[OpenSIPS-Devel] [OpenSIPS/opensips] f7272d: lib/csv: Fix some memleak corner-cases (reported b...

Mon Oct 10 15:11:04 UTC 2022

  Branch: refs/heads/3.3
  Home:   https://github.com/OpenSIPS/opensips
  Commit: f7272d8b1af0c8b2f1abe537454178a6dde925d4
      https://github.com/OpenSIPS/opensips/commit/f7272d8b1af0c8b2f1abe537454178a6dde925d4
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M lib/csv.c

  Log Message:
  -----------
  lib/csv: Fix some memleak corner-cases (reported by OSS-Fuzz)

Fixes OSS-Fuzz#39925

(cherry picked from commit ff34d213cad9c2b24460aecc206520bac5411bdc)

  Commit: d03a8125a31790d323892092b45c826588c33edd
      https://github.com/OpenSIPS/opensips/commit/d03a8125a31790d323892092b45c826588c33edd
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/parse_uri.c

  Log Message:
  -----------
  parse_uri: Complete the fix for undefined bitwise left-shift (OSS-Fuzz)

The default auto-cast to (int) is not enough, as a value such as
255 << 24 can still overflow the 31 value bits...

Fixes OSS-Fuzz#51542

(cherry picked from commit e0d90ec107484051e6c769056036447361c5724d)

  Commit: a3edb86f420cd57d50f11e79df3c9a44bada8776
      https://github.com/OpenSIPS/opensips/commit/a3edb86f420cd57d50f11e79df3c9a44bada8776
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/parse_uri.c

  Log Message:
  -----------
  parse_uri: Parse the port into an unsigned integer (OSS-Fuzz)

Fixes OSS-Fuzz#51605

(cherry picked from commit b4a72a5f96f5726afa48854ad0850fe14f78909d)

  Commit: 5eb1fbd9f567c865606d880d84f35bc7b64f551c
      https://github.com/OpenSIPS/opensips/commit/5eb1fbd9f567c865606d880d84f35bc7b64f551c
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/parse_hname2.c
    M parser/test/test_parser.c

  Log Message:
  -----------
  parse_msg(): Fix out-of-bounds read edge-case (OSS-Fuzz)

Also add a unit test suite for parse_msg().

Severity: low
Fixes OSS-Fuzz#39802

(cherry picked from commit 66898d8208d158d95a27f1a76078a29bd1e08d7e)

  Commit: 47f142c7f27c4326bc95bd02569bc64751903a10
      https://github.com/OpenSIPS/opensips/commit/47f142c7f27c4326bc95bd02569bc64751903a10
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/parse_hname2.c

  Log Message:
  -----------
  Fix rare UB on left-shift signed int overflow

By default, most commonly used compilers *define* some behaviour when
this overflow occurs, such that the program will continue normally,
without any negative consequences.

Severity: Minor
Fixes OSS-Fuzz#40201

(cherry picked from commit 2ba963b0c5e2b6705a3f28ce44e57b248988a103)

  Commit: 9d58a464d04d81a0dd626b30248131dced6498b4
      https://github.com/OpenSIPS/opensips/commit/9d58a464d04d81a0dd626b30248131dced6498b4
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/parse_to.c
    M parser/test/test_parser.c

  Log Message:
  -----------
  parse_to_param(): Fix out-of-bounds read edge-case (OSS-Fuzz)

Severity: Low
Fixes OSS-Fuzz#41073

(cherry picked from commit 90aa25e64f36b22fbcae9aae910257b43f81641f)

  Commit: a6c2761305f28abe0b2f0f2eee6f53e78d9a246f
      https://github.com/OpenSIPS/opensips/commit/a6c2761305f28abe0b2f0f2eee6f53e78d9a246f
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/parse_to.c

  Log Message:
  -----------
  parse_to_param(): Rework previous fix (OSS-Fuzz)

Invoking strlen() on a non NULL-terminated buffer is equally bad,
possibly even worse.  Instead, simply rely on the @end parameter being
correct, which is an assumption already made by the current code of the
function.

Fixes OSS-Fuzz#41073

(cherry picked from commit 51b908f8fde0aa2eac8dbcfff319281625d6f3f2)

  Commit: eecabbd825cd50eaa2d04bfa0dc164d6d729d8a1
      https://github.com/OpenSIPS/opensips/commit/eecabbd825cd50eaa2d04bfa0dc164d6d729d8a1
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/parse_content.c

  Log Message:
  -----------
  parse_content_length(): Fix integer overflow edge-case (OSS-Fuzz)

This completes commit 7cab422e2f, where it was still possible to cause
an integer overflow even after the fix, with input such as 2147483609,
due to missing parentheses in the number equation.

Fixes OSS-Fuzz#52112

(cherry picked from commit 837263b47dcb33909b109b5cc050c1ab4a6c64a2)

  Commit: 89f5602842e2d03aee58fa33827c4c86a3cd99b9
      https://github.com/OpenSIPS/opensips/commit/89f5602842e2d03aee58fa33827c4c86a3cd99b9
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2022-10-10 (Mon, 10 Oct 2022)

  Changed paths:
    M parser/msg_parser.c
    M parser/test/test_parser.c

  Log Message:
  -----------
  parse_msg(): Fix heap buffer overflow edge-case (OSS-Fuzz)

This patch fixes a SIP message parsing error log which could lead to an
unsafe printing of a non-NULL terminated string.  Fortunately, the
OpenSIPS PKG memory allocator minimizes the severity of this overflow,
thanks to its pre-allocated, large chunk of heap memory.

Severity: Low
Fixes OSS-Fuzz#52204

(cherry picked from commit 2a6f8c67aa15ebf507cc9ff2bd881d771858fed7)

Compare: https://github.com/OpenSIPS/opensips/compare/07e2f88a23e9...89f5602842e2