mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: osip: Fix CVE-2017-7853.
* gnu/packages/patches/osip-CVE-2017-7853.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/telephony.scm (osip)[source]: Use it.
This commit is contained in:
parent
6dfbbd2c11
commit
75072795bd
3 changed files with 42 additions and 0 deletions
|
@ -876,6 +876,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \
|
%D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \
|
||||||
%D%/packages/patches/openssl-c-rehash-in.patch \
|
%D%/packages/patches/openssl-c-rehash-in.patch \
|
||||||
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \
|
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \
|
||||||
|
%D%/packages/patches/osip-CVE-2017-7853.patch \
|
||||||
%D%/packages/patches/ots-no-include-missing-file.patch \
|
%D%/packages/patches/ots-no-include-missing-file.patch \
|
||||||
%D%/packages/patches/p7zip-CVE-2016-9296.patch \
|
%D%/packages/patches/p7zip-CVE-2016-9296.patch \
|
||||||
%D%/packages/patches/p7zip-remove-unused-code.patch \
|
%D%/packages/patches/p7zip-remove-unused-code.patch \
|
||||||
|
|
40
gnu/packages/patches/osip-CVE-2017-7853.patch
Normal file
40
gnu/packages/patches/osip-CVE-2017-7853.patch
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
Fix CVE-2017-7853:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
|
||||||
|
https://savannah.gnu.org/support/index.php?109265
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
|
||||||
|
|
||||||
|
From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Aymeric Moizard <amoizard@gmail.com>
|
||||||
|
Date: Tue, 21 Feb 2017 17:16:26 +0100
|
||||||
|
Subject: [PATCH] * fix bug report: sr #109265: SIP message body length
|
||||||
|
underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265
|
||||||
|
also applicable to current latest version
|
||||||
|
|
||||||
|
---
|
||||||
|
src/osipparser2/osip_message_parse.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c
|
||||||
|
index 1628c60..aa35446 100644
|
||||||
|
--- a/src/osipparser2/osip_message_parse.c
|
||||||
|
+++ b/src/osipparser2/osip_message_parse.c
|
||||||
|
@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char
|
||||||
|
if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
|
||||||
|
start_of_body++;
|
||||||
|
|
||||||
|
+ /* if message body is empty or contains a single CR/LF */
|
||||||
|
+ if (end_of_body <= start_of_body) {
|
||||||
|
+ osip_free (sep_boundary);
|
||||||
|
+ return OSIP_SYNTAXERROR;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
body_len = end_of_body - start_of_body;
|
||||||
|
|
||||||
|
/* Skip CR before end boundary. */
|
||||||
|
--
|
||||||
|
2.13.1
|
||||||
|
|
|
@ -124,6 +124,7 @@ (define-public osip
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "mirror://gnu/osip/libosip2-" version ".tar.gz"))
|
(uri (string-append "mirror://gnu/osip/libosip2-" version ".tar.gz"))
|
||||||
|
(patches (search-patches "osip-CVE-2017-7853.patch"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"00yznbrm9q04wgd4b831km8iwlvwvsnwv87igf79g5vj9yakr88q"))))
|
"00yznbrm9q04wgd4b831km8iwlvwvsnwv87igf79g5vj9yakr88q"))))
|
||||||
|
|
Loading…
Reference in a new issue