<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">This is a good example of a security issue that needs a security report. A user-crafted SIP message that can core a running proxy is no good.<div>We do need to alert all users and upgrade current releases.</div><div><br></div><div>/O</div><div><br><div><div>9 okt 2012 kl. 16:32 skrev Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>>:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div text="#000000" bgcolor="#FFFFFF">
Hello,<br>
<br>
patch applied on master branch, soon it will be backported to stable
branch.<br>
<br>
Thanks,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 10/9/12 3:49 PM, Jijo wrote:<br>
</div>
<blockquote cite="mid:CAOYmDE9FRUKfYsyQ9hXn40B2Lpm+Wgewgn-PyA29WEtgumezCg@mail.gmail.com" type="cite">Hello,
<div><br>
</div>
<div>kamailio cores when receives a corrupted route header. </div>
<div><div><span style="color:rgb(31,73,125)"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span style="color:#1f497d">For example,
this was causing
the core.</span></p><div><span style="color:#1f497d"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span style="color:#1f497d">Route: <a moz-do-not-send="true" href="sip:10.236.236.100;transport=tcp;r2=on;lr;ftag=1348218287134-Test-553188;osb-tag=NM;nat=yes;twan=yes?[=&%20[=">sip:10.236.236.100;transport=tcp;r2=on;lr;ftag=1348218287134-Test-553188;osb-tag=NM;nat=yes;twan=yes?[=&
[=</a></span></p><p class="MsoNormal"><br>
</p><p class="MsoNormal">I found the problem, the pointer was
not initializing to null after freeing it. Please apply this
fix in the next version.</p><p class="MsoNormal">Here is the diff with
the original(3.2.2) and changed version.</p><p class="MsoNormal"><br>
</p><p class="MsoNormal">PGA:/mnt/o/kamailio-3.2.2/parser # diff -u
parse_param.c.orig parse_param.c</p><p class="MsoNormal">--- parse_param.c.orig 2012-10-09
09:42:58.372003500 -0300</p><p class="MsoNormal">+++ parse_param.c 2012-10-09
21:34:14.556367900 -0300</p><p class="MsoNormal">@@ -545,6 +545,7 @@</p><p class="MsoNormal"> error:</p><p class="MsoNormal"> if (t) pkg_free(t);</p><p class="MsoNormal">
free_params(*_p);</p><p class="MsoNormal">+ *_p = 0;</p><p class="MsoNormal"> return -2;</p><p class="MsoNormal"><br>
</p><p class="MsoNormal"> ok:</p>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>
Jijo</div><p class="MsoNormal"><br>
</p><p class="MsoNormal"><br>
</p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
sr-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-dev@lists.sip-router.org">sr-dev@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com/">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/kat">http://asipto.com/u/kat</a>
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/katu">http://asipto.com/u/katu</a></pre>
</div>
_______________________________________________<br>sr-dev mailing list<br><a href="mailto:sr-dev@lists.sip-router.org">sr-dev@lists.sip-router.org</a><br>http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev<br></blockquote></div><br></div></body></html>