Index: funcs/func_curl.c
===================================================================
--- funcs/func_curl.c	(revision 431300)
+++ funcs/func_curl.c	(revision 431301)
@@ -50,6 +50,7 @@
 #include "asterisk/app.h"
 #include "asterisk/utils.h"
 #include "asterisk/threadstorage.h"
+#include "asterisk/test.h"
 
 /*** DOCUMENTATION
 	<function name="CURL" language="en_US">
@@ -568,6 +569,31 @@
 AST_THREADSTORAGE_CUSTOM(curl_instance, curl_instance_init, curl_instance_cleanup);
 AST_THREADSTORAGE(thread_escapebuf);
 
+/*!
+ * \brief Check for potential HTTP injection risk.
+ *
+ * CVE-2014-8150 brought up the fact that HTTP proxies are subject to injection
+ * attacks. An HTTP URL sent to a proxy contains a carriage-return linefeed combination,
+ * followed by a complete HTTP request. Proxies will handle this as two separate HTTP
+ * requests rather than as a malformed URL.
+ *
+ * libcURL patched this vulnerability in version 7.40.0, but we have no guarantee that
+ * Asterisk systems will be using an up-to-date cURL library. Therefore, we implement
+ * the same fix as libcURL for determining if a URL is vulnerable to an injection attack.
+ *
+ * \param url The URL to check for vulnerability
+ * \retval 0 The URL is not vulnerable
+ * \retval 1 The URL is vulnerable.
+ */
+static int url_is_vulnerable(const char *url)
+{
+	if (strpbrk(url, "\r\n")) {
+		return 1;
+	}
+
+	return 0;
+}
+
 static int acf_curl_helper(struct ast_channel *chan, const char *cmd, char *info, char *buf, struct ast_str **input_str, ssize_t len)
 {
 	struct ast_str *escapebuf = ast_str_thread_get(&thread_escapebuf, 16);
@@ -605,6 +631,11 @@
 
 	AST_STANDARD_APP_ARGS(args, info);
 
+	if (url_is_vulnerable(args.url)) {
+		ast_log(LOG_ERROR, "URL '%s' is vulnerable to HTTP injection attacks. Aborting CURL() call.\n", args.url);
+		return -1;
+	}
+
 	if (chan) {
 		ast_autoservice_start(chan);
 	}
@@ -763,6 +794,54 @@
 	.write = acf_curlopt_write,
 };
 
+AST_TEST_DEFINE(vulnerable_url)
+{
+	const char *bad_urls [] = {
+		"http://example.com\r\nDELETE http://example.com/everything",
+		"http://example.com\rDELETE http://example.com/everything",
+		"http://example.com\nDELETE http://example.com/everything",
+		"\r\nhttp://example.com",
+		"\rhttp://example.com",
+		"\nhttp://example.com",
+		"http://example.com\r\n",
+		"http://example.com\r",
+		"http://example.com\n",
+	};
+	const char *good_urls [] = {
+		"http://example.com",
+		"http://example.com/%5Cr%5Cn",
+	};
+	int i;
+	enum ast_test_result_state res = AST_TEST_PASS;
+
+	switch (cmd) {
+	case TEST_INIT:
+		info->name = "vulnerable_url";
+		info->category = "/funcs/func_curl/";
+		info->summary = "cURL vulnerable URL test";
+		info->description =
+			"Ensure that any combination of '\\r' or '\\n' in a URL invalidates the URL";
+	case TEST_EXECUTE:
+		break;
+	}
+
+	for (i = 0; i < ARRAY_LEN(bad_urls); ++i) {
+		if (!url_is_vulnerable(bad_urls[i])) {
+			ast_test_status_update(test, "String '%s' detected as valid when it should be invalid\n", bad_urls[i]);
+			res = AST_TEST_FAIL;
+		}
+	}
+
+	for (i = 0; i < ARRAY_LEN(good_urls); ++i) {
+		if (url_is_vulnerable(good_urls[i])) {
+			ast_test_status_update(test, "String '%s' detected as invalid when it should be valid\n", good_urls[i]);
+			res = AST_TEST_FAIL;
+		}
+	}
+
+	return res;
+}
+
 static int unload_module(void)
 {
 	int res;
@@ -770,6 +849,8 @@
 	res = ast_custom_function_unregister(&acf_curl);
 	res |= ast_custom_function_unregister(&acf_curlopt);
 
