sr-dev September 2015

sr-dev@lists.kamailio.org

37 participants
388 discussions

registered4() is not adding xavp with details of the record
by Andrew Pogrebennyk 03 Sep '15

03 Sep '15

Hi, I was trying to use registered("location", "$ru", 0, 1) Last parameter is the flag according to http://kamailio.org/docs/modules/stable/modules/registrar.html#registrar.f.… flag values is as follows: 1 - set xavp_rcd with value from matched contact But I'm getting NULL instead of ruid.. While the same works after lookup("location"). So I took a quick look into the code and that confirms that registered4 does not add the xavp with details of the record (ruid), i.e. it does not do what the lookup_helper does. Is this done on purpose or an oversight? While fixing this it might be reasonable to introduce a new function for setting the XAVPs and call it from lookup and registered4 functions, especially since we are going to extend the attributes list beyond just ruid, but right now I'm struggling just to understanding how the XAVP should be built.. Ideas? Thanks, Andrew

2 1

git:master:c078256b: Merge pull request #313 from vance-od/patch-1
by Daniel-Constantin Mierla 03 Sep '15

03 Sep '15

Module: kamailio Branch: master Commit: c078256b927ae4b30ba9e5ae9595e5b2084dcdb6 URL: https://github.com/kamailio/kamailio/commit/c078256b927ae4b30ba9e5ae9595e5b… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-09-03T11:32:10+02:00 Merge pull request #313 from vance-od/patch-1 auth: fixed issue when during registration nonce expired, after backwards time shift --- Modified: modules/auth/nonce.c --- Diff: https://github.com/kamailio/kamailio/commit/c078256b927ae4b30ba9e5ae9595e5b… Patch: https://github.com/kamailio/kamailio/commit/c078256b927ae4b30ba9e5ae9595e5b… --- diff --git a/modules/auth/nonce.c b/modules/auth/nonce.c index 95b967e..025d0d7 100644 --- a/modules/auth/nonce.c +++ b/modules/auth/nonce.c @@ -357,7 +357,13 @@ int check_nonce(auth_body_t* auth, str* secret1, str* secret2, different length (for example because of different auth. checks).. Therefore we force credentials to be rebuilt by UAC without prompting for password */ - return 4; + /* if current time is less than start time, reset the start time + (e.g., after start, the system clock was set in the past) */ + t=time(0); + if (t < up_since) + up_since = t; + if (since < t) + return 4; } t=time(0); if (unlikely((since > t) && ((since-t) > nonce_auth_max_drift) )){

1 0

git:master:063e32a8: Update nonce.c
by vance-od 03 Sep '15

03 Sep '15

Module: kamailio Branch: master Commit: 063e32a8fe81b2cfbaac0386e6b51446586e619a URL: https://github.com/kamailio/kamailio/commit/063e32a8fe81b2cfbaac0386e6b5144… Author: vance-od <vance(a)ukr.net> Committer: vance-od <vance(a)ukr.net> Date: 2015-09-03T11:43:37+03:00 Update nonce.c auth: fixed issue when during registration nonce expired, after backwards time shift --- Modified: modules/auth/nonce.c --- Diff: https://github.com/kamailio/kamailio/commit/063e32a8fe81b2cfbaac0386e6b5144… Patch: https://github.com/kamailio/kamailio/commit/063e32a8fe81b2cfbaac0386e6b5144… --- diff --git a/modules/auth/nonce.c b/modules/auth/nonce.c index 95b967e..025d0d7 100644 --- a/modules/auth/nonce.c +++ b/modules/auth/nonce.c @@ -357,7 +357,13 @@ int check_nonce(auth_body_t* auth, str* secret1, str* secret2, different length (for example because of different auth. checks).. Therefore we force credentials to be rebuilt by UAC without prompting for password */ - return 4; + /* if current time is less than start time, reset the start time + (e.g., after start, the system clock was set in the past) */ + t=time(0); + if (t < up_since) + up_since = t; + if (since < t) + return 4; } t=time(0); if (unlikely((since > t) && ((since-t) > nonce_auth_max_drift) )){

1 0

[kamailio] auth: fixed issue when during registration nonce expired, after backwards time shift (#313)
by vance-od 03 Sep '15

03 Sep '15

You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/313 -- Commit Summary -- * Update nonce.c -- File Changes -- M modules/auth/nonce.c (8) -- Patch Links -- https://github.com/kamailio/kamailio/pull/313.patch https://github.com/kamailio/kamailio/pull/313.diff --- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/313

2 2

[kamailio] Fix read buffer overflow in parse_hname2 (#308)
by Chris Double 02 Sep '15

