diff options
author | Leo Famulari <leo@famulari.name> | 2017-06-14 13:15:31 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-06-14 13:16:21 -0400 |
commit | 75072795bd5239f8f57daf946b4918c3acd37d27 (patch) | |
tree | edea33dfdfab8010b7087b08393850f371ed6d30 /gnu/packages/patches | |
parent | 6dfbbd2c11f960b796b02d36c97a195d220839e2 (diff) | |
download | guix-75072795bd5239f8f57daf946b4918c3acd37d27.tar guix-75072795bd5239f8f57daf946b4918c3acd37d27.tar.gz |
gnu: osip: Fix CVE-2017-7853.
* gnu/packages/patches/osip-CVE-2017-7853.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/telephony.scm (osip)[source]: Use it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/osip-CVE-2017-7853.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch new file mode 100644 index 0000000000..33d95cdb0e --- /dev/null +++ b/gnu/packages/patches/osip-CVE-2017-7853.patch @@ -0,0 +1,40 @@ +Fix CVE-2017-7853: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853 +https://savannah.gnu.org/support/index.php?109265 + +Patch copied from upstream source repository: + +https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 + +From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001 +From: Aymeric Moizard <amoizard@gmail.com> +Date: Tue, 21 Feb 2017 17:16:26 +0100 +Subject: [PATCH] * fix bug report: sr #109265: SIP message body length + underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265 + also applicable to current latest version + +--- + src/osipparser2/osip_message_parse.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c +index 1628c60..aa35446 100644 +--- a/src/osipparser2/osip_message_parse.c ++++ b/src/osipparser2/osip_message_parse.c +@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char + if ('\n' == start_of_body[0] || '\r' == start_of_body[0]) + start_of_body++; + ++ /* if message body is empty or contains a single CR/LF */ ++ if (end_of_body <= start_of_body) { ++ osip_free (sep_boundary); ++ return OSIP_SYNTAXERROR; ++ } ++ + body_len = end_of_body - start_of_body; + + /* Skip CR before end boundary. */ +-- +2.13.1 + |