Skip to content
Snippets Groups Projects
  • Mark Michelson's avatar
    d3f4cea6
    Multiple revisions 431297-431298 · d3f4cea6
    Mark Michelson authored
    ........
      r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines
      
      Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
      
      CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
      can be performed given properly-crafted URLs.
      
      Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
      get cURL URLs from user input or remote sources, we have made a patch to Asterisk
      to prevent such HTTP injection attacks from originating from Asterisk.
      
      ASTERISK-24676 #close
      Reported by Matt Jordan
      
      Review: https://reviewboard.asterisk.org/r/4364
      
      AST-2015-002
    ........
      r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines
      
      Fix compilation error from previous patch.
    ........
    
    Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11
    
    
    git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@431330 65c4cc65-6c06-0410-ace0-fbb531ad65f3
    d3f4cea6
    History
    Multiple revisions 431297-431298
    Mark Michelson authored
    ........
      r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines
      
      Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
      
      CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
      can be performed given properly-crafted URLs.
      
      Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
      get cURL URLs from user input or remote sources, we have made a patch to Asterisk
      to prevent such HTTP injection attacks from originating from Asterisk.
      
      ASTERISK-24676 #close
      Reported by Matt Jordan
      
      Review: https://reviewboard.asterisk.org/r/4364
      
      AST-2015-002
    ........
      r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines
      
      Fix compilation error from previous patch.
    ........
    
    Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11
    
    
    git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@431330 65c4cc65-6c06-0410-ace0-fbb531ad65f3