This is a good example of a security issue that needs a security report. A user-crafted SIP message that can core a running proxy is no good. We do need to alert all users and upgrade current releases.
/O
9 okt 2012 kl. 16:32 skrev Daniel-Constantin Mierla miconda@gmail.com:
Hello,
patch applied on master branch, soon it will be backported to stable branch.
Thanks, Daniel
On 10/9/12 3:49 PM, Jijo wrote:
Hello,
kamailio cores when receives a corrupted route header.
For example, this was causing the core.
Route: sip:10.236.236.100;transport=tcp;r2=on;lr;ftag=1348218287134-Test-553188;osb-tag=NM;nat=yes;twan=yes?[=& [=
I found the problem, the pointer was not initializing to null after freeing it. Please apply this fix in the next version.
Here is the diff with the original(3.2.2) and changed version.
PGA:/mnt/o/kamailio-3.2.2/parser # diff -u parse_param.c.orig parse_param.c
--- parse_param.c.orig 2012-10-09 09:42:58.372003500 -0300
+++ parse_param.c 2012-10-09 21:34:14.556367900 -0300
@@ -545,6 +545,7 @@
error:
if (t) pkg_free(t); free_params(*_p);
*_p = 0; return -2;ok:
Thanks Jijo
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - http://asipto.com/u/katu _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev