Security fix for CVE-2016-2385

maintainer timed-out
2016-03-16 09:30:01 +00:00 · 2016-03-16 09:30:01 +00:00 · 27b7522eb2
commit 27b7522eb2
parent dae6475d42
2 changed files with 29 additions and 1 deletions
--- a/telephony/kamailio/Makefile
+++ b/telephony/kamailio/Makefile
@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.33 2015/11/20 10:09:52 sthen Exp $
+# $OpenBSD: Makefile,v 1.34 2016/03/16 09:30:01 jasper Exp $

 COMMENT-main =		mature and flexible open source SIP server

 SHARED_ONLY =		Yes

 VERSION =		4.3.3
+REVISION =		0
 DISTNAME =		kamailio-${VERSION}_src
 PKGNAME-main =		kamailio-${VERSION}
 PKGNAME-mysql =		kamailio-mysql-${VERSION}
--- a/telephony/kamailio/patches/patch-modules_seas_encode_msg_c
+++ b/telephony/kamailio/patches/patch-modules_seas_encode_msg_c
@ -0,0 +1,27 @@
+$OpenBSD: patch-modules_seas_encode_msg_c,v 1.1 2016/03/16 09:30:01 jasper Exp $
+
+Security fix for CVE-2016-2385
+https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
+
+--- modules/seas/encode_msg.c.orig	Fri Oct  2 14:35:18 2015
+++ modules/seas/encode_msg.c	Fri Mar 11 09:45:37 2016
+@@ -158,6 +158,7 @@ int encode_msg(struct sip_msg *msg,char *payload,int l
+ 
+    if(len < MAX_ENCODED_MSG + MAX_MESSAGE_LEN)
+       return -1;
+
+    if(parse_headers(msg,HDR_EOH_F,0)<0){
+       myerror="in parse_headers";
+       goto error;
+@@ -266,6 +267,11 @@ int encode_msg(struct sip_msg *msg,char *payload,int l
+    /*j+=k;*/
+    /*pkg_free(payload2);*/
+    /*now we copy the actual message after the headers-meta-section*/
+
+	if(len < j + msg->len + 1) {
+   	   LM_ERR("not enough space to encode sip message\n");
+   	   return -1;
+	}
+    memcpy(&payload[j],msg->buf,msg->len);
+    LM_DBG("msglen = %d,msg starts at %d\n",msg->len,j);
+    j=htons(j);