+	AST_TEST_UNREGISTER(vulnerable_url);
+
 	return res;
 }
 
@@ -787,6 +868,8 @@
 	res = ast_custom_function_register(&acf_curl);
 	res |= ast_custom_function_register(&acf_curlopt);
 
+	AST_TEST_REGISTER(vulnerable_url);
+
 	return res;
 }
 
Index: .
===================================================================
--- .	(revision 431300)
+++ .	(revision 431301)

Property changes on: .
___________________________________________________________________
Modified: branch-12-merged
## -1 +1 ##
-/branches/12:1-398558,398560-398577,398579-399305,399307-401390,401392-403290,403292-403778,403781-404568,404581,404592,404605,404613,404652,404663,404676,404725,404737,404764,404781,404786,404843,404855,404859,404911,404923,404935,404952,404954,405006,405019,405034,405083,405124,405131,405162,405216,405235,405253,405266,405268,405282,405298,405311-405312,405325,405338,405367,405432,405435,405541,405553,405565,405583,405585,405643,405694,405743,405746,405748,405777,405829,405843,405861,405875,405877,405893,405908,405924,405928,405982,406003,406020,406049,406081,406133,406152,406172,406223,406264,406294-406295,406311,406327,406342,406389,406401,406465,406489,406516,406574,406645,406707,406723,406775,406788,406803,406847,406862,406919,406935,406987,407000,407014,407016,407031,407034,407036,407082,407084,407104,407153,407166,407197,407213,407259,407274,407324,407339,407389,407402,407419,407442,407458,407461,407513,407567-407568,407572,407587,407589,407624,407676,407729,407747,407750,407766,407858,407875,407937,407968,407988,408005,408069,408085,408138,408140,408194,408220,408270,408297,408314,408331,408385,408389,408449,408502,408518,408520,408522,408538,408591,408644,408649,408711,408713,408715,408730,408787,408839,408855,408878,408880,408882,408941,408943,408957,408970,408983,408999,409054,409087,409131,409158,409234,409256,409270,409272,409274,409287,409346,409363,409422,409474,409568,409570,409626,409682,409697,409779,409835,409885,409887,409900,409918,409967,409976,409991,410011,410025,410028,410089-410090,410107,410157,410171,410184,410187,410190,410194,410209,410211,410226,410274,410287,410306,410329,410368,410383,410451,410471,410491,410493,410509-410510,410527,410541,410555,410559,410574,410588,410590,410592,410607,410623,410625,410650,410671,410673,410696,410747,410793,410795,410813,410830,410844,410858,410861,410876,410890,410904,410918,410933,410949,410966,410995,411023,411086,411091,411141,411157,411159,411173,411191,411193,411245,411295,411311,411315,411374,411442,411459,411465,411514,411529,411532,411534,411586,411636,411638,411668,411670,411687,411701,411717,411790,411804,411811,411868,411883,411927,411945,411962,411985,412034,412048,412074,412088,412153,412193,412227,412306,412330,412383,412385,412399,412413,412439,412453,412483,412535,412549,412551,412565,412579,412581-412582,412587,412639,412653,412657,412698,412713,412728,412730,412747,412749,412823,412882,412924,412976,412992,413009,413073,413088,413102,413117,413119,413121,413124,413140,413142,413159,413173,413196,413210,413226,413258,413306,413358,413372,413398,413452,413454,413487,413556,413588,413597,413681,413712,413766,413771,413789,413792,413877,413896,413993,414051,414069,414195,414216,414272,414330,414347,414400,414404-414405,414474,414528,414542,414566,414636,414678,414695,414747,414749,414763,414765,414780,414860,414882,414934,414948,414975,414999,415078,415115,415117,415172,415191,415207,415230,415301,415317,415342,415410,415427,415443,415465,415523,415579,415602,415658,415678,415729,415748,415766,415794,415812,415832,415836,415896,415980,416070,416148,416152,416211,416255,416298,416300,416318,416338,416441-416442,416502,416557,416582,416669,416734,416737,416806,416849,416871,416931,416995,417119,417142,417212,417250,417311,417324,417399,417420,417460,417483,417509,417565,417589,417678,417705,417799,417878,417880,417932,417958,418066,418071,418089,418116,418172,418182,418225,418263,418324,418369,418396,418466,418506