Asterisk - The Open Source Telephony Project GIT-master-3dae2cf
|
Curl - Load a URL. More...
#include "asterisk.h"
#include <curl/curl.h>
#include "asterisk/lock.h"
#include "asterisk/file.h"
#include "asterisk/channel.h"
#include "asterisk/pbx.h"
#include "asterisk/cli.h"
#include "asterisk/module.h"
#include "asterisk/app.h"
#include "asterisk/utils.h"
#include "asterisk/threadstorage.h"
#include "asterisk/test.h"
Go to the source code of this file.
Data Structures | |
struct | curl_args |
struct | curl_settings |
struct | curl_write_callback_data |
Callback data passed to WriteMemoryCallback. More... | |
struct | global_curl_info |
Macros | |
#define | CURLOPT_SPECIAL_FAILURE_CODE 999 |
#define | CURLOPT_SPECIAL_HASHCOMPAT ((CURLoption) -500) |
#define | CURLVERSION_ATLEAST(a, b, c) ((LIBCURL_VERSION_MAJOR > (a)) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR > (b))) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR == (b)) && (LIBCURL_VERSION_PATCH >= (c)))) |
Enumerations | |
enum | hashcompat { HASHCOMPAT_NO = 0 , HASHCOMPAT_YES , HASHCOMPAT_LEGACY } |
enum | optiontype { OT_BOOLEAN , OT_INTEGER , OT_INTEGER_MS , OT_STRING , OT_ENUM } |
Functions | |
static void | __init_curl_instance (void) |
static void | __init_thread_escapebuf (void) |
static void | __reg_module (void) |
static void | __unreg_module (void) |
static int | acf_curl_exec (struct ast_channel *chan, const char *cmd, char *info, struct ast_str **buf, ssize_t len) |
static int | acf_curl_helper (struct ast_channel *chan, struct curl_args *args) |
static int | acf_curl_write (struct ast_channel *chan, const char *cmd, char *name, const char *value) |
static int | acf_curlopt_helper (struct ast_channel *chan, const char *cmd, char *data, char *buf, struct ast_str **bufstr, ssize_t len) |
static int | acf_curlopt_read (struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t len) |
static int | acf_curlopt_read2 (struct ast_channel *chan, const char *cmd, char *data, struct ast_str **buf, ssize_t len) |
static int | acf_curlopt_write (struct ast_channel *chan, const char *cmd, char *name, const char *value) |
struct ast_module * | AST_MODULE_SELF_SYM (void) |
static void | curl_instance_cleanup (void *data) |
static int | curl_instance_init (void *data) |
static void | curlds_free (void *data) |
static int | load_module (void) |
static int | parse_curlopt_key (const char *name, CURLoption *key, enum optiontype *ot) |
static int | unload_module (void) |
static int | url_is_vulnerable (const char *url) |
Check for potential HTTP injection risk. More... | |
static size_t | WriteMemoryCallback (void *ptr, size_t size, size_t nmemb, void *data) |
Variables | |
static struct ast_module_info | __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_LOAD_ORDER , .description = "Load external URL" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_REALTIME_DEPEND2, .requires = "res_curl", } |
static struct ast_custom_function | acf_curl |
static struct ast_custom_function | acf_curlopt |
static const struct ast_module_info * | ast_module_info = &__mod_info |
static const struct ast_datastore_info | curl_info |
static struct ast_threadstorage | curl_instance = { .once = PTHREAD_ONCE_INIT , .key_init = __init_curl_instance , .custom_init = curl_instance_init , } |
struct global_curl_info | global_curl_info = { .first = NULL, .last = NULL, .lock = { PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP , NULL, {1, 0} } , } |
static struct ast_threadstorage | thread_escapebuf = { .once = PTHREAD_ONCE_INIT , .key_init = __init_thread_escapebuf , .custom_init = NULL , } |
Curl - Load a URL.
Definition in file func_curl.c.
#define CURLOPT_SPECIAL_FAILURE_CODE 999 |
Definition at line 252 of file func_curl.c.
#define CURLOPT_SPECIAL_HASHCOMPAT ((CURLoption) -500) |
Definition at line 250 of file func_curl.c.
