aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/kamailio/APKBUILD6
-rw-r--r--main/kamailio/CVE-2016-2385.patch39
2 files changed, 44 insertions, 1 deletions
diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD
index a65c25fcb1..1291f4cfc0 100644
--- a/main/kamailio/APKBUILD
+++ b/main/kamailio/APKBUILD
@@ -13,7 +13,7 @@ _gittag=HEAD
pkgver=4.2.7
-pkgrel=0
+pkgrel=1
[ -z "${_gitcommit}" ] && _suffix="_src" || _suffix="-${_gitcommit}"
pkgdesc="Open Source SIP Server"
@@ -230,6 +230,7 @@ source="http://www.kamailio.org/pub/kamailio/$pkgver/src/kamailio-${pkgver}${_su
0002-mohqueue-v0-12.patch
default_ctl.patch
kamctl_build.patch
+ CVE-2016-2385.patch
kamailio.cfg
kamailio.initd
@@ -500,6 +501,7 @@ e9c0ba8192a1a4f2a08a2e2add20e3d7 kamailio-4.2-ipops-srv-query.patch
e7555ddb436f6e50ba4501b32a462ef1 0002-mohqueue-v0-12.patch
841fa62c432c5d8aeb57ad70d2ec3030 default_ctl.patch
d0052e6054884b9cec955af4480c7c85 kamctl_build.patch
+38282b05e14c0aa1eb4b3d9689dd673a CVE-2016-2385.patch
299706d97e30a4f0d9b4c873df422866 kamailio.cfg
39dc9355fa7d8fec425d3b17c2fb26e0 kamailio.initd"
sha256sums="c95cddf34bad0de08b100bdf49ae46479c1905d73bf6375668be74c57c20f224 kamailio-4.2.7_src.tar.gz
@@ -510,6 +512,7 @@ b98555ff304b51b82c6cf7e01d757b15ea4f05bd2e603c84d4384df6a6be62b6 0001-musl-fixe
5044189606b47c9cc274fcdbe65d8568c7104ac02c521b53b317be73d9af4fb7 0002-mohqueue-v0-12.patch
755efa4ad126c672bc67c53268260b57f7da1f454cdc1a1601778ed7c7d5f0e5 default_ctl.patch
e00eefed792acbc1ee6eca8fa7389f9973bd53b68fa7abc573f19f1ff26812a1 kamctl_build.patch
+3d8f1c5f22665f3add1b34bf81be0beda3e2e87623cfd1ffa3dd1e635a300e50 CVE-2016-2385.patch
8b742ff710ef67ff59ec07a260690ebcdda24fb6f0b7b64dc50433a1bacf99f2 kamailio.cfg
ba928fa914feea2b95b8c659832e3fbea25eb6ac1ce56e4c23ff58c09f1ec3b8 kamailio.initd"
sha512sums="21395b56c4e928c0893a05bbf01f19c5d02ce1bc53fa1970c2568cbafd71d2af4883c476624fbfd3fc72d953f1a2a8e2fab67c5ff254a0d0f3cbb55489189e2d kamailio-4.2.7_src.tar.gz
@@ -520,5 +523,6 @@ b5c048b6e06de0c7514c14d0ec99bbe939eaa956d9d9d3dd5f48b1bcbcff06dbd6498d384427253f
65ddf572609864c22702fd06724abd6e7228aaff6c9822e935d4ce53e27e223ea1a2e558a86752d8c4e8c6c2d53bfa25365164ab1c9c8bcaefc82a8d18293612 0002-mohqueue-v0-12.patch
2321d8afe29b53057ce21e0552dfb80fd6a0e7dc0caf3c4798a8b253518f4c8c546797302933373f4b055a4531329a36ee2d7117b0a88fe39cf153bfef91a656 default_ctl.patch
4c2c9bde3a4c44feca2863bb03cb031aa55e1c3df21dc7c0acb3a392c34cb36d9a132bcbdf451a0624f8ec202152f1cf238c89280c32f1c04312ce80427a18c6 kamctl_build.patch
+9e5daf343bfaccc1519cfeb2f024e62811c022cc04541c7fb18e5b4d2d35a3fda51487dcb6bd0cdc14a112a92b0c58ecbc043ba59f3daf307bf7a2d5eef73ebb CVE-2016-2385.patch
c1abf69b48847dc8c7ab0d11ef9adb531aa4635f9d44db6933981edc5a47df374664fb24867b19aa64abbcc9777bf1cd0360d9aea54e27b081065928c61e0f0b kamailio.cfg
cd6e3b677d803cd78561ad14d9b2589fd35ad0096f48047fdcb4ddc7d9103871357efba3b350946844cb53dbb081210746421fc420c22ac845b90251168a628e kamailio.initd"
diff --git a/main/kamailio/CVE-2016-2385.patch b/main/kamailio/CVE-2016-2385.patch
new file mode 100644
index 0000000000..b4d9315d6b
--- /dev/null
+++ b/main/kamailio/CVE-2016-2385.patch
@@ -0,0 +1,39 @@
+From bc4a545aa050dd36c982bf102464edbc14a88753 Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Fri, 12 Feb 2016 18:04:19 +0100
+Subject: [PATCH] seas: safety check for target buffer size before copying
+ message in encode_msg()
+
+- avoid buffer overflow for large SIP messages
+- reported by Stelios Tsampas
+
+(cherry picked from commit f50c9c853e7809810099c970780c30b0765b0643)
+(cherry picked from commit 18cd34781d2bdda9c19314c0494f6a655dbe6089)
+---
+ modules/seas/encode_msg.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/modules/seas/encode_msg.c b/modules/seas/encode_msg.c
+index 06d31a3..e56b5fb 100644
+--- a/modules/seas/encode_msg.c
++++ b/modules/seas/encode_msg.c
+@@ -158,6 +158,7 @@ int encode_msg(struct sip_msg *msg,char *payload,int len)
+
+ if(len < MAX_ENCODED_MSG + MAX_MESSAGE_LEN)
+ return -1;
++
+ if(parse_headers(msg,HDR_EOH_F,0)<0){
+ myerror="in parse_headers";
+ goto error;
+@@ -266,6 +267,11 @@ int encode_msg(struct sip_msg *msg,char *payload,int len)
+ /*j+=k;*/
+ /*pkg_free(payload2);*/
+ /*now we copy the actual message after the headers-meta-section*/
++
++ if(len < j + msg->len + 1) {
++ LM_ERR("not enough space to encode sip message\n");
++ return -1;
++ }
+ memcpy(&payload[j],msg->buf,msg->len);
+ LM_DBG("msglen = %d,msg starts at %d\n",msg->len,j);
+ j=htons(j);
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-14 20:05:46 +0000