TT#44251 Fix CVE-2018-16657

Improve header safe guards for Via handling Backported from kamailio version 5.1. Original commit: ad68e402ec Change-Id: I6ab3dbe18f3c25157931e66d644405337efbb200
7 years ago · 13a08603fb
parent 94a0de573b
commit 13a08603fb
2 changed files with 35 additions and 0 deletions
--- a/debian/patches/series
+++ b/debian/patches/series
@ -58,3 +58,4 @@ upstream/0006-acc-more-debug-message.patch
 upstream/0007-tm-update-uas-rb-activ_type.patch
 upstream/0008-tm-activ_type-field-renamed-to-rbtype.patch
 upstream/0009-tm-set-uas-rb-type-along-with-the-buffer.patch
+upstream/0010-core-improve-header-safe-guards-for-via-handling.patch
--- a/debian/patches/upstream/0010-core-improve-header-safe-guards-for-via-handling.patch
+++ b/debian/patches/upstream/0010-core-improve-header-safe-guards-for-via-handling.patch
@ -0,0 +1,34 @@
+--- a/crc.c
+++ b/crc.c
+@@ -231,6 +231,8 @@ void crcitt_string_array( char *dst, str
+ 	ccitt = 0xFFFF;
+ 	str_len=CRC16_LEN;
+ 	for (i=0; i<size; i++ ) {
+		/* invalid str with positive length and null char pointer */
+		if( unlikely(src[i].s==NULL)) break;
+ 		c=src[i].s;
+ 		len=src[i].len;
+ 		while(len) {
+--- a/msg_translator.c
+++ b/msg_translator.c
+@@ -167,12 +167,17 @@ static int check_via_address(struct ip_a
+ 						(name->s[name->len-1]==']')&&
+ 						(strncasecmp(name->s+1, s, len)==0))
+ 				)
+-		   )
+		   ) {
+ 			return 0;
+-		else
+-
+		}
+		else {
+			if (unlikely(name->s==NULL)) {
+				LM_CRIT("invalid Via host name\n");
+				return -1;
+			}
+ 			if (strncmp(name->s, s, name->len)==0)
+ 				return 0;
+		}
+ 	}else{
+ 		LM_CRIT("could not convert ip address\n");
+ 		return -1;