,418586,418636,418650,418714-418715,418756,418787,418810,418886,418914,418937,418996,419019,419021,419163,419196,419285,419318,419376,419536,419538,419565-419566,419686,419750,419764,419823,419944,420089-420097,420099,420148,420211,420325,420387,420408,420414,420436,420513,420533,420656,420716,420795,420802,420805,420836,420898,420934,420949,420956,421009,421037,421061,421064,421165,421186,421229,421234,421270,421329,421400,421416,421444,421447,421485,421537,421565,421608,421677,421695,421719,421778-421779,421789,421792,421796,421801,421859,421879,421910,421931,421939,421955,421978,422070,422090,422114,422176,422214,422255,422275,422295,422373,422378,422441,422444,422503,422506,422536,422557,422626,422664,422715,422718,422746,422766,422769,422791,422899,422904,422964,422984,423068,423128,423151,423172,423208,423211,423254,423278,423282,423344,423365,423416-423417,423476,423481,423503,423525,423579,423617,423620,423659,423722,423802,423866,423894,423917,423987,424056,424096,424103,424125,424128,424152,424155,424178,424183,424244,424263,424287,424290,424312,424337,424372,424393,424414,424423,424426,424447,424471,424506,424528,424551,424579,424618,424621,424624,424646,424668,424691,424730,424853,424879,424941,424963,424985,425007,425030,425070,425131,425154,425216,425220,425242,425264,425288,425293,425298,425361,425383,425411,425430,425458,425480,425503,425525,425589,425645,425668,425690,425713,425735,425757,425760,425782,425820,425868,425964,425987,426142,426174,426210,426260,426367,426431,426524,426528,426531,426596,426601,426667,426696,426755,426779,426806,426832,426863,426923,426928,426933,426995,427020,427025,427088,427129,427200,427203,427227,427275,427300,427355,427382,427400,427465,427490,427493,427508,427555,427582,427610,427614,427642,427683,427710,427736,427762,427788,427814,427845,427848,427875,427901,427953,427978,427981,428007,428051,428078,428114,428118,428168,428195,428245,428272,428301,428304,428333-428334,428409,428422,428543,428571,428601,428654,428681,428725,428733,428760,428788,428836,428864,428891,428918,428945,428972,428999,429028,429032,429061,429127,429195,429204,429245,429272,429325,429354,429378,429429,429432,429674,429826,430199
\ No newline at end of property
+/branches/12:1-398558,398560-398577,398579-399305,399307-401390,401392-403290,403292-403778,403781-404568,404581,404592,404605,404613,404652,404663,404676,404725,404737,404764,404781,404786,404843,404855,404859,404911,404923,404935,404952,404954,405006,405019,405034,405083,405124,405131,405162,405216,405235,405253,405266,405268,405282,405298,405311-405312,405325,405338,405367,405432,405435,405541,405553,405565,405583,405585,405643,405694,405743,405746,405748,405777,405829,405843,405861,405875,405877,405893,405908,405924,405928,405982,406003,406020,406049,406081,406133,406152,406172,406223,406264,406294-406295,406311,406327,406342,406389,406401,406465,406489,406516,406574,406645,406707,406723,406775,406788,406803,406847,406862,406919,406935,406987,407000,407014,407016,407031,407034,407036,407082,407084,407104,407153,407166,407197,407213,407259,407274,407324,407339,407389,407402,407419,407442,407458,407461,407513,407567-407568,407572,407587,407589,407624,407676,407729,407747,407750,407766,407858,407875,407937,407968,407988,408005,408069,408085,408138,408140,408194,408220,408270,408297,408314,408331,408385,408389,408449,408502,408518,408520,408522,408538,408591,408644,408649,408711,408713,408715,408730,408787,408839,408855,408878,408880,408882,408941,408943,408957,408970,408983,408999,409054,409087,409131,409158,409234,409256,409270,409272,409274,409287,409346,409363,409422,409474,409568,409570,409626,409682,409697,409779,409835,409885,409887,409900,409918,409967,409976,409991,410011,410025,410028,410089-410090,410107,410157,410171,410184,410187,410190,410194,410209,410211,410226,410274,410287,410306,410329,410368,410383,410451,410471,410491,410493,410509-410510,410527,410541,410555,410559,410574,410588,410