02 Sep '15

Fix buffer overflow in READ call by making a SAFE_READ that checks the actual length of the buffer. In the buffer overflow case parse_hname2 is called with 'begin' set to the string "Reason:". This string was originally allocated in in rval_get_str as length 6, contents "Reason\0'. The actual pkg_malloc is size of 7 to account for the null terminator. In the caller to parse_hname2 (modules/textops/textops.c line 2229) the null terminator is replaced with a ':' character. parse_hname2 hits the FIRST_QUARTERNIONS macro which expands to a bunch of case statements. The one for the Reason string looks like (macro expanded): case _reas_: p += 4; val = READ(p); switch(LOWER_DWORD(val)) { case _on1_: hdr->type = HDR_REASON_T; hdr->name.len = 6; return (p + 3); The overflow occurs in the READ call. READ is: (*(val + 0) + (*(val + 1) << 8) + (*(val + 2) << 16) + (*(val + 3) << 24)) With 'p' pointing to "Reason:", then p+4 is "on:". That's only three characters of allocated memory left(the : was originally the null character as explained above and the total pkg_malloc allocated length was 7). READ accesses 4 bytes so we go one past the end of the allocated area. The error is noticeable in a DBG_SYS_MALLOC build but not a PKG_MALLOC build - I assume the latter has a large arena allocated making the buffer overflow still valid memory. There are likely other buffer overflows in the READ usage in other cases in this function. I've [posted to the mailing list](http://lists.sip-router.org/pipermail/sr-dev/2015-August/030529.html) about the issue and whether a more general fix is possible: You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/308 -- Commit Summary -- * Fix read buffer overflow in parse_hname2 -- File Changes -- M parser/case_reas.h (2) M parser/parse_hname2.c (19) -- Patch Links -- https://github.com/kamailio/kamailio/pull/308.patch https://github.com/kamailio/kamailio/pull/308.diff --- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/308

2 5

git:master:2aa013d5: textopsx: use safer function to parse header name in short buffer
by Daniel-Constantin Mierla 02 Sep '15

02 Sep '15

Module: kamailio Branch: master Commit: 2aa013d5fb992be98fc1ec90abdf0d67625ab724 URL: https://github.com/kamailio/kamailio/commit/2aa013d5fb992be98fc1ec90abdf0d6… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-09-02T13:31:08+02:00 textopsx: use safer function to parse header name in short buffer --- Modified: modules/textopsx/textopsx.c --- Diff: https://github.com/kamailio/kamailio/commit/2aa013d5fb992be98fc1ec90abdf0d6… Patch: https://github.com/kamailio/kamailio/commit/2aa013d5fb992be98fc1ec90abdf0d6… --- diff --git a/modules/textopsx/textopsx.c b/modules/textopsx/textopsx.c index 6e21242..ba49aee 100644 --- a/modules/textopsx/textopsx.c +++ b/modules/textopsx/textopsx.c @@ -544,7 +544,7 @@ static int fixup_hname_param(char *hname, struct hname_data** h) { (*h)->hname.len = hname - (*h)->hname.s; savec = *hname; *hname = ':'; - parse_hname2((*h)->hname.s, (*h)->hname.s+(*h)->hname.len+3, &hdr); + parse_hname2_short((*h)->hname.s, (*h)->hname.s+(*h)->hname.len, &hdr); *hname = savec; if (hdr.type == HDR_ERROR_T) goto err;

1 0

git:master:b62492e2: textops: use safer function to parse header name in short buffer
by Daniel-Constantin Mierla 02 Sep '15

02 Sep '15

Module: kamailio Branch: master Commit: b62492e2e25984528e4cda7f96d7afee1425ceb3 URL: https://github.com/kamailio/kamailio/commit/b62492e2e25984528e4cda7f96d7afe… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-09-02T13:30:58+02:00 textops: use safer function to parse header name in short buffer --- Modified: modules/textops/textops.c --- Diff: https://github.com/kamailio/kamailio/commit/b62492e2e25984528e4cda7f96d7afe… Patch: https://github.com/kamailio/kamailio/commit/b62492e2e25984528e4cda7f96d7afe… --- diff --git a/modules/textops/textops.c b/modules/textops/textops.c index 7c5e2af..9aaada6 100644 --- a/modules/textops/textops.c +++ b/modules/textops/textops.c @@ -2226,8 +2226,7 @@ static int hname_fixup(void** param, int param_no) gp->v.str.s[gp->v.str.len] = ':'; gp->v.str.len++; - if (parse_hname2(gp->v.str.s, gp->v.str.s - + ((gp->v.str.len<4)?4:gp->v.str.len), &hdr)==0) + if (parse_hname2_short(gp->v.str.s, gp->v.str.s + gp->v.str.len, &hdr)==0) { LM_ERR("error parsing header name\n"); pkg_free(gp);

