diff options
author | Timo Teräs <timo.teras@iki.fi> | 2011-04-06 09:49:23 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2011-04-06 09:50:39 +0300 |
commit | 2bf9bd38eb8685a170d201fa253868968f40d125 (patch) | |
tree | 20f353f16618e4f4d07886aab8c6a9a492c2fcb5 | |
parent | 8f192e3b4f2121daad608ebdf7eb4a37514f0a74 (diff) | |
download | aports-2bf9bd38eb8685a170d201fa253868968f40d125.tar.bz2 aports-2bf9bd38eb8685a170d201fa253868968f40d125.tar.xz |
main/kamailio: fix a from header rewriting bug
-rw-r--r-- | main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch | 64 | ||||
-rw-r--r-- | main/kamailio/APKBUILD | 7 |
2 files changed, 69 insertions, 2 deletions
diff --git a/main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch b/main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch new file mode 100644 index 000000000..1b997719b --- /dev/null +++ b/main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch @@ -0,0 +1,64 @@ +From e22eb2886c73634020c2747d6247df6bcb978850 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 6 Apr 2011 09:33:10 +0300 +Subject: [PATCH] modules_k/uac: fix from/to restore for small original URI +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Seems that the URI length check is superfluous and fails under +certain conditions. It does not make sense for the URI to have +zero bytes, so just use the first seen zero byte as end marker. + +I have a reproducible test case where the restore inserts URI +with multiple zero-bytes to wire. This happens if the original +URI is smaller than the one we rewrote it to using uac_replace_from. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +--- + modules_k/uac/from.c | 14 ++++++++------ + 1 files changed, 8 insertions(+), 6 deletions(-) + +However, I think the delta encoding used for the RR attribute +is flawed. Hostile remote server could rewrite the RR attribute +and/or From/To headers in a way to forge it to something it was not +in the first place. Additionally the delta-encoded RR attribute +breaks if the From/To header isn't exact copy of what we sent. + +Would it not make more sense to just send the real original +header (possibly encrypted) but with a checksum? We could then +verify if someone had clobbered the RR attribute and ignore it. +And we could always restore the original URI even if the URI +we are swapping was modified unexpectedly. + +diff --git a/modules_k/uac/from.c b/modules_k/uac/from.c +index 4657e11..50822b6 100644 +--- a/modules_k/uac/from.c ++++ b/modules_k/uac/from.c +@@ -463,15 +463,17 @@ int restore_from( struct sip_msg *msg, int *is_from ) + LM_ERR("new URI shorter than old URI\n"); + goto failed; + } +- for( i=0 ; i<old_uri.len ; i++ ) ++ for( i=0 ; i<old_uri.len ; i++ ) { + new_uri.s[i] ^= old_uri.s[i]; +- if (new_uri.len==old_uri.len) { +- for( ; new_uri.len && (new_uri.s[new_uri.len-1]==0) ; new_uri.len-- ); +- if (new_uri.len==0) { +- LM_ERR("new URI got 0 len\n"); +- goto failed; ++ if (new_uri.s[i] == 0) { ++ new_uri.len = i; ++ break; + } + } ++ if (new_uri.len==0) { ++ LM_ERR("new URI got 0 len\n"); ++ goto failed; ++ } + + LM_DBG("decoded uris are: new=[%.*s] old=[%.*s]\n", + new_uri.len, new_uri.s, old_uri.len, old_uri.s); +-- +1.7.1 + diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD index 93eb9d935..823feb5fc 100644 --- a/main/kamailio/APKBUILD +++ b/main/kamailio/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=kamailio pkgver=3.1.3 -pkgrel=0 +pkgrel=1 pkgdesc="Open Source SIP Server" url="http://www.kamailio.org/" pkgusers="kamailio" @@ -10,6 +10,7 @@ pkggroups="kamailio" arch="all" license="GPL" depends= +arch=all makedepends="bison flex expat-dev postgresql-dev pcre-dev mysql-dev libxml2-dev curl-dev unixodbc-dev confuse-dev ncurses-dev sqlite-dev" install="$pkgname.pre-install $pkgname.pre-upgrade" @@ -20,6 +21,7 @@ source="http://www.kamailio.org/pub/kamailio/$pkgver/src/kamailio-${pkgver}_src. kamailio.initd kamailio-3.1-backslash.patch sqlite.patch + 0001-modules_k-uac-fix-from-to-restore-for-small-original.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -158,4 +160,5 @@ md5sums="679f86d63c069e283a0cdc64f6ba2c99 kamailio-3.1.3_src.tar.gz a3c959ec568c43a905710e7d25cd8c25 kamailio.cfg c0dc4e13d9e57feb99f016d3ee443c0b kamailio.initd 8454687f047f703c5cb443db3a0003a8 kamailio-3.1-backslash.patch -199df21eaa4856dcacdcc438f72765f1 sqlite.patch" +199df21eaa4856dcacdcc438f72765f1 sqlite.patch +3f7d63e6ff634157b8b2bab514af65e9 0001-modules_k-uac-fix-from-to-restore-for-small-original.patch" |