[OpenSIPS-Devel] [OpenSIPS/opensips] d7531e: stir_shaken: Further improve commit 9c9cce6f36
Liviu Chircu
noreply at github.com
Wed Apr 14 18:11:13 EST 2021
Branch: refs/heads/3.1
Home: https://github.com/OpenSIPS/opensips
Commit: d7531e2d5ffce456e9e944e553c4fa473e2be0f8
https://github.com/OpenSIPS/opensips/commit/d7531e2d5ffce456e9e944e553c4fa473e2be0f8
Author: Liviu Chircu <liviu at opensips.org>
Date: 2021-04-14 (Wed, 14 Apr 2021)
Changed paths:
M modules/stir_shaken/stir_shaken.c
Log Message:
-----------
stir_shaken: Further improve commit 9c9cce6f36
It's not enough to check for missing PASSporT payload fields, as the
code can also crash on a cJSON type mismatch (malicious input?), e.g.:
{... "orig": {"tn": ["1234"]} ...}
Here, the "orig-tn" is incorrectly given as a list, where it should be a
string. Without an extra check for a NULL cJSON string subfield, the
code would still crash.
Many thanks to Sandro Gauci (Enable Security) for the find!
Issue discovered during OpenSIPIt'01 (https://opensipit.org/)
(cherry picked from commit d6aa971e336509a98e879d0fe63ce926d647165d)
Commit: 4df77bd4701be5fc01af5354f5d1ea04236dd7f0
https://github.com/OpenSIPS/opensips/commit/4df77bd4701be5fc01af5354f5d1ea04236dd7f0
Author: Liviu Chircu <liviu at opensips.org>
Date: 2021-04-14 (Wed, 14 Apr 2021)
Changed paths:
M modules/stir_shaken/stir_shaken.c
Log Message:
-----------
stir_shaken: Fix missing "return -1;" statements
Issue discovered during OpenSIPIt'01 (https://opensipit.org/)
(cherry picked from commit ecf5d64d52626cdc00cd935352115878f1442311)
Compare: https://github.com/OpenSIPS/opensips/compare/b2ccb71920e3...4df77bd4701b
More information about the Devel
mailing list