[OpenSIPS-Devel] [OpenSIPS/opensips] 309fff: [topology_hiding] fix vulnerability in TH decoding
Bogdan Andrei IANCU
noreply at github.com
Tue Jan 12 16:32:36 EST 2021
Branch: refs/heads/3.1
Home: https://github.com/OpenSIPS/opensips
Commit: 309ffff8babb4d4a89f7bc9ad43d7f4c6bbd0be9
https://github.com/OpenSIPS/opensips/commit/309ffff8babb4d4a89f7bc9ad43d7f4c6bbd0be9
Author: Bogdan-Andrei Iancu <bogdan at opensips.org>
Date: 2021-01-12 (Tue, 12 Jan 2021)
Changed paths:
M modules/topology_hiding/topo_hiding_logic.c
Log Message:
-----------
[topology_hiding] fix vulnerability in TH decoding
Extra checks were added to prevent buffer overflow/underflow when decoding the TH information (in non-dialog module) extracted from the Contact hdr. This information may be subject to malicious changes from an external attacker.
Credits for reporting and for the fix go to @wdoekes.
The suggested fix was re-worked a bit, but the idea is the same.
Fixes #2338
(cherry picked from commit 78909c344fe4c25718233e6a00f6e2bd19373be3)
More information about the Devel
mailing list