[OpenSIPS-Devel] [OpenSIPS/opensips] 0fadc0: Fix crash with REGISTER + incomplete Authorization...
Liviu Chircu
noreply at github.com
Mon Sep 27 18:19:42 EST 2021
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 0fadc0a6cb130d40fba6cf36bb1399d45d0496aa
https://github.com/OpenSIPS/opensips/commit/0fadc0a6cb130d40fba6cf36bb1399d45d0496aa
Author: Liviu Chircu <liviu at opensips.org>
Date: 2021-09-27 (Mon, 27 Sep 2021)
Changed paths:
M modules/auth/api.c
Log Message:
-----------
Fix crash with REGISTER + incomplete Authorization header
Avoid re-using anonymous structures outside of the block scope they were
declared in. The compiler allows such broken code, yet it is also quick
to re-use/re-claim that memory quickly after exiting the block, leading
to stack corruption later down the road, when the "now re-used struct"
is read.
Issue discovered during OpenSIPS Security Audit 2021,
by Alfred Farrugia & Sandro Gauci (Enable Security)
More information about the Devel
mailing list