diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-04-11 10:46:11 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-04-11 10:46:11 +0000 |
| commit | 92eaed8bff52f29142f93c446c6c10eb3ba2b4c6 (patch) | |
| tree | e53d7ae0f8a12741d49adeb344f2974083a33cd9 | |
| parent | 1968c4c07185a7285a798c7a5d0aaf78abeadea7 (diff) | |
| download | aports-92eaed8bff52f29142f93c446c6c10eb3ba2b4c6.tar.bz2 aports-92eaed8bff52f29142f93c446c6c10eb3ba2b4c6.tar.xz | |
main/kamailio: security fix (CVE-2016-2385). Fixes #5353
| -rw-r--r-- | main/kamailio/APKBUILD | 6 | ||||
| -rw-r--r-- | main/kamailio/CVE-2016-2385.patch | 39 |
2 files changed, 44 insertions, 1 deletions
diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD index 8dfd1e062c..0b481fc545 100644 --- a/main/kamailio/APKBUILD +++ b/main/kamailio/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Nathan Angelacos <nangel@alpinelinux.org> pkgname=kamailio pkgver=4.1.5 -pkgrel=3 +pkgrel=4 pkgdesc="Open Source SIP Server" url="http://www.kamailio.org/" arch="all" @@ -201,6 +201,7 @@ source="http://www.kamailio.org/pub/kamailio/$pkgver/src/kamailio-${pkgver}_src. 0002-fix_180_replies_in_sca_call_info.patch musl-fixes.patch sqlops-fix-use-after-free-by-deep-copying-result-nam.patch + CVE-2016-2385.patch kamailio.cfg kamailio.initd @@ -421,6 +422,7 @@ bad1ac2d4c95043df271d2ea6d37627a kamailio-4.1-backslash.patch 018ce30f5169866d12b395ba30bf3263 0002-fix_180_replies_in_sca_call_info.patch 558aa761bddb6ac85c152bd767670fcc musl-fixes.patch c76507d21eef8091756a74153fc68994 sqlops-fix-use-after-free-by-deep-copying-result-nam.patch +38282b05e14c0aa1eb4b3d9689dd673a CVE-2016-2385.patch a3c959ec568c43a905710e7d25cd8c25 kamailio.cfg 0e0a271fd3ddb7e87c01c26c7d041d59 kamailio.initd" sha256sums="e24d078aa2a8500f7cf75120628140218241b1faf9f40ece118f4e6a5ca3b3d3 kamailio-4.1.5_src.tar.gz @@ -429,6 +431,7 @@ bbc06f9ae62b2e8df2c58f9a171f0408e075d5a51e2457e85ef3ca01aa972df9 0001-websocket e7217f214c4bdd8c2dbccfa1036a68749b2e7c0dbad0b10a44a84709e1660a99 0002-fix_180_replies_in_sca_call_info.patch 4f316e4c1617833111b86aad1e8878b62599e42bb229fe1ef7eee1d4438471e2 musl-fixes.patch 1182e3af5b771aa027caa0c1f6c4195532b51b8fcd274621593fcd086d4d2a58 sqlops-fix-use-after-free-by-deep-copying-result-nam.patch +3d8f1c5f22665f3add1b34bf81be0beda3e2e87623cfd1ffa3dd1e635a300e50 CVE-2016-2385.patch 8024266849033a917147827c3579a382f10f3796989bebc6de3d7c80c965fb72 kamailio.cfg a90d3ab09a3ed58892e94710a1f80492a61ffad1ccf7ccb5b851bb8f538d32c4 kamailio.initd" sha512sums="578870f96d9251e676c2689d7a48d2a0a4fd37e5bfde0d145adfcffea1470d618f1eb0e5012ffe2c63d1b2c9e659128e3cbe50403c94499951b75e59bb223f0e kamailio-4.1.5_src.tar.gz @@ -437,5 +440,6 @@ a972e57d8d64c104cb3df329442c746588818ed7f148a409d6050bcbbbb021cc1eeb970b59924e0f 558a4dbd2c84a6d0208c5e0a65eacc6241ad20948a5882834d40106f6f1d4b40ec139bf8b513e6e7cb7afee71823f1811d85e2904f9b06720383b5581a1e9aca 0002-fix_180_replies_in_sca_call_info.patch 9afb7191541b40678ede6dd1bb034b2a6a704659acb54e156096fe0660e08358b0691028b1facfb50608ca2d25714962c92ede62e1f95cb53475c89d96bd33e4 musl-fixes.patch 284a13873cf7cf4ae4c1d90c757974ef634863bdde146d4af9feb86e4d96e07a694c299189e8acef838246637dcf36199ac386cecfc4871cefe64b71aa6278b3 sqlops-fix-use-after-free-by-deep-copying-result-nam.patch +9e5daf343bfaccc1519cfeb2f024e62811c022cc04541c7fb18e5b4d2d35a3fda51487dcb6bd0cdc14a112a92b0c58ecbc043ba59f3daf307bf7a2d5eef73ebb CVE-2016-2385.patch 0b666bfa10fd0af97b62749f8691cb3f76d9b40d1abe0a33e810e367bd733d2e8189c89f7f23010ec591116aada6e1a8a403b17449fe775038917617f281ad4d kamailio.cfg 5ddaa059cdef10462c904f061f7bb085e62ad7501e2ed41f797d9e68822bce4e0e5ca09c1586c3901c920f8ce563c8c3ede860752c2b9bdb8f09908388ef337f kamailio.initd" diff --git a/main/kamailio/CVE-2016-2385.patch b/main/kamailio/CVE-2016-2385.patch new file mode 100644 index 0000000000..b4d9315d6b --- /dev/null +++ b/main/kamailio/CVE-2016-2385.patch @@ -0,0 +1,39 @@ +From bc4a545aa050dd36c982bf102464edbc14a88753 Mon Sep 17 00:00:00 2001 +From: Daniel-Constantin Mierla <miconda@gmail.com> +Date: Fri, 12 Feb 2016 18:04:19 +0100 +Subject: [PATCH] seas: safety check for target buffer size before copying + message in encode_msg() + +- avoid buffer overflow for large SIP messages +- reported by Stelios Tsampas + +(cherry picked from commit f50c9c853e7809810099c970780c30b0765b0643) +(cherry picked from commit 18cd34781d2bdda9c19314c0494f6a655dbe6089) +--- + modules/seas/encode_msg.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/modules/seas/encode_msg.c b/modules/seas/encode_msg.c +index 06d31a3..e56b5fb 100644 +--- a/modules/seas/encode_msg.c ++++ b/modules/seas/encode_msg.c +@@ -158,6 +158,7 @@ int encode_msg(struct sip_msg *msg,char *payload,int len) + + if(len < MAX_ENCODED_MSG + MAX_MESSAGE_LEN) + return -1; ++ + if(parse_headers(msg,HDR_EOH_F,0)<0){ + myerror="in parse_headers"; + goto error; +@@ -266,6 +267,11 @@ int encode_msg(struct sip_msg *msg,char *payload,int len) + /*j+=k;*/ + /*pkg_free(payload2);*/ + /*now we copy the actual message after the headers-meta-section*/ ++ ++ if(len < j + msg->len + 1) { ++ LM_ERR("not enough space to encode sip message\n"); ++ return -1; ++ } + memcpy(&payload[j],msg->buf,msg->len); + LM_DBG("msglen = %d,msg starts at %d\n",msg->len,j); + j=htons(j); |