[OpenSIPS-Devel] [OpenSIPS/opensips] 30029b: rest_client: Add the 'max_transfer_size' setting
Liviu Chircu
noreply at github.com
Thu Nov 18 11:26:16 EST 2021
Branch: refs/heads/3.1
Home: https://github.com/OpenSIPS/opensips
Commit: 30029bdcc7b3fbddf1476abc37507aaf42f95bc3
https://github.com/OpenSIPS/opensips/commit/30029bdcc7b3fbddf1476abc37507aaf42f95bc3
Author: Liviu Chircu <liviu at opensips.org>
Date: 2021-11-18 (Thu, 18 Nov 2021)
Changed paths:
M modules/rest_client/doc/rest_client_admin.xml
M modules/rest_client/rest_cb.c
M modules/rest_client/rest_cb.h
M modules/rest_client/rest_client.c
M modules/rest_client/rest_client.h
Log Message:
-----------
rest_client: Add the 'max_transfer_size' setting
Sets a limit on the maximum size of a single download. May be important
for security purposes, to prevent certain attack vectors such as
malicious "x5u" certificate URLs in STIR/SHAKEN setups.
Default: 0 KB (check disabled)
Issue discovered during OpenSIPIt'02,
by Alfred Farrugia & Sandro Gauci (Enable Security)
(cherry picked from commit b56bba344e0c067ee7af53bdd1add9ed05b403f3)
More information about the Devel
mailing list