From 0f7ba14333be8e6b9deeb462d9d2811a82c009af Mon Sep 17 00:00:00 2001 From: Chris Rienzo Date: Mon, 9 Nov 2020 14:08:05 -0500 Subject: [PATCH] [mod_http_cache] Crash on HTTP GET with generated AWS v4 signature Co-authored-by: Miguel Gonzalez --- src/mod/applications/mod_http_cache/aws.c | 5 +++++ .../applications/mod_http_cache/mod_http_cache.c | 14 ++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/mod/applications/mod_http_cache/aws.c b/src/mod/applications/mod_http_cache/aws.c index d4b76e7cb2..e6eb43c885 100644 --- a/src/mod/applications/mod_http_cache/aws.c +++ b/src/mod/applications/mod_http_cache/aws.c @@ -291,6 +291,11 @@ SWITCH_MOD_DECLARE(switch_curl_slist_t *) aws_s3_append_headers( switch_aws_s3_profile aws_s3_profile; char* url_dup; + if (!query_string) { + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Missing required arg query_string.\n"); + return headers; + } + // Get bucket and object name from url switch_strdup(url_dup, url); parse_url(url_dup, profile->base_domain, "s3", &aws_s3_profile.bucket, &aws_s3_profile.object); diff --git a/src/mod/applications/mod_http_cache/mod_http_cache.c b/src/mod/applications/mod_http_cache/mod_http_cache.c index 55de15fdbc..232ef6294d 100644 --- a/src/mod/applications/mod_http_cache/mod_http_cache.c +++ b/src/mod/applications/mod_http_cache/mod_http_cache.c @@ -1099,6 +1099,8 @@ static switch_status_t http_get(url_cache_t *cache, http_profile_t *profile, cac long httpRes = 0; int start_time_ms = switch_time_now() / 1000; switch_CURLcode curl_status = CURLE_UNKNOWN_OPTION; + char *query_string = NULL; + char *full_url = NULL; /* set up HTTP GET */ get_data.fd = 0; @@ -1110,7 +1112,14 @@ static switch_status_t http_get(url_cache_t *cache, http_profile_t *profile, cac } if (profile && profile->append_headers_ptr) { - headers = profile->append_headers_ptr(profile, headers, "GET", 0, "", url->url, 0, NULL); + headers = profile->append_headers_ptr(profile, headers, "GET", 0, "", url->url, 0, &query_string); + } + + if (query_string) { + full_url = switch_mprintf("%s?%s", url->url, query_string); + free(query_string); + } else { + switch_strdup(full_url, url->url); } curl_handle = switch_curl_easy_init(); @@ -1123,7 +1132,7 @@ static switch_status_t http_get(url_cache_t *cache, http_profile_t *profile, cac if (headers) { switch_curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, headers); } - switch_curl_easy_setopt(curl_handle, CURLOPT_URL, get_data.url->url); + switch_curl_easy_setopt(curl_handle, CURLOPT_URL, full_url); switch_curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, get_file_callback); switch_curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *) &get_data); switch_curl_easy_setopt(curl_handle, CURLOPT_HEADERFUNCTION, get_header_callback); @@ -1178,6 +1187,7 @@ static switch_status_t http_get(url_cache_t *cache, http_profile_t *profile, cac done: + switch_safe_free(full_url); if (headers) { switch_curl_slist_free_all(headers); }