From b825f14b7ef3fb92363bc56e753c65e6eda44c88 Mon Sep 17 00:00:00 2001 From: Kamailio Dev Date: Fri, 24 Feb 2023 17:47:03 +0100 Subject: [PATCH] modules: readme files regenerated - modules ... [skip ci] --- src/modules/ctl/README | 8 ++++---- src/modules/exec/README | 20 +++++++++++++++++--- src/modules/ims_dialog/README | 6 +++--- src/modules/rr/README | 18 +++++++++--------- 4 files changed, 33 insertions(+), 19 deletions(-) diff --git a/src/modules/ctl/README b/src/modules/ctl/README index 0e0b22565eb..d7a3da93183 100644 --- a/src/modules/ctl/README +++ b/src/modules/ctl/README @@ -16,7 +16,7 @@ Andrei Pelinescu-Onciul 3. Parameters 3.1. binrpc (string) - 3.2. binrpc_buffer_size (integer or string) + 3.2. binrpc_buffer_size (integer) 3.3. mode (integer) 3.4. user (integer or string) 3.5. group (integer or string) @@ -56,7 +56,7 @@ Chapter 1. Admin Guide 3. Parameters 3.1. binrpc (string) - 3.2. binrpc_buffer_size (integer or string) + 3.2. binrpc_buffer_size (integer) 3.3. mode (integer) 3.4. user (integer or string) 3.5. group (integer or string) @@ -115,7 +115,7 @@ $ kamcmd ps 3. Parameters 3.1. binrpc (string) - 3.2. binrpc_buffer_size (integer or string) + 3.2. binrpc_buffer_size (integer) 3.3. mode (integer) 3.4. user (integer or string) 3.5. group (integer or string) @@ -170,7 +170,7 @@ modparam("ctl", "binrpc", "localhost:3000") # udp modparam("ctl", "binrpc", "tcp:3012") # tcp any , port 3012 modparam("ctl", "binrpc", "udp:*:3012") # udp any , port 3012 -3.2. binrpc_buffer_size (integer or string) +3.2. binrpc_buffer_size (integer) The size of the internal buffer used for printing elements of the RPC response (e.g., internal RPC printf()). The value is given in bytes. diff --git a/src/modules/exec/README b/src/modules/exec/README index b63a8b27a10..3769a2d9411 100644 --- a/src/modules/exec/README +++ b/src/modules/exec/README @@ -97,6 +97,20 @@ Chapter 1. Admin Guide $$SIP_OUSER) in the parameters given to exec functions. Otherwise they will be evaluated as Kamailio pseudo-variables, throwing errors. + WARNING: if the exec functions are passed variables that might include + malicious input, then remote attackers may abuse the exec functions to + execute arbitrary code. Specifically, this may result in OS command + injection. In such cases, input validation is required to prevent the + vulnerability. The following is an example of how input validation and + exec module functions may be used together to prevent exploitation: +... +if !($rU =~ "^[0-9]{1,15}$") { + xlog("Malformed R-URI username: '$rU'\n"); + exit; +} +exec_msg("echo TEST >> /tmp/$(rU).txt"); +... + 2. Dependencies 2.1. Kamailio Modules @@ -167,7 +181,7 @@ modparam("exec", "time_to_kill", 20) Example 1.3. exec_dset usage ... exec_dset("echo TEST > /tmp/test.txt"); -exec_dset("echo TEST > /tmp/$rU.txt"); +exec_dset("echo TEST > /tmp/$(rU).txt"); ... 4.2. exec_msg(command) @@ -191,7 +205,7 @@ exec_dset("echo TEST > /tmp/$rU.txt"); Example 1.4. exec_msg usage ... exec_msg("echo TEST > /tmp/test.txt"); -exec_msg("echo TEST > /tmp/$rU.txt"); +exec_msg("echo TEST > /tmp/$(rU).txt"); ... 4.3. exec_avp(command [, avplist]) @@ -235,7 +249,7 @@ exec_avp("echo TEST", "$avp(s:test)"); Example 1.6. exec_cmd usage ... exec_cmd("echo TEST > /tmp/test.txt"); -exec_cmd("echo TEST > /tmp/$rU.txt"); +exec_cmd("echo TEST > /tmp/$(rU).txt"); ... 5. Known Issues diff --git a/src/modules/ims_dialog/README b/src/modules/ims_dialog/README index 1b9b32e4c03..ed4c5b4a521 100644 --- a/src/modules/ims_dialog/README +++ b/src/modules/ims_dialog/README @@ -465,7 +465,7 @@ modparam("ims_dialog", "detect_spirals", 1) Example 1.8. Set profiles_with_value parameter ... -modparam("dialog", "profiles_with_value", "caller ; my_profile") +modparam("ims_dialog", "profiles_with_value", "caller ; my_profile") ... 