590,410592,410607,410623,410625,410650,410671,410673,410696,410747,410793,410795,410813,410830,410844,410858,410861,410876,410890,410904,410918,410933,410949,410966,410995,411023,411086,411091,411141,411157,411159,411173,411191,411193,411245,411295,411311,411315,411374,411442,411459,411465,411514,411529,411532,411534,411586,411636,411638,411668,411670,411687,411701,411717,411790,411804,411811,411868,411883,411927,411945,411962,411985,412034,412048,412074,412088,412153,412193,412227,412306,412330,412383,412385,412399,412413,412439,412453,412483,412535,412549,412551,412565,412579,412581-412582,412587,412639,412653,412657,412698,412713,412728,412730,412747,412749,412823,412882,412924,412976,412992,413009,413073,413088,413102,413117,413119,413121,413124,413140,413142,413159,413173,413196,413210,413226,413258,413306,413358,413372,413398,413452,413454,413487,413556,413588,413597,413681,413712,413766,413771,413789,413792,413877,413896,413993,414051,414069,414195,414216,414272,414330,414347,414400,414404-414405,414474,414528,414542,414566,414636,414678,414695,414747,414749,414763,414765,414780,414860,414882,414934,414948,414975,414999,415078,415115,415117,415172,415191,415207,415230,415301,415317,415342,415410,415427,415443,415465,415523,415579,415602,415658,415678,415729,415748,415766,415794,415812,415832,415836,415896,415980,416070,416148,416152,416211,416255,416298,416300,416318,416338,416441-416442,416502,416557,416582,416669,416734,416737,416806,416849,416871,416931,416995,417119,417142,417212,417250,417311,417324,417399,417420,417460,417483,417509,417565,417589,417678,417705,417799,417878,417880,417932,417958,418066,418071,418089,418116,418172,418182,418225,418263,418324,418369,418396,418466,418506,418586,418636,418650,418714-418715,418756,418787,418810,418886,418914,418937,418996,419019,419021,419163,419196,419285,419318,419376,419536,419538,419565-419566,419686,419750,419764,419823,419944,420089-420097,420099,420148,420211,420325,420387,420408,420414,420436,420513,420533,420656,420716,420795,420802,420805,420836,420898,420934,420949,420956,421009,421037,421061,421064,421165,421186,421229,421234,421270,421329,421400,421416,421444,421447,421485,421537,421565,421608,421677,421695,421719,421778-421779,421789,421792,421796,421801,421859,421879,421910,421931,421939,421955,421978,422070,422090,422114,422176,422214,422255,422275,422295,422373,422378,422441,422444,422503,422506,422536,422557,422626,422664,422715,422718,422746,422766,422769,422791,422899,422904,422964,422984,423068,423128,423151,423172,423208,423211,423254,423278,423282,423344,423365,423416-423417,423476,423481,423503,423525,423579,423617,423620,423659,423722,423802,423866,423894,423917,423987,424056,424096,424103,424125,424128,424152,424155,424178,424183,424244,424263,424287,424290,424312,424337,424372,424393,424414,424423,424426,424447,424471,424506,424528,424551,424579,424618,424621,424624,424646,424668,424691,424730,424853,424879,424941,424963,424985,425007,425030,425070,425131,425154,425216,425220,425242,425264,425288,425293,425298,425361,425383,425411,425430,425458,425480,425503,425525,425589,425645,425668,425690,425713,425735,425757,425760,425782,425820,425868,425964,425987,426142,426174,426210,426260,426367,426431,426524,426528,426531,426596,426601,426667,426696,426755,426779,426806,426832,426863,426923,426928,426933,426995,427020,427025,427088,427129,427200,427203,427227,427275,427300,427355,427382,427400,427465,427490,427493,427508,427555,427582,427610,427614,427642,427683,427710,427736,427762,427788,427814,427845,427848,427875,427901,427953,427978,427981,428007,428051,428078,428114,428118,428168,428195,428245,428272,428301,428304,428333-428334,428409,428422,428543,428571,428601,428654,428681,428725,428733,428760,428788,428836,428864,428891,428918,428945,428972,428999,429028,429032,429061,429127,429195,429204,429245,429272,429325,429354,429378,429429,429432,429674,429826,430199,431299
\ No newline at end of property
