Commit | Line | Data |
---|---|---|
75072795 LF |
1 | Fix CVE-2017-7853: |
2 | ||
3 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853 | |
4 | https://savannah.gnu.org/support/index.php?109265 | |
5 | ||
6 | Patch copied from upstream source repository: | |
7 | ||
8 | https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 | |
9 | ||
10 | From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001 | |
11 | From: Aymeric Moizard <amoizard@gmail.com> | |
12 | Date: Tue, 21 Feb 2017 17:16:26 +0100 | |
13 | Subject: [PATCH] * fix bug report: sr #109265: SIP message body length | |
14 | underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265 | |
15 | also applicable to current latest version | |
16 | ||
17 | --- | |
18 | src/osipparser2/osip_message_parse.c | 6 ++++++ | |
19 | 1 file changed, 6 insertions(+) | |
20 | ||
21 | diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c | |
22 | index 1628c60..aa35446 100644 | |
23 | --- a/src/osipparser2/osip_message_parse.c | |
24 | +++ b/src/osipparser2/osip_message_parse.c | |
25 | @@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char | |
26 | if ('\n' == start_of_body[0] || '\r' == start_of_body[0]) | |
27 | start_of_body++; | |
28 | ||
29 | + /* if message body is empty or contains a single CR/LF */ | |
30 | + if (end_of_body <= start_of_body) { | |
31 | + osip_free (sep_boundary); | |
32 | + return OSIP_SYNTAXERROR; | |
33 | + } | |
34 | + | |
35 | body_len = end_of_body - start_of_body; | |
36 | ||
37 | /* Skip CR before end boundary. */ | |
38 | -- | |
39 | 2.13.1 | |
40 |