Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

topology_hiding: fix encoded Contact length calculation #3262

Merged
merged 1 commit into from
Feb 13, 2024
Merged

topology_hiding: fix encoded Contact length calculation #3262

merged 1 commit into from
Feb 13, 2024

Conversation

jes
Copy link
Contributor

@jes jes commented Dec 1, 2023

Summary

OpenSIPS can segfault when topology_hiding's encoded Contact header is too big to fit in its calculated length.

Details

The calculated length should be accumulated in total_len, but instead the assignment is to suffix_len, presumably due to a copy and paste error.

This bug was introduced in e23be5d presumably as a copy-and-paste mistake.

Solution

My solution is to accumulate the length in total_len instead of in suffix_len.

Compatibility

Probably doesn't break other scenarios.

Closing issues

@jes
topology_hiding: fix encoded Contact length calculation
ac1e2f3 
This leads to segfaults (and probable vulnerabilities) when the allocated buffer
is not long enough to contain its contents.

This bug was introduced in
OpenSIPS@e23be5d
presumably as a copy-and-paste mistake.
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2024

Any updates here? No progress has been made in the last 30 days, marking as stale.

@github-actions github-actions bot added the stale label Jan 1, 2024
@jes
Copy link
Contributor Author

jes commented Jan 1, 2024

No updates here.

@stale stale bot removed the stale label Jan 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 1, 2024

Any updates here? No progress has been made in the last 30 days, marking as stale.

@github-actions github-actions bot added the stale label Feb 1, 2024
@jes
Copy link
Contributor Author

jes commented Feb 1, 2024

No updates here.

@stale stale bot removed the stale label Feb 1, 2024
@bogdan-iancu
Copy link
Member

@jes , yes, you are totally right on this, good catch !

@bogdan-iancu bogdan-iancu self-assigned this Feb 13, 2024
@bogdan-iancu bogdan-iancu merged commit da20b22 into OpenSIPS:master Feb 13, 2024
44 checks passed
bogdan-iancu added a commit that referenced this pull request Feb 13, 2024
@bogdan-iancu
Merge pull request #3262 from jes/jes/topology-hiding-fix
0f46cdd 
topology_hiding: fix encoded Contact length calculation

(cherry picked from commit da20b22)
bogdan-iancu added a commit that referenced this pull request Feb 13, 2024
@bogdan-iancu
Merge pull request #3262 from jes/jes/topology-hiding-fix
2b74886 
topology_hiding: fix encoded Contact length calculation

(cherry picked from commit da20b22)
@jes
Copy link
Contributor Author

jes commented Feb 13, 2024

Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bogdan-iancu bogdan-iancu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jes @bogdan-iancu