[Pkg-voip-commits] [kamailio] 01/02: Import Debian patch 4.2.0-2+deb8u1

Victor Seva vseva at moszumanska.debian.org
Fri Sep 9 08:38:51 UTC 2016 

This is an automated email from the git hooks/post-receive script.

vseva pushed a commit to branch jessie
in repository kamailio.

commit a7b079f51d7053fa416f735027609cbc1a10392d
Author: Moritz Muehlenhoff <jmm at debian.org>
Date:   Mon Mar 21 00:23:42 2016 +0100

    Import Debian patch 4.2.0-2+deb8u1
---
 debian/changelog                   |  6 ++++++
 debian/patches/CVE-2016-2385.patch | 39 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 46 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 3ab6bfb..e5af7aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+kamailio (4.2.0-2+deb8u1) jessie-security; urgency=medium
+
+  * CVE-2016-2385
+
+ -- Moritz Muehlenhoff <jmm at debian.org>  Mon, 21 Mar 2016 00:23:42 +0100
+
 kamailio (4.2.0-2) unstable; urgency=medium
 
   * [d614569] fix fifo and ctl defaults pointing to unsecure /tmp dir
diff --git a/debian/patches/CVE-2016-2385.patch b/debian/patches/CVE-2016-2385.patch
new file mode 100644
index 0000000..b4d9315
--- /dev/null
+++ b/debian/patches/CVE-2016-2385.patch
@@ -0,0 +1,39 @@
+From bc4a545aa050dd36c982bf102464edbc14a88753 Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda at gmail.com>
+Date: Fri, 12 Feb 2016 18:04:19 +0100
+Subject: [PATCH] seas: safety check for target buffer size before copying
+ message in encode_msg()
+
+- avoid buffer overflow for large SIP messages
+- reported by Stelios Tsampas
+
+(cherry picked from commit f50c9c853e7809810099c970780c30b0765b0643)
+(cherry picked from commit 18cd34781d2bdda9c19314c0494f6a655dbe6089)
+---
+ modules/seas/encode_msg.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/modules/seas/encode_msg.c b/modules/seas/encode_msg.c
+index 06d31a3..e56b5fb 100644
+--- a/modules/seas/encode_msg.c
++++ b/modules/seas/encode_msg.c
+@@ -158,6 +158,7 @@ int encode_msg(struct sip_msg *msg,char *payload,int len)
+ 
+    if(len < MAX_ENCODED_MSG + MAX_MESSAGE_LEN)
+       return -1;
++
+    if(parse_headers(msg,HDR_EOH_F,0)<0){
+       myerror="in parse_headers";
+       goto error;
+@@ -266,6 +267,11 @@ int encode_msg(struct sip_msg *msg,char *payload,int len)
+    /*j+=k;*/
+    /*pkg_free(payload2);*/
+    /*now we copy the actual message after the headers-meta-section*/
++
++	if(len < j + msg->len + 1) {
++   	   LM_ERR("not enough space to encode sip message\n");
++   	   return -1;
++	}
+    memcpy(&payload[j],msg->buf,msg->len);
+    LM_DBG("msglen = %d,msg starts at %d\n",msg->len,j);
+    j=htons(j);
diff --git a/debian/patches/series b/debian/patches/series
index ea0be66..5dc82ac 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ default_fifo.patch
 kamctl_build.patch
 default_ctl.patch
 fix-mips.patch
+CVE-2016-2385.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/kamailio.git

More information about the Pkg-voip-commits mailing list