Merge pull request #362 from micmac1/kam-cve-17.01-II

[feed/telephony.git] / net / kamailio-4.x / patches / 130-CVE-2018-14767.patch

diff --git a/net/kamailio-4.x/patches/130-CVE-2018-14767.patch b/net/kamailio-4.x/patches/130-CVE-2018-14767.patch
new file mode 100644 (file)
index 0000000..26c9d15
--- /dev/null
+++ b/net/kamailio-4.x/patches/130-CVE-2018-14767.patch
@@ -0,0 +1,28 @@
+commit 281a6c6b6eaaf30058b603325e8ded20b99e1456
+Author: Henning Westerholt <hw@kamailio.org>
+Date:   Mon May 7 09:36:53 2018 +0200
+
+    core: improve to header check guards, str consists of length and pointer
+
+diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c
+index 22122768a..4dd648e87 100644
+--- a/msg_translator.c
++++ b/msg_translator.c
+@@ -2369,7 +2369,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
+                       case HDR_TO_T:
+                               if (new_tag && new_tag->len) {
+                                       to_tag=get_to(msg)->tag_value;
+-                                      if ( to_tag.len || to_tag.s )
++                                      if ( to_tag.len && to_tag.s )
+                                               len+=new_tag->len-to_tag.len;
+                                       else
+                                               len+=new_tag->len+TOTAG_TOKEN_LEN/*";tag="*/;
+@@ -2497,7 +2497,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
+                               break;
+                       case HDR_TO_T:
+                               if (new_tag && new_tag->len){
+-                                      if (to_tag.s ) { /* replacement */
++                                      if (to_tag.len && to_tag.s) { /* replacement */
+                                               /* before to-tag */
+                                               append_str( p, hdr->name.s, to_tag.s-hdr->name.s);
+                                               /* to tag replacement */