && (LIBCURL_VERSION_PATCH >= (c)))) |
Definition at line 162 of file func_curl.c.
enum optiontype |
Enumerator | |
---|---|
OT_BOOLEAN | |
OT_INTEGER | |
OT_INTEGER_MS | |
OT_STRING | |
OT_ENUM |
Definition at line 195 of file func_curl.c.
|
static |
Definition at line 555 of file func_curl.c.
|
static |
Definition at line 556 of file func_curl.c.
|
static |
Definition at line 864 of file func_curl.c.
|
static |
Definition at line 864 of file func_curl.c.
|
static |
Definition at line 737 of file func_curl.c.
References acf_curl_helper().
|
static |
Definition at line 732 of file func_curl.c.
References acf_curl_helper().
|
static |
Definition at line 583 of file func_curl.c.
References args, AST_APP_ARG, ast_autoservice_start(), ast_autoservice_stop(), ast_channel_datastore_find(), ast_copy_string(), ast_debug, AST_DECLARE_APP_ARGS, ast_free, AST_LIST_HEAD, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log(), AST_STANDARD_APP_ARGS, ast_str_append(), ast_str_buffer(), ast_str_create(), ast_str_set(), ast_str_set_escapecommas(), ast_str_strlen(), ast_str_thread_get(), ast_str_trim_blanks(), ast_strlen_zero(), ast_threadstorage_get(), ast_uri_decode(), curl_instance, CURLOPT_SPECIAL_HASHCOMPAT, ast_datastore::data, curl_settings::key, curl_settings::list, LOG_ERROR, LOG_WARNING, name, pbx_builtin_setvar_helper(), S_OR, str, strsep(), thread_escapebuf, url, url_is_vulnerable(), and curl_settings::value.
Referenced by acf_curl2_exec(), and acf_curl_exec().
|
static |
Definition at line 392 of file func_curl.c.
References ast_channel_datastore_find(), ast_copy_string(), ast_debug, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log(), ast_str_set(), ast_datastore::data, global_curl_info, curl_settings::key, curl_settings::list, LOG_ERROR, OT_BOOLEAN, OT_INTEGER, OT_INTEGER_MS, OT_STRING, parse_curlopt_key(), and curl_settings::value.
Referenced by acf_curlopt_read(), and acf_curlopt_read2().
|
static |
Definition at line 505 of file func_curl.c.
References acf_curlopt_helper().
|
static |
Definition at line 510 of file func_curl.c.
References acf_curlopt_helper().
|
static |
Definition at line 272 of file func_curl.c.
References ast_calloc, ast_channel_datastore_add(), ast_channel_datastore_find(), ast_datastore_alloc(), ast_datastore_free(), ast_debug, AST_LIST_HEAD_INIT, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_REMOVE_CURRENT, AST_LIST_TRAVERSE_SAFE_BEGIN, AST_LIST_TRAVERSE_SAFE_END, AST_LIST_UNLOCK, ast_log(), ast_true(), ast_datastore::data, free, global_curl_info, curl_settings::key, curl_settings::list, LOG_ERROR, OT_BOOLEAN, OT_ENUM, OT_INTEGER, OT_INTEGER_MS, OT_STRING, and parse_curlopt_key().
AST_TEST_DEFINE | ( | vulnerable_url | ) |
Definition at line 781 of file func_curl.c.
References ARRAY_LEN, AST_TEST_FAIL, AST_TEST_PASS, ast_test_status_update, TEST_EXECUTE, TEST_INIT, and url_is_vulnerable().
|
static |
|
static |
Definition at line 531 of file func_curl.c.
References global_useragent, and WriteMemoryCallback().
|
static |
Definition at line 182 of file func_curl.c.
References AST_LIST_HEAD, AST_LIST_HEAD_DESTROY, AST_LIST_REMOVE_HEAD, and free.
|
static |
Definition at line 841 of file func_curl.c.
References acf_curl, acf_curlopt, ast_custom_function_register, ast_load_resource(), ast_log(), ast_module_check(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, AST_TEST_REGISTER, and LOG_ERROR.
|
static |
Definition at line 203 of file func_curl.c.
References CURLOPT_SPECIAL_HASHCOMPAT, OT_BOOLEAN, OT_ENUM, OT_INTEGER, OT_INTEGER_MS, and OT_STRING.
Referenced by acf_curlopt_helper(), and acf_curlopt_write().
|
static |
Definition at line 829 of file func_curl.c.
References acf_curl, acf_curlopt, ast_custom_function_unregister(), and AST_TEST_UNREGISTER.
|
static |
Check for potential HTTP injection risk.
CVE-2014-8150 brought up the fact that HTTP proxies are subject to injection attacks. An HTTP URL sent to a proxy contains a carriage-return linefeed combination, followed by a complete HTTP request. Proxies will handle this as two separate HTTP requests rather than as a malformed URL.
libcURL patched this vulnerability in version 7.40.0, but we have no guarantee that Asterisk systems will be using an up-to-date cURL library. Therefore, we implement the same fix as libcURL for determining if a URL is vulnerable to an injection attack.
url | The URL to check for vulnerability |
0 | The URL is not vulnerable |
1 | The URL is vulnerable. |
Definition at line 574 of file func_curl.c.
Referenced by acf_curl_helper(), and AST_TEST_DEFINE().
|
static |
Definition at line 515 of file func_curl.c.
References ast_debug, ast_str_append_substr(), ast_str_size(), and ast_str_strlen().
Referenced by curl_instance_init().
|
static |
Definition at line 864 of file func_curl.c.
|
static |
Definition at line 742 of file func_curl.c.
Referenced by load_module(), and unload_module().
|
static |
Definition at line 753 of file func_curl.c.
Referenced by load_module(), and unload_module().
|
static |
Definition at line 864 of file func_curl.c.
|
static |
Definition at line 169 of file func_curl.c.
|
static |
Definition at line 555 of file func_curl.c.
Referenced by acf_curl_helper().
struct global_curl_info global_curl_info = { .first = NULL, .last = NULL, .lock = { PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP , NULL, 1 } , } |
Referenced by acf_curlopt_helper(), and acf_curlopt_write().
|
static |
Definition at line 529 of file func_curl.c.
Referenced by curl_instance_init().
|
static |
Definition at line 556 of file func_curl.c.
Referenced by acf_curl_helper().