From f9f74ca8698775066a4a91d5cf52d66e0eab586f Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Mon, 15 Jan 2018 20:01:55 +0100 Subject: [PATCH] libosip2: add that fixes multiple CVEs This commit adds a patch copied from Debian that addresses the following bugs: CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 Signed-off-by: Sebastian Kemper --- libs/libosip2/Makefile | 2 +- ...6-10325_CVE-2016-10326_CVE-2017-7853.patch | 69 +++++++++++++++++++ 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 libs/libosip2/patches/002-CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch diff --git a/libs/libosip2/Makefile b/libs/libosip2/Makefile index fe4066b..d5d6a84 100644 --- a/libs/libosip2/Makefile +++ b/libs/libosip2/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libosip2 PKG_VERSION:=4.1.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@GNU/osip diff --git a/libs/libosip2/patches/002-CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch b/libs/libosip2/patches/002-CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch new file mode 100644 index 0000000..b217d0d --- /dev/null +++ b/libs/libosip2/patches/002-CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch @@ -0,0 +1,69 @@ +Upstream patches by Aymeric Moizard : + +7e0793e15e21f68337e130c67b031ca38edf055f +1d9fb1d3a71cc85ef95352e549b140c706cf8696 +b9dd097b5b24f5ee54b0a8739e59641cd51b6ead +1ae06daf3b2375c34af23083394a6f010be24a45 + +--- libosip2-4.1.0.orig/src/osipparser2/osip_body.c ++++ libosip2-4.1.0/src/osipparser2/osip_body.c +@@ -417,6 +417,14 @@ osip_body_to_str (const osip_body_t * bo + } + + if ((osip_list_size (body->headers) > 0) || (body->content_type != NULL)) { ++ if (length < tmp_body - ptr + 3) { ++ size_t len; ++ ++ len = tmp_body - ptr; ++ length = length + 3 + body->length; /* add body->length, to avoid calling realloc often */ ++ ptr = osip_realloc (ptr, length); ++ tmp_body = ptr + len; ++ } + tmp_body = osip_strn_append (tmp_body, CRLF, 2); + } + if (length < tmp_body - ptr + body->length + 4) { +--- libosip2-4.1.0.orig/src/osipparser2/osip_message_parse.c ++++ libosip2-4.1.0/src/osipparser2/osip_message_parse.c +@@ -812,6 +812,12 @@ msg_osip_body_parse (osip_message_t * si + if ('\n' == start_of_body[0] || '\r' == start_of_body[0]) + start_of_body++; + ++ /* if message body is empty or contains a single CR/LF */ ++ if (end_of_body <= start_of_body) { ++ osip_free (sep_boundary); ++ return OSIP_SYNTAXERROR; ++ } ++ + body_len = end_of_body - start_of_body; + + /* Skip CR before end boundary. */ +--- libosip2-4.1.0.orig/src/osipparser2/osip_message_to_str.c ++++ libosip2-4.1.0/src/osipparser2/osip_message_to_str.c +@@ -378,6 +378,13 @@ _osip_message_to_str (osip_message_t * s + /* A start-line isn't required for message/sipfrag parts. */ + } + else { ++ size_t message_len = strlen(tmp); ++ if (_osip_message_realloc (&message, dest, message_len + 3, &malloc_size) < 0) { ++ osip_free (tmp); ++ *dest = NULL; ++ return OSIP_NOMEM; ++ } ++ + message = osip_str_append (message, tmp); + osip_free (tmp); + message = osip_strn_append (message, CRLF, 2); +--- libosip2-4.1.0.orig/src/osipparser2/osip_port.c ++++ libosip2-4.1.0/src/osipparser2/osip_port.c +@@ -1462,8 +1462,10 @@ osip_clrncpy (char *dst, const char *src + char *p; + size_t spaceless_length; + +- if (src == NULL) ++ if (src == NULL || len == 0) { ++ *dst = '\0'; + return NULL; ++ } + + /* find the start of relevant text */ + pbeg = src; -- 2.30.2