5.16. profiles_no_value (string) @@ -476,7 +476,7 @@ modparam("dialog", "profiles_with_value", "caller ; my_profile") Example 1.9. Set profiles_no_value parameter ... -modparam("dialog", "profiles_no_value", "inbound ; outbound") +modparam("ims_dialog", "profiles_no_value", "inbound ; outbound") ... 5.17. bridge_controller (string) @@ -487,7 +487,7 @@ modparam("dialog", "profiles_no_value", "inbound ; outbound") Example 1.10. Set bridge_controller parameter ... -modparam("dialog", "bridge_controller", "sip:ctd@kamailio.org") +modparam("ims_dialog", "bridge_controller", "sip:ctd@kamailio.org") ... 5.18. initial_cbs_inscript (string) diff --git a/src/modules/rr/README b/src/modules/rr/README index 0f6cd7fd322..bbb9d7b4e90 100644 --- a/src/modules/rr/README +++ b/src/modules/rr/README @@ -152,13 +152,13 @@ Chapter 1. Admin Guide 1. Overview - The module contains record routing logic + The module contains record routing logic. 2. Dialog support Kamailio is basically only a transaction stateful proxy, without any dialog support build in. There are many features/services which - actually requires a dialog awareness, like storing the information in + actually require a dialog awareness, like storing the information in the dialog creation stage, information which will be used during the whole dialog existence. @@ -327,7 +327,7 @@ modparam("rr", "enable_socket_mismatch_warning", 0) 4.6. custom_user_avp (avp string) - When enable_username is enabled, a call to record_route will add the + When add_username is enabled, a call to record_route will add the username of the RequestURI to the Record-Route URI. This parameter allows you to setup an AVP with which you can customise the username to be added in the Record-Route URI. @@ -614,7 +614,7 @@ add_rr_param(";nat=yes"); The function checks if the URI parameters of the local Route header (corresponding to the local server) matches the given regular - expression. It must be call after loose_route() (see Section 5.1, + expression. It must be called after loose_route() (see Section 5.1, “loose_route()”). Meaning of the parameters is as follows: @@ -780,7 +780,7 @@ record_route_advertised_address("1.2.3.4:5090"); The function checks for the request “msg” if the URI parameters of the local Route header (corresponding to the local server) matches the - given regular expression “re”. It must be call after the loose_route + given regular expression “re”. It must be called after the loose_route was done. The function returns 0 on success. Otherwise, -1 is returned. @@ -796,7 +796,7 @@ record_route_advertised_address("1.2.3.4:5090"); The function checks the flow direction of the request “msg”. As for checking it's used the “ftag” Route header parameter, the append_fromtag (see ??? module parameter must be enables. Also this - must be call only after the loose_route is done. + must be called only after the loose_route is done. The function returns 0 if the “dir” is the same with the request's flow direction. Otherwise, -1 is returned. @@ -808,9 +808,9 @@ record_route_advertised_address("1.2.3.4:5090"); 1.6. get_route_param( msg, name, val) - The function search in to the “msg”'s Route header parameters the + The function searches in the “msg”'s Route header parameters the parameter called “name” and returns its value into “val”. It must be - call only after the loose_route is done. + called only after the loose_route is done. The function returns 0 if parameter was found (even if it has no value). Otherwise, -1 is returned. @@ -824,7 +824,7 @@ record_route_advertised_address("1.2.3.4:5090"); 1.7. register_rrcb( callback, param) - The function register a new callback (along with its parameter). The + The function registers a new callback (along with its parameter). The callback will be called when a loose route will be performed for the local address.