aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/osip-CVE-2017-7853.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/osip-CVE-2017-7853.patch')
-rw-r--r--gnu/packages/patches/osip-CVE-2017-7853.patch40
1 files changed, 40 insertions, 0 deletions
diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch
new file mode 100644
index 0000000000..33d95cdb0e
--- /dev/null
+++ b/gnu/packages/patches/osip-CVE-2017-7853.patch
@@ -0,0 +1,40 @@
+Fix CVE-2017-7853:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
+https://savannah.gnu.org/support/index.php?109265
+
+Patch copied from upstream source repository:
+
+https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
+
+From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001
+From: Aymeric Moizard <amoizard@gmail.com>
+Date: Tue, 21 Feb 2017 17:16:26 +0100
+Subject: [PATCH] * fix bug report: sr #109265: SIP message body length
+ underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265
+ also applicable to current latest version
+
+---
+ src/osipparser2/osip_message_parse.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c
+index 1628c60..aa35446 100644
+--- a/src/osipparser2/osip_message_parse.c
++++ b/src/osipparser2/osip_message_parse.c
+@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char
+ if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
+ start_of_body++;
+
++ /* if message body is empty or contains a single CR/LF */
++ if (end_of_body <= start_of_body) {
++ osip_free (sep_boundary);
++ return OSIP_SYNTAXERROR;
++ }
++
+ body_len = end_of_body - start_of_body;
+
+ /* Skip CR before end boundary. */
+--
+2.13.1
+