#define CURLVERSION_ATLEAST | ( | a, | |
b, | |||
c | |||
) | ((LIBCURL_VERSION_MAJOR > (a)) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR > (b))) || ((LIBCURL_VERSION_MAJOR == (a)) && (LIBCURL_VERSION_MINOR == (b)) && (LIBCURL_VERSION_PATCH >= (c)))) |
Definition at line 247 of file func_curl.c.
enum hashcompat |
Enumerator | |
---|---|
HASHCOMPAT_NO | |
HASHCOMPAT_YES | |
HASHCOMPAT_LEGACY |
Definition at line 291 of file func_curl.c.
enum optiontype |
Enumerator | |
---|---|
OT_BOOLEAN | |
OT_INTEGER | |
OT_INTEGER_MS | |
OT_STRING | |
OT_ENUM |
Definition at line 283 of file func_curl.c.
|
static |
Definition at line 703 of file func_curl.c.
|
static |
Definition at line 704 of file func_curl.c.
|
static |
Definition at line 1060 of file func_curl.c.
|
static |
Definition at line 1060 of file func_curl.c.
|
static |
Definition at line 898 of file func_curl.c.
References acf_curl_helper(), args, AST_APP_ARG, AST_DECLARE_APP_ARGS, ast_free, ast_log, AST_STANDARD_APP_ARGS, ast_str_buffer(), ast_str_create, ast_str_set(), ast_strlen_zero(), buf, curl_args::cb_data, sip_to_pjsip::info(), len(), LOG_WARNING, curl_args::postdata, curl_write_callback_data::str, curl_args::url, and url.
|
static |
Definition at line 737 of file func_curl.c.
References args, ast_autoservice_start(), ast_autoservice_stop(), ast_channel_datastore_find(), ast_channel_lock, ast_channel_name(), ast_channel_unlock, ast_debug, ast_free, AST_LIST_HEAD, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log, ast_str_append(), ast_str_buffer(), ast_str_create, ast_str_set(), ast_str_set_escapecommas(), ast_str_strlen(), ast_str_thread_get(), ast_str_trim_blanks(), ast_threadstorage_get(), ast_uri_decode(), ast_uri_http, ast_uri_http_legacy, AST_VECTOR_APPEND, AST_VECTOR_FREE, AST_VECTOR_GET, AST_VECTOR_INIT, AST_VECTOR_SIZE, curl_info, curl_instance, CURLOPT_SPECIAL_FAILURE_CODE, CURLOPT_SPECIAL_HASHCOMPAT, ast_datastore::data, HASHCOMPAT_LEGACY, curl_settings::key, LOG_ERROR, LOG_NOTICE, LOG_WARNING, name, NULL, pbx_builtin_setvar_helper(), S_OR, strsep(), thread_escapebuf, url_is_vulnerable(), and curl_settings::value.
Referenced by acf_curl_exec(), and acf_curl_write().
|
static |
Definition at line 929 of file func_curl.c.
References acf_curl_helper(), args, AST_APP_ARG, AST_DECLARE_APP_ARGS, ast_log, AST_STANDARD_APP_ARGS, ast_strdupa, ast_strlen_zero(), curl_args::cb_data, errno, LOG_WARNING, name, curl_write_callback_data::out_file, curl_args::url, and value.
|
static |
Definition at line 529 of file func_curl.c.
References ast_channel_datastore_find(), ast_channel_lock, ast_channel_unlock, ast_copy_string(), ast_debug, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log, ast_str_set(), buf, curl_info, CURLOPT_SPECIAL_HASHCOMPAT, ast_datastore::data, global_curl_info, HASHCOMPAT_LEGACY, HASHCOMPAT_NO, HASHCOMPAT_YES, curl_settings::key, len(), curl_settings::list, LOG_ERROR, NULL, OT_BOOLEAN, OT_INTEGER, OT_INTEGER_MS, OT_STRING, parse_curlopt_key(), and curl_settings::value.
Referenced by acf_curlopt_read(), and acf_curlopt_read2().
|
static |
Definition at line 644 of file func_curl.c.
References acf_curlopt_helper(), buf, len(), and NULL.
|
static |
Definition at line 649 of file func_curl.c.
