[OpenSIPS-Devel] [OpenSIPS/opensips] d6aa97: stir_shaken: Further improve commit 9c9cce6f36
Liviu Chircu
noreply at github.com
Wed Apr 14 18:09:07 EST 2021
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: d6aa971e336509a98e879d0fe63ce926d647165d
https://github.com/OpenSIPS/opensips/commit/d6aa971e336509a98e879d0fe63ce926d647165d
Author: Liviu Chircu <liviu at opensips.org>
Date: 2021-04-14 (Wed, 14 Apr 2021)
Changed paths:
M modules/stir_shaken/stir_shaken.c
Log Message:
-----------
stir_shaken: Further improve commit 9c9cce6f36
It's not enough to check for missing PASSporT payload fields, as the
code can also crash on a cJSON type mismatch (malicious input?), e.g.:
{... "orig": {"tn": ["1234"]} ...}
Here, the "orig-tn" is incorrectly given as a list, where it should be a
string. Without an extra check for a NULL cJSON string subfield, the
code would still crash.
Many thanks to Sandro Gauci (Enable Security) for the find!
Issue discovered during OpenSIPIt'01 (https://opensipit.org/)
More information about the Devel
mailing list