[sr-dev] CURL vulnerability
Daniel-Constantin Mierla
miconda at gmail.com
Mon Jan 12 11:49:32 CET 2015
If anyone comes with a patch, can be committed.
In regard of being actually exposed, the functions from utils module
take the url from config parameter, I guess here people use more or less
urls to their services, not an url from outside/untrusted sources. If
yes, as immediate action, they should make checks in config and use
subst()-like functions or transformations.
The only module that could expose some risks and needs to be reviewed
might be xcap_client - if I am not wrong, there could be cases when some
urls might be taken from xcap documents.
Cheers,
Daniel
On 09/01/15 23:02, Olle E. Johansson wrote:
> CURL is used in a few parts of Kamailio
>
> http://curl.haxx.se/docs/adv_20150108B.html
>
> THis is a case where a carriage return is embedded into an url. Action C suggest that we make sure
> those are stripped out before sending a URL to cURL.
>
> May be an easy fix while waiting for people to upgrade their cURL.
>
> Cheers,
> /O
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-dev
mailing list