References acf_curlopt_helper(), buf, len(), and NULL.
|
static |
Definition at line 399 of file func_curl.c.
References ast_calloc, ast_channel_datastore_add(), ast_channel_datastore_find(), ast_channel_lock, ast_channel_unlock, ast_datastore_alloc, ast_datastore_free(), ast_debug, ast_free, AST_LIST_HEAD_INIT, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_REMOVE_CURRENT, AST_LIST_TRAVERSE_SAFE_BEGIN, AST_LIST_TRAVERSE_SAFE_END, AST_LIST_UNLOCK, ast_log, ast_true(), curl_info, CURLOPT_SPECIAL_HASHCOMPAT, ast_datastore::data, global_curl_info, HASHCOMPAT_LEGACY, HASHCOMPAT_NO, HASHCOMPAT_YES, curl_settings::key, curl_settings::list, LOG_ERROR, name, NULL, OT_BOOLEAN, OT_ENUM, OT_INTEGER, OT_INTEGER_MS, OT_STRING, parse_curlopt_key(), tmp(), and value.
struct ast_module * AST_MODULE_SELF_SYM | ( | void | ) |
Definition at line 1060 of file func_curl.c.
|
static |
Definition at line 694 of file func_curl.c.
References ast_free.
|
static |
Definition at line 679 of file func_curl.c.
References AST_CURL_USER_AGENT, and WriteMemoryCallback().
|
static |
Definition at line 269 of file func_curl.c.
References ast_free, AST_LIST_HEAD, AST_LIST_HEAD_DESTROY, AST_LIST_REMOVE_HEAD, and curl_settings::list.
|
static |
Definition at line 1042 of file func_curl.c.
References acf_curl, acf_curlopt, AST_CFE_WRITE, ast_custom_function_register, ast_custom_function_register_escalating, and AST_TEST_REGISTER.
|
static |
Definition at line 297 of file func_curl.c.
References CURLOPT_SPECIAL_FAILURE_CODE, CURLOPT_SPECIAL_HASHCOMPAT, curl_settings::key, name, OT_BOOLEAN, OT_ENUM, OT_INTEGER, OT_INTEGER_MS, and OT_STRING.
Referenced by acf_curlopt_helper(), and acf_curlopt_write().
|
static |
Definition at line 1030 of file func_curl.c.
References acf_curl, acf_curlopt, ast_custom_function_unregister(), and AST_TEST_UNREGISTER.
|
static |
Check for potential HTTP injection risk.
CVE-2014-8150 brought up the fact that HTTP proxies are subject to injection attacks. An HTTP URL sent to a proxy contains a carriage-return linefeed combination, followed by a complete HTTP request. Proxies will handle this as two separate HTTP requests rather than as a malformed URL.
libcURL patched this vulnerability in version 7.40.0, but we have no guarantee that Asterisk systems will be using an up-to-date cURL library. Therefore, we implement the same fix as libcURL for determining if a URL is vulnerable to an injection attack.
url | The URL to check for vulnerability |
0 | The URL is not vulnerable |
1 | The URL is vulnerable. |
Definition at line 722 of file func_curl.c.
References url.
Referenced by acf_curl_helper().
|
static |
Definition at line 664 of file func_curl.c.
References ast_str_append_substr(), curl_write_callback_data::out_file, and curl_write_callback_data::str.
Referenced by curl_instance_init().
|
static |
Definition at line 1060 of file func_curl.c.
|
static |
Definition at line 967 of file func_curl.c.
Referenced by load_module(), and unload_module().
|
static |
Definition at line 973 of file func_curl.c.
Referenced by load_module(), and unload_module().
|
static |
Definition at line 1060 of file func_curl.c.
|
static |
Definition at line 256 of file func_curl.c.
Referenced by acf_curl_helper(), acf_curlopt_helper(), and acf_curlopt_write().
|
static |
Definition at line 703 of file func_curl.c.
Referenced by acf_curl_helper().
struct global_curl_info global_curl_info = { .first = NULL, .last = NULL, .lock = { PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP , NULL, {1, 0} } , } |
Referenced by acf_curlopt_helper(), and acf_curlopt_write().
|
static |
Definition at line 704 of file func_curl.c.
Referenced by acf_curl_helper().