15 May
2014
15 May
'14
10:14 p.m.
Daniel-Constantin Mierla writes:
The issue was with previous fragment (misread the log
message in the
first place). But was easy to spot what could be the previous fragment
and I think I fixed with commit:
-
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7992a2b…
If you can give it a try, then it can be backported (I had no option to
try it here for now).
daniel,
thanks for spotting the bug. the problem with testing is that i not
managed to reproduce it in master, but need to wait for the attacker to
do the testing in my 4.1 setup.
the patch is very simple (allocate one more byte of space) and i cannot
see how it would cause any problems. it is clear by reading the code
that if no modifications are done, there is no space in the buffer for
'\0'.
so i would suggest that the patch is cherry-picked to 4.1 now and i'll
then keep watch on syslog for this attack in my 4.1 setup.
-- juha