Dev news

Commit e359409cae for freeswitch.com

commit e359409cae6feb6a8748f14ecd714a342653f0fc
Author: Aron Podrigal <aronp@guaranteedplus.com>
Date:   Tue Jan 14 16:47:35 2025 -0600

    [mod_curl] Increase argument limit and enforce max args constraint

    Introduced a configurable limit on the number of arguments for mod_curl functions with a default of 30. Adjusted the code to handle scenarios exceeding this limit by logging an error and returning failure. This improves flexibility and prevents potential overflow issues.

diff --git a/src/mod/applications/mod_curl/mod_curl.c b/src/mod/applications/mod_curl/mod_curl.c
index c780e6947e..82b38d42a9 100644
--- a/src/mod/applications/mod_curl/mod_curl.c
+++ b/src/mod/applications/mod_curl/mod_curl.c
@@ -57,6 +57,10 @@ static char *SYNTAX = "curl url [headers|json|content-type <mime-type>|connect-t
 #define HTTP_MAX_APPEND_HEADERS 10
 #define HTTP_DEFAULT_MAX_BYTES 64000

+#ifndef MOD_CURL_MAX_ARGS
+#define MOD_CURL_MAX_ARGS 30
+#endif
+
 static struct {
 	switch_memory_pool_t *pool;
 	switch_event_node_t *node;
@@ -866,7 +870,7 @@ SWITCH_STANDARD_APP(curl_app_function)
 {
 	switch_status_t status = SWITCH_STATUS_SUCCESS;

-	char *argv[10] = { 0 };
+	char *argv[MOD_CURL_MAX_ARGS + 1] = { 0 };
 	int argc;
 	char *mydata = NULL;

@@ -894,6 +898,9 @@ SWITCH_STANDARD_APP(curl_app_function)
 	if ((argc = switch_separate_string(mydata, ' ', argv, (sizeof(argv) / sizeof(argv[0]))))) {
 		if (argc == 0) {
 			switch_goto_status(SWITCH_STATUS_SUCCESS, usage);
+		} else if (argc >= MOD_CURL_MAX_ARGS) {
+			switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Max args exceeded: %d\n", MOD_CURL_MAX_ARGS);
+			switch_goto_status(SWITCH_STATUS_FALSE, done);
 		}

 		url = switch_core_strdup(pool, argv[0]);
@@ -982,7 +989,7 @@ SWITCH_STANDARD_APP(curl_app_function)
 SWITCH_STANDARD_API(curl_function)
 {
 	switch_status_t status;
-	char *argv[10] = { 0 };
+	char *argv[MOD_CURL_MAX_ARGS + 1] = { 0 };
 	int argc;
 	char *mydata = NULL;
 	char *url = NULL;
@@ -1014,6 +1021,9 @@ SWITCH_STANDARD_API(curl_function)
 	if ((argc = switch_separate_string(mydata, ' ', argv, (sizeof(argv) / sizeof(argv[0]))))) {
 		if (argc < 1) {
 			switch_goto_status(SWITCH_STATUS_SUCCESS, usage);
+		} else if (argc >= MOD_CURL_MAX_ARGS) {
+			switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Max args exceeded: %d\n", MOD_CURL_MAX_ARGS);
+			switch_goto_status(SWITCH_STATUS_FALSE, done);
 		}

 		url = switch_core_strdup(pool, argv[0]);