1 0

git:master:a9dc0f73: pv: use safer function to parse header name in short buffer
by Daniel-Constantin Mierla 02 Sep '15

02 Sep '15

Module: kamailio Branch: master Commit: a9dc0f738f448676b8a92818d442ca7142147f9b URL: https://github.com/kamailio/kamailio/commit/a9dc0f738f448676b8a92818d442ca7… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-09-02T13:30:46+02:00 pv: use safer function to parse header name in short buffer --- Modified: modules/pv/pv_core.c --- Diff: https://github.com/kamailio/kamailio/commit/a9dc0f738f448676b8a92818d442ca7… Patch: https://github.com/kamailio/kamailio/commit/a9dc0f738f448676b8a92818d442ca7… --- diff --git a/modules/pv/pv_core.c b/modules/pv/pv_core.c index 85b6351..9ce9da2 100644 --- a/modules/pv/pv_core.c +++ b/modules/pv/pv_core.c @@ -2820,7 +2820,7 @@ int pv_parse_hdr_name(pv_spec_p sp, str *in) s.s = p; s.len = in->len+1; - if (parse_hname2(s.s, s.s + ((s.len<4)?4:s.len), &hdr)==0) + if (parse_hname2_short(s.s, s.s + s.len, &hdr)==0) { LM_ERR("error parsing header name [%.*s]\n", s.len, s.s); goto error;

1 0

git:master:baf90dba: core: select framework - use safer function to parse header name in short buffer
by Daniel-Constantin Mierla 02 Sep '15

02 Sep '15

Module: kamailio Branch: master Commit: baf90dba5c12158386e501e73daa266321d9de38 URL: https://github.com/kamailio/kamailio/commit/baf90dba5c12158386e501e73daa266… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-09-02T13:29:43+02:00 core: select framework - use safer function to parse header name in short buffer --- Modified: select_core.c --- Diff: https://github.com/kamailio/kamailio/commit/baf90dba5c12158386e501e73daa266… Patch: https://github.com/kamailio/kamailio/commit/baf90dba5c12158386e501e73daa266… --- diff --git a/select_core.c b/select_core.c index d16f59d..a6e6901 100644 --- a/select_core.c +++ b/select_core.c @@ -619,7 +619,7 @@ int select_anyheader(str* res, select_t* s, struct sip_msg* msg) /* if header name is parseable, parse it and set SEL_PARAM_DIV */ c=s->params[2].v.s.s[s->params[2].v.s.len]; s->params[2].v.s.s[s->params[2].v.s.len]=':'; - if (parse_hname2(s->params[2].v.s.s,s->params[2].v.s.s+(s->params[2].v.s.len<3?4:s->params[2].v.s.len+1), + if (parse_hname2_short(s->params[2].v.s.s,s->params[2].v.s.s+(s->params[2].v.s.len<3?4:s->params[2].v.s.len+1), &hdr)==0) { LM_ERR("fixup_call:parse error\n"); return -1;

1 0

git:master:ac27d053: parser: fixed the name for the new parse_hname2_short() function
by Daniel-Constantin Mierla 02 Sep '15

02 Sep '15

Module: kamailio Branch: master Commit: ac27d053ce0d9d9295f3ca8052a320e0c0b01699 URL: https://github.com/kamailio/kamailio/commit/ac27d053ce0d9d9295f3ca8052a320e… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2015-09-02T13:29:09+02:00 parser: fixed the name for the new parse_hname2_short() function --- Modified: parser/parse_hname2.h --- Diff: https://github.com/kamailio/kamailio/commit/ac27d053ce0d9d9295f3ca8052a320e… Patch: https://github.com/kamailio/kamailio/commit/ac27d053ce0d9d9295f3ca8052a320e… --- diff --git a/parser/parse_hname2.h b/parser/parse_hname2.h index d44abb7..fae4b56 100644 --- a/parser/parse_hname2.h +++ b/parser/parse_hname2.h @@ -36,6 +36,6 @@ * @file */ char* parse_hname2(char* const begin, const char* const end, struct hdr_field* const hdr); -char* parse_hname2_safe(char* const begin, const char* const end, struct hdr_field* const hdr); +char* parse_hname2_short(char* const begin, const char* const end, struct hdr_field* const hdr); #endif /* PARSE_HNAME2_H */

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev September 2015