diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-04-11 10:35:59 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-04-11 10:35:59 +0000 |
| commit | cca8048cd7a194dbb3fc00bb0a378d78da4e205a (patch) | |
| tree | 3182d46dbdac86b3a5fb5b907bf76530bde7ac7d | |
| parent | a75e57961d887bc6a4512977c49ea048508c1bf0 (diff) | |
| download | aports-cca8048cd7a194dbb3fc00bb0a378d78da4e205a.tar.bz2 aports-cca8048cd7a194dbb3fc00bb0a378d78da4e205a.tar.xz | |
main/kamailio: security fix (CVE-2016-2385). Fixes #5351
| -rw-r--r-- | main/kamailio/APKBUILD | 6 | ||||
| -rw-r--r-- | main/kamailio/CVE-2016-2385.patch | 39 |
2 files changed, 44 insertions, 1 deletions
diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD index a65c25fcb1..1291f4cfc0 100644 --- a/main/kamailio/APKBUILD +++ b/main/kamailio/APKBUILD @@ -13,7 +13,7 @@ _gittag=HEAD pkgver=4.2.7 -pkgrel=0 +pkgrel=1 [ -z "${_gitcommit}" ] && _suffix="_src" || _suffix="-${_gitcommit}" pkgdesc="Open Source SIP Server" @@ -230,6 +230,7 @@ source="http://www.kamailio.org/pub/kamailio/$pkgver/src/kamailio-${pkgver}${_su 0002-mohqueue-v0-12.patch default_ctl.patch kamctl_build.patch + CVE-2016-2385.patch kamailio.cfg kamailio.initd @@ -500,6 +501,7 @@ e9c0ba8192a1a4f2a08a2e2add20e3d7 kamailio-4.2-ipops-srv-query.patch e7555ddb436f6e50ba4501b32a462ef1 0002-mohqueue-v0-12.patch 841fa62c432c5d8aeb57ad70d2ec3030 default_ctl.patch d0052e6054884b9cec955af4480c7c85 kamctl_build.patch +38282b05e14c0aa1eb4b3d9689dd673a CVE-2016-2385.patch 299706d97e30a4f0d9b4c873df422866 kamailio.cfg 39dc9355fa7d8fec425d3b17c2fb26e0 kamailio.initd" sha256sums="c95cddf34bad0de08b100bdf49ae46479c1905d73bf6375668be74c57c20f224 kamailio-4.2.7_src.tar.gz @@ -510,6 +512,7 @@ b98555ff304b51b82c6cf7e01d757b15ea4f05bd2e603c84d4384df6a6be62b6 0001-musl-fixe 5044189606b47c9cc274fcdbe65d8568c7104ac02c521b53b317be73d9af4fb7 0002-mohqueue-v0-12.patch 755efa4ad126c672bc67c53268260b57f7da1f454cdc1a1601778ed7c7d5f0e5 default_ctl.patch e00eefed792acbc1ee6eca8fa7389f9973bd53b68fa7abc573f19f1ff26812a1 kamctl_build.patch +3d8f1c5f22665f3add1b34bf81be0beda3e2e87623cfd1ffa3dd1e635a300e50 CVE-2016-2385.patch 8b742ff710ef67ff59ec07a260690ebcdda24fb6f0b7b64dc50433a1bacf99f2 kamailio.cfg ba928fa914feea2b95b8c659832e3fbea25eb6ac1ce56e4c23ff58c09f1ec3b8 kamailio.initd" sha512sums="21395b56c4e928c0893a05bbf01f19c5d02ce1bc53fa1970c2568cbafd71d2af4883c476624fbfd3fc72d953f1a2a8e2fab67c5ff254a0d0f3cbb55489189e2d kamailio-4.2.7_src.tar.gz @@ -520,5 +523,6 @@ b5c048b6e06de0c7514c14d0ec99bbe939eaa956d9d9d3dd5f48b1bcbcff06dbd6498d384427253f 65ddf572609864c22702fd06724abd6e7228aaff6c9822e935d4ce53e27e223ea1a2e558a86752d8c4e8c6c2d53bfa25365164ab1c9c8bcaefc82a8d18293612 0002-mohqueue-v0-12.patch 2321d8afe29b53057ce21e0552dfb80fd6a0e7dc0caf3c4798a8b253518f4c8c546797302933373f4b055a4531329a36ee2d7117b0a88fe39cf153bfef91a656 default_ctl.patch 4c2c9bde3a4c44feca2863bb03cb031aa55e1c3df21dc7c0acb3a392c34cb36d9a132bcbdf451a0624f8ec202152f1cf238c89280c32f1c04312ce80427a18c6 kamctl_build.patch +9e5daf343bfaccc1519cfeb2f024e62811c022cc04541c7fb18e5b4d2d35a3fda51487dcb6bd0cdc14a112a92b0c58ecbc043ba59f3daf307bf7a2d5eef73ebb CVE-2016-2385.patch c1abf69b48847dc8c7ab0d11ef9adb531aa4635f9d44db6933981edc5a47df374664fb24867b19aa64abbcc9777bf1cd0360d9aea54e27b081065928c61e0f0b kamailio.cfg cd6e3b677d803cd78561ad14d9b2589fd35ad0096f48047fdcb4ddc7d9103871357efba3b350946844cb53dbb081210746421fc420c22ac845b90251168a628e kamailio.initd" diff --git a/main/kamailio/CVE-2016-2385.patch b/main/kamailio/CVE-2016-2385.patch new file mode 100644 index 0000000000..b4d9315d6b --- /dev/null +++ b/main/kamailio/CVE-2016-2385.patch @@ -0,0 +1,39 @@ +From bc4a545aa050dd36c982bf102464edbc14a88753 Mon Sep 17 00:00:00 2001 +From: Daniel-Constantin Mierla <miconda@gmail.com> +Date: Fri, 12 Feb 2016 18:04:19 +0100 +Subject: [PATCH] seas: safety check for target buffer size before copying + message in encode_msg() + +- avoid buffer overflow for large SIP messages +- reported by Stelios Tsampas + +(cherry picked from commit f50c9c853e7809810099c970780c30b0765b0643) +(cherry picked from commit 18cd34781d2bdda9c19314c0494f6a655dbe6089) +--- + modules/seas/encode_msg.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/modules/seas/encode_msg.c b/modules/seas/encode_msg.c +index 06d31a3..e56b5fb 100644 +--- a/modules/seas/encode_msg.c ++++ b/modules/seas/encode_msg.c +@@ -158,6 +158,7 @@ int encode_msg(struct sip_msg *msg,char *payload,int len) + + if(len < MAX_ENCODED_MSG + MAX_MESSAGE_LEN) + return -1; ++ + if(parse_headers(msg,HDR_EOH_F,0)<0){ + myerror="in parse_headers"; + goto error; +@@ -266,6 +267,11 @@ int encode_msg(struct sip_msg *msg,char *payload,int len) + /*j+=k;*/ + /*pkg_free(payload2);*/ + /*now we copy the actual message after the headers-meta-section*/ ++ ++ if(len < j + msg->len + 1) { ++ LM_ERR("not enough space to encode sip message\n"); ++ return -1; ++ } + memcpy(&payload[j],msg->buf,msg->len); + LM_DBG("msglen = %d,msg starts at %d\n",msg->len,j); + j=htons(j); |