[OpenSIPS-Devel] [OpenSIPS/opensips] ca7288: event_route: Fix off-by-one error in some $param w...

Mon Apr 10 14:44:08 UTC 2023

  Branch: refs/heads/3.3
  Home:   https://github.com/OpenSIPS/opensips
  Commit: ca72885632bf42ca56cf611d70e297026b52170a
      https://github.com/OpenSIPS/opensips/commit/ca72885632bf42ca56cf611d70e297026b52170a
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2023-04-10 (Mon, 10 Apr 2023)

  Changed paths:
    M modules/event_route/event_route.c

  Log Message:
  -----------
  event_route: Fix off-by-one error in some $param warning log

(cherry picked from commit d4b03b7d0b828c0f7ecd6061cda882a560d6a216)

  Commit: 95f75ac61aed2d4cf4d68e56d89c04b77928eeb1
      https://github.com/OpenSIPS/opensips/commit/95f75ac61aed2d4cf4d68e56d89c04b77928eeb1
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2023-04-10 (Mon, 10 Apr 2023)

  Changed paths:
    M lib/digest_auth/dauth_nonce.c
    M lib/digest_auth/dauth_nonce.h
    M modules/auth/auth_mod.c

  Log Message:
  -----------
  auth: Avoid abort() if len(secret) is not 32 bytes

Before OpenSIPS 3.2, the "secret" modparam supported random-length
strings, to be hashed into an MD5 computation when generating the nonce.

Starting with 3.2 and the new AES-CBC based nonce generation algorithm,
the "secret" has been restricted to 32-bytes only, however OpenSIPS
would assert() -> abort() on startup without displaying any helper error
if the user supplied a different-length secret.

Many thanks to @thuroc for an accurate report on the assert() issue!

Fixes #3043

(cherry picked from commit 00a19ede805577c29ae8b65af8a0cb81fc583209)

Compare: https://github.com/OpenSIPS/opensips/compare/e32f27b741bc...95f75ac61aed