[OpenSIPS-Devel] [OpenSIPS/opensips] 00a19e: auth: Avoid abort() if len(secret) is not 32 bytes
Liviu Chircu
noreply at github.com
Mon Apr 10 14:42:54 UTC 2023
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 00a19ede805577c29ae8b65af8a0cb81fc583209
https://github.com/OpenSIPS/opensips/commit/00a19ede805577c29ae8b65af8a0cb81fc583209
Author: Liviu Chircu <liviu at opensips.org>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M lib/digest_auth/dauth_nonce.c
M lib/digest_auth/dauth_nonce.h
M modules/auth/auth_mod.c
Log Message:
-----------
auth: Avoid abort() if len(secret) is not 32 bytes
Before OpenSIPS 3.2, the "secret" modparam supported random-length
strings, to be hashed into an MD5 computation when generating the nonce.
Starting with 3.2 and the new AES-CBC based nonce generation algorithm,
the "secret" has been restricted to 32-bytes only, however OpenSIPS
would assert() -> abort() on startup without displaying any helper error
if the user supplied a different-length secret.
Many thanks to @thuroc for an accurate report on the assert() issue!
Fixes #3043
More information about the Devel
mailing list