summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2011-04-06 09:49:23 +0300
committerTimo Teräs <timo.teras@iki.fi>2011-04-06 09:49:45 +0300
commit83289d3ce3c0fd35ca88dd7e26f3ab894b44d94b (patch)
tree5f2f65562a016975e78c52926731d15302e92af4
parentbb3528edf0f8da7014f9ee58c9c8e5ce9aac39f0 (diff)
downloadaports-2.1-stable.tar.bz2
aports-2.1-stable.tar.xz
main/kamailio: fix a from header rewriting bug2.1-stable
-rw-r--r--main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch64
-rw-r--r--main/kamailio/APKBUILD7
2 files changed, 69 insertions, 2 deletions
diff --git a/main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch b/main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch
new file mode 100644
index 00000000..1b997719
--- /dev/null
+++ b/main/kamailio/0001-modules_k-uac-fix-from-to-restore-for-small-original.patch
@@ -0,0 +1,64 @@
+From e22eb2886c73634020c2747d6247df6bcb978850 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Wed, 6 Apr 2011 09:33:10 +0300
+Subject: [PATCH] modules_k/uac: fix from/to restore for small original URI
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Seems that the URI length check is superfluous and fails under
+certain conditions. It does not make sense for the URI to have
+zero bytes, so just use the first seen zero byte as end marker.
+
+I have a reproducible test case where the restore inserts URI
+with multiple zero-bytes to wire. This happens if the original
+URI is smaller than the one we rewrote it to using uac_replace_from.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ modules_k/uac/from.c | 14 ++++++++------
+ 1 files changed, 8 insertions(+), 6 deletions(-)
+
+However, I think the delta encoding used for the RR attribute
+is flawed. Hostile remote server could rewrite the RR attribute
+and/or From/To headers in a way to forge it to something it was not
+in the first place. Additionally the delta-encoded RR attribute
+breaks if the From/To header isn't exact copy of what we sent.
+
+Would it not make more sense to just send the real original
+header (possibly encrypted) but with a checksum? We could then
+verify if someone had clobbered the RR attribute and ignore it.
+And we could always restore the original URI even if the URI
+we are swapping was modified unexpectedly.
+
+diff --git a/modules_k/uac/from.c b/modules_k/uac/from.c
+index 4657e11..50822b6 100644
+--- a/modules_k/uac/from.c
++++ b/modules_k/uac/from.c
+@@ -463,15 +463,17 @@ int restore_from( struct sip_msg *msg, int *is_from )
+ LM_ERR("new URI shorter than old URI\n");
+ goto failed;
+ }
+- for( i=0 ; i<old_uri.len ; i++ )
++ for( i=0 ; i<old_uri.len ; i++ ) {
+ new_uri.s[i] ^= old_uri.s[i];
+- if (new_uri.len==old_uri.len) {
+- for( ; new_uri.len && (new_uri.s[new_uri.len-1]==0) ; new_uri.len-- );
+- if (new_uri.len==0) {
+- LM_ERR("new URI got 0 len\n");
+- goto failed;
++ if (new_uri.s[i] == 0) {
++ new_uri.len = i;
++ break;
+ }
+ }
++ if (new_uri.len==0) {
++ LM_ERR("new URI got 0 len\n");
++ goto failed;
++ }
+
+ LM_DBG("decoded uris are: new=[%.*s] old=[%.*s]\n",
+ new_uri.len, new_uri.s, old_uri.len, old_uri.s);
+--
+1.7.1
+
diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD
index bc044d9d..319cdc80 100644
--- a/main/kamailio/APKBUILD
+++ b/main/kamailio/APKBUILD
@@ -2,13 +2,14 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=kamailio
pkgver=3.1.3
-pkgrel=0
+pkgrel=1
pkgdesc="Open Source SIP Server"
url="http://www.kamailio.org/"
pkgusers="kamailio"
pkggroups="kamailio"
license="GPL"
depends=
+arch=all
makedepends="bison flex expat-dev postgresql-dev pcre-dev mysql-dev
libxml2-dev curl-dev unixodbc-dev confuse-dev ncurses-dev sqlite-dev"
install="$pkgname.pre-install $pkgname.pre-upgrade"
@@ -19,6 +20,7 @@ source="http://www.kamailio.org/pub/kamailio/$pkgver/src/kamailio-${pkgver}_src.
kamailio.initd
kamailio-3.1-backslash.patch
sqlite.patch
+ 0001-modules_k-uac-fix-from-to-restore-for-small-original.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -157,4 +159,5 @@ md5sums="679f86d63c069e283a0cdc64f6ba2c99 kamailio-3.1.3_src.tar.gz
a3c959ec568c43a905710e7d25cd8c25 kamailio.cfg
c0dc4e13d9e57feb99f016d3ee443c0b kamailio.initd
8454687f047f703c5cb443db3a0003a8 kamailio-3.1-backslash.patch
-199df21eaa4856dcacdcc438f72765f1 sqlite.patch"
+199df21eaa4856dcacdcc438f72765f1 sqlite.patch
+3f7d63e6ff634157b8b2bab514af65e9 0001-modules_k-uac-fix-from-to-restore-for-small-original.patch"