net/kamailio-5.x/patches/140-CVE-2018-14767.patch

   1 commit 281a6c6b6eaaf30058b603325e8ded20b99e1456
   2 Author: Henning Westerholt <hw@kamailio.org>
   3 Date:   Mon May 7 09:36:53 2018 +0200
   4
   5     core: improve to header check guards, str consists of length and pointer
   6
   7 diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c
   8 index 22122768a..4dd648e87 100644
   9 --- a/src/core/msg_translator.c
  10 +++ b/src/core/msg_translator.c
  11 @@ -2369,7 +2369,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
  12                         case HDR_TO_T:
  13                                 if (new_tag && new_tag->len) {
  14                                         to_tag=get_to(msg)->tag_value;
  15 -                                       if ( to_tag.len || to_tag.s )
  16 +                                       if ( to_tag.len && to_tag.s )
  17                                                 len+=new_tag->len-to_tag.len;
  18                                         else
  19                                                 len+=new_tag->len+TOTAG_TOKEN_LEN/*";tag="*/;
  20 @@ -2497,7 +2497,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
  21                                 break;
  22                         case HDR_TO_T:
  23                                 if (new_tag && new_tag->len){
  24 -                                       if (to_tag.s ) { /* replacement */
  25 +                                       if (to_tag.len && to_tag.s) { /* replacement */
  26                                                 /* before to-tag */
  27                                                 append_str( p, hdr->name.s, to_tag.s-hdr->name.s);
  28                                                 /* to tag replacement */