[OpenSIPS-Devel] [OpenSIPS/opensips] 28bebc: stir_shaken: Fix detection for invalid "future Dat...
Liviu Chircu
noreply at github.com
Wed Sep 27 15:36:35 UTC 2023
Branch: refs/heads/3.3
Home: https://github.com/OpenSIPS/opensips
Commit: 28bebc7f258dba96941fa24869877efd7ff76073
https://github.com/OpenSIPS/opensips/commit/28bebc7f258dba96941fa24869877efd7ff76073
Author: Liviu Chircu <liviu at opensips.org>
Date: 2023-09-27 (Wed, 27 Sep 2023)
Changed paths:
M modules/stir_shaken/stir_shaken.c
Log Message:
-----------
stir_shaken: Fix detection for invalid "future Date/iat"
This patch fixes a bug where both the Date hf and the "iat" PASSporT
claim could be filled in with a random timestamp value "in the future"
and still bypass the OpenSIPS "freshness" integrity checks.
Issue discovered during OpenSIPIt'03,
thanks to Pavel Bussel & Maksym Sobolyev (Sippy Software)
(cherry picked from commit 75a168a9f4315e59ba92bdcc2920639176e7f415)
More information about the Devel
mailing list