[OpenSIPS-Devel] [OpenSIPS/opensips] d3ff32: stir_shaken: Fix detection for invalid "future Dat...
Liviu Chircu
noreply at github.com
Wed Sep 27 15:36:34 UTC 2023
Branch: refs/heads/3.4
Home: https://github.com/OpenSIPS/opensips
Commit: d3ff3257033ea9d5305e4b68ef0b508b033bb357
https://github.com/OpenSIPS/opensips/commit/d3ff3257033ea9d5305e4b68ef0b508b033bb357
Author: Liviu Chircu <liviu at opensips.org>
Date: 2023-09-27 (Wed, 27 Sep 2023)
Changed paths:
M modules/stir_shaken/stir_shaken.c
Log Message:
-----------
stir_shaken: Fix detection for invalid "future Date/iat"
This patch fixes a bug where both the Date hf and the "iat" PASSporT
claim could be filled in with a random timestamp value "in the future"
and still bypass the OpenSIPS "freshness" integrity checks.
Issue discovered during OpenSIPIt'03,
thanks to Pavel Bussel & Maksym Sobolyev (Sippy Software)
(cherry picked from commit 75a168a9f4315e59ba92bdcc2920639176e7f415)
More information about the Devel
mailing list