guix/gnu/packages/patches/osip-CVE-2017-7853.patch
Leo Famulari 75072795bd
gnu: osip: Fix CVE-2017-7853.
* gnu/packages/patches/osip-CVE-2017-7853.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (osip)[source]: Use it.
2017-06-14 13:16:21 -04:00

40 lines
1.3 KiB
Diff

Fix CVE-2017-7853:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
https://savannah.gnu.org/support/index.php?109265
Patch copied from upstream source repository:
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001
From: Aymeric Moizard <amoizard@gmail.com>
Date: Tue, 21 Feb 2017 17:16:26 +0100
Subject: [PATCH] * fix bug report: sr #109265: SIP message body length
underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265
also applicable to current latest version
---
src/osipparser2/osip_message_parse.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c
index 1628c60..aa35446 100644
--- a/src/osipparser2/osip_message_parse.c
+++ b/src/osipparser2/osip_message_parse.c
@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char
if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
start_of_body++;
+ /* if message body is empty or contains a single CR/LF */
+ if (end_of_body <= start_of_body) {
+ osip_free (sep_boundary);
+ return OSIP_SYNTAXERROR;
+ }
+
body_len = end_of_body - start_of_body;
/* Skip CR before end boundary. */
--
2.13.1