[OpenSIPS-Devel] [OpenSIPS/opensips] 0a818e: [topology_hiding] fix vulnerability in TH decoding
Bogdan Andrei IANCU
noreply at github.com
Tue Jan 12 16:33:56 EST 2021
Branch: refs/heads/2.4
Home: https://github.com/OpenSIPS/opensips
Commit: 0a818e29f287b58294139301123b140dcce6223a
https://github.com/OpenSIPS/opensips/commit/0a818e29f287b58294139301123b140dcce6223a
Author: Bogdan-Andrei Iancu <bogdan at opensips.org>
Date: 2021-01-12 (Tue, 12 Jan 2021)
Changed paths:
M modules/topology_hiding/topo_hiding_logic.c
Log Message:
-----------
[topology_hiding] fix vulnerability in TH decoding
Extra checks were added to prevent buffer overflow/underflow when decoding the TH information (in non-dialog module) extracted from the Contact hdr. This information may be subject to malicious changes from an external attacker.
Credits for reporting and for the fix go to @wdoekes.
The suggested fix was re-worked a bit, but the idea is the same.
Fixes #2338
(cherry picked from commit 78909c344fe4c25718233e6a00f6e2bd19373be3)
More information about the Devel
mailing list