Merge pull request #362 from micmac1/kam-cve-17.01-II

kamailio-4.x: add fix for CVE-2018-14767
2025-01-09 12:17:28 +08:00 · 2018-08-11 13:05:54 +02:00 · 2018-08-11 13:05:54 +02:00 · 95498e75db
commit 95498e75db
parent b60d32979a c48758551a
2 changed files with 29 additions and 1 deletions
--- a/net/kamailio-4.x/Makefile
+++ b/net/kamailio-4.x/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=kamailio4
 PKG_VERSION:=4.4.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE_URL:=https://www.kamailio.org/pub/kamailio/$(PKG_VERSION)/src/
 PKG_SOURCE:=kamailio-$(PKG_VERSION)$(PKG_VARIANT)_src.tar.gz
--- a/net/kamailio-4.x/patches/130-CVE-2018-14767.patch
+++ b/net/kamailio-4.x/patches/130-CVE-2018-14767.patch
@ -0,0 +1,28 @@
+commit 281a6c6b6eaaf30058b603325e8ded20b99e1456
+Author: Henning Westerholt <hw@kamailio.org>
+Date:   Mon May 7 09:36:53 2018 +0200
+
+    core: improve to header check guards, str consists of length and pointer
+
+diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c
+index 22122768a..4dd648e87 100644
+--- a/msg_translator.c
+++ b/msg_translator.c
+@@ -2369,7 +2369,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
+ 			case HDR_TO_T:
+ 				if (new_tag && new_tag->len) {
+ 					to_tag=get_to(msg)->tag_value;
+-					if ( to_tag.len || to_tag.s )
+					if ( to_tag.len && to_tag.s )
+ 						len+=new_tag->len-to_tag.len;
+ 					else
+ 						len+=new_tag->len+TOTAG_TOKEN_LEN/*";tag="*/;
+@@ -2497,7 +2497,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
+ 				break;
+ 			case HDR_TO_T:
+ 				if (new_tag && new_tag->len){
+-					if (to_tag.s ) { /* replacement */
+					if (to_tag.len && to_tag.s) { /* replacement */
+ 						/* before to-tag */
+ 						append_str( p, hdr->name.s, to_tag.s-hdr->name.s);
+ 						/* to tag replacement */