[OpenSIPS-Devel] [OpenSIPS/opensips] 78909c: [topology_hiding] fix vulnerability in TH decoding
Bogdan Andrei IANCU
noreply at github.com
Fri Jan 8 15:42:51 EST 2021
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 78909c344fe4c25718233e6a00f6e2bd19373be3
https://github.com/OpenSIPS/opensips/commit/78909c344fe4c25718233e6a00f6e2bd19373be3
Author: Bogdan-Andrei Iancu <bogdan at opensips.org>
Date: 2021-01-08 (Fri, 08 Jan 2021)
Changed paths:
M modules/topology_hiding/topo_hiding_logic.c
Log Message:
-----------
[topology_hiding] fix vulnerability in TH decoding
Extra checks were added to prevent buffer overflow/underflow when decoding the TH information (in non-dialog module) extracted from the Contact hdr. This information may be subject to malicious changes from an external attacker.
Credits for reporting and for the fix go to @wdoekes.
The suggested fix was re-worked a bit, but the idea is the same.
Fixes #2338
More information about the Devel
mailing list