<p>Hello,</p>
<p>I have added some extra verifications to the th_unmask* functions from topoh. The changes add statements which verify that headers contain expected prefix (including mask ip) before trying to unmask them. It seems that some of the th_unmask* functions only check that the headers exist, and then they directly call th_mask_decode on the data.</p>
<p>If other messages that are not encoded by topoh are processed by this function, th_mask_decode may not return an error, and instead create an unreadable string and this is added to the message. Therefore I added some additional checks to see that the message has the expected prefix (or when possible check directly that the host IP is the mask_ip set), if the header does not have the expected form then unmasking is not attempted.</p>
<p>Thanks,<br>
Claudiu Boriga.</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>  <a href='https://github.com/kamailio/kamailio/pull/1052'>https://github.com/kamailio/kamailio/pull/1052</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>topoh: add additional safety checks</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/kamailio/kamailio/pull/1052/files#diff-0">src/modules/topoh/th_msg.c</a>
    (44)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/kamailio/kamailio/pull/1052.patch'>https://github.com/kamailio/kamailio/pull/1052.patch</a></li>
  <li><a href='https://github.com/kamailio/kamailio/pull/1052.diff'>https://github.com/kamailio/kamailio/pull/1052.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/pull/1052">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AF36ZWpWpr7ByxOBTbkNLPeRsJP6qKnUks5rsOxEgaJpZM4Mxf1P">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AF36ZczGWZpApyyo47B7N0oJZVGTqUDPks5rsOxEgaJpZM4Mxf1P.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/kamailio/kamailio/pull/1052"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kamailio/kamailio","title":"kamailio/kamailio","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/kamailio/kamailio"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"topoh: add additional safety checks (#1052)"}],"action":{"name":"View Pull Request","url":"https://github.com/kamailio/kamailio/pull/1052"}}}</script>