[Pkg-voip-commits] [kamailio] 01/02: Import Debian patch 4.2.0-2+deb8u1
Victor Seva
vseva at moszumanska.debian.org
Fri Sep 9 08:38:51 UTC 2016
This is an automated email from the git hooks/post-receive script.
vseva pushed a commit to branch jessie
in repository kamailio.
commit a7b079f51d7053fa416f735027609cbc1a10392d
Author: Moritz Muehlenhoff <jmm at debian.org>
Date: Mon Mar 21 00:23:42 2016 +0100
Import Debian patch 4.2.0-2+deb8u1
---
debian/changelog | 6 ++++++
debian/patches/CVE-2016-2385.patch | 39 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 46 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 3ab6bfb..e5af7aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+kamailio (4.2.0-2+deb8u1) jessie-security; urgency=medium
+
+ * CVE-2016-2385
+
+ -- Moritz Muehlenhoff <jmm at debian.org> Mon, 21 Mar 2016 00:23:42 +0100
+
kamailio (4.2.0-2) unstable; urgency=medium
* [d614569] fix fifo and ctl defaults pointing to unsecure /tmp dir
diff --git a/debian/patches/CVE-2016-2385.patch b/debian/patches/CVE-2016-2385.patch
new file mode 100644
index 0000000..b4d9315
--- /dev/null
+++ b/debian/patches/CVE-2016-2385.patch
@@ -0,0 +1,39 @@
+From bc4a545aa050dd36c982bf102464edbc14a88753 Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda at gmail.com>
+Date: Fri, 12 Feb 2016 18:04:19 +0100
+Subject: [PATCH] seas: safety check for target buffer size before copying
+ message in encode_msg()
+
+- avoid buffer overflow for large SIP messages
+- reported by Stelios Tsampas
+
+(cherry picked from commit f50c9c853e7809810099c970780c30b0765b0643)
+(cherry picked from commit 18cd34781d2bdda9c19314c0494f6a655dbe6089)
+---
+ modules/seas/encode_msg.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/modules/seas/encode_msg.c b/modules/seas/encode_msg.c
+index 06d31a3..e56b5fb 100644
+--- a/modules/seas/encode_msg.c
++++ b/modules/seas/encode_msg.c
+@@ -158,6 +158,7 @@ int encode_msg(struct sip_msg *msg,char *payload,int len)
+
+ if(len < MAX_ENCODED_MSG + MAX_MESSAGE_LEN)
+ return -1;
++
+ if(parse_headers(msg,HDR_EOH_F,0)<0){
+ myerror="in parse_headers";
+ goto error;
+@@ -266,6 +267,11 @@ int encode_msg(struct sip_msg *msg,char *payload,int len)
+ /*j+=k;*/
+ /*pkg_free(payload2);*/
+ /*now we copy the actual message after the headers-meta-section*/
++
++ if(len < j + msg->len + 1) {
++ LM_ERR("not enough space to encode sip message\n");
++ return -1;
++ }
+ memcpy(&payload[j],msg->buf,msg->len);
+ LM_DBG("msglen = %d,msg starts at %d\n",msg->len,j);
+ j=htons(j);
diff --git a/debian/patches/series b/debian/patches/series
index ea0be66..5dc82ac 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ default_fifo.patch
kamctl_build.patch
default_ctl.patch
fix-mips.patch
+CVE-2016-2385.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/kamailio.git
More information about the Pkg-voip-commits
mailing list