net/kamailio-4.x/patches/131-CVE-2018-16657.patch

   1 commit d67b2f9874ca23bd69f18df71b8f53b1b6151f6d
   2 Author: Henning Westerholt <hw@kamailio.org>
   3 Date:   Sun Jun 3 20:59:32 2018 +0200
   4
   5     core: improve header safe guards for Via handling
   6
   7     (cherry picked from commit ad68e402ece8089f133c10de6ce319f9e28c0692)
   8
   9 diff --git a/crc.c b/crc.c
  10 index 462846324..23b2876ec 100644
  11 --- a/crc.c
  12 +++ b/crc.c
  13 @@ -231,6 +231,8 @@ void crcitt_string_array( char *dst, str src[], int size )
  14         ccitt = 0xFFFF;
  15         str_len=CRC16_LEN;
  16         for (i=0; i<size; i++ ) {
  17 +               /* invalid str with positive length and null char pointer */
  18 +               if( unlikely(src[i].s==NULL)) break;
  19                 c=src[i].s;
  20                 len=src[i].len;
  21                 while(len) {
  22 diff --git a/msg_translator.c b/msg_translator.c
  23 index 201e3a5e1..58978f958 100644
  24 --- a/msg_translator.c
  25 +++ b/msg_translator.c
  26 @@ -168,12 +168,17 @@ static int check_via_address(struct ip_addr* ip, str *name,
  27                                                 (name->s[name->len-1]==']')&&
  28                                                 (strncasecmp(name->s+1, s, len)==0))
  29                                 )
  30 -                  )
  31 +                  ) {
  32                         return 0;
  33 -               else
  34 -
  35 +               }
  36 +               else {
  37 +                       if (unlikely(name->s==NULL)) {
  38 +                               LM_CRIT("invalid Via host name\n");
  39 +                               return -1;
  40 +                       }
  41                         if (strncmp(name->s, s, name->len)==0)
  42                                 return 0;
  43 +               }
  44         }else{
  45                 LM_CRIT("could not convert ip address\n");
  46                 return -1;