Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[8308] branches/1.0/package/pjsip
|
From: <abe...@us...> - 2017-05-20 04:20:16
|
Revision: 8308
http://sourceforge.net/p/astlinux/code/8308
Author: abelbeck
Date: 2017-05-20 04:20:15 +0000 (Sat, 20 May 2017)
Log Message:
-----------
pjsip, add Asterisk 13.15.1 patches including security fixes: AST-2017-002 and AST-2017-003
Added Paths:
-----------
branches/1.0/package/pjsip/pjsip-0014-Add-pjsip-transport-register-type-ipv6.patch
branches/1.0/package/pjsip/pjsip-0025-fix-print-xml-crash.patch
branches/1.0/package/pjsip/pjsip-0058-Parse-zero-length-multipart-body-parts-correctly.patch
branches/1.0/package/pjsip/pjsip-0059-Ensure-2543-transaction-key-buffer-is-large-enough.patch
Added: branches/1.0/package/pjsip/pjsip-0014-Add-pjsip-transport-register-type-ipv6.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0014-Add-pjsip-transport-register-type-ipv6.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0014-Add-pjsip-transport-register-type-ipv6.patch 2017-05-20 04:20:15 UTC (rev 8308)
@@ -0,0 +1,62 @@
+From daeb0956524606b597704a90b54d81340e10b3e4 Mon Sep 17 00:00:00 2001
+From: Joshua Colp <jc...@di...>
+Date: Tue, 7 Mar 2017 12:32:49 +0000
+Subject: [PATCH] Add support for registering IPv6 transport type.
+
+This change allows an IPv6 transport type to be registered
+and used. The IPv4 transport is found (if available) and the
+IPv4 flag added to its type to match how the finding of
+IPv6 transport types works.
+---
+ pjsip/src/pjsip/sip_transport.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
+index 7df6138..ce72814 100644
+--- a/pjsip/src/pjsip/sip_transport.c
++++ b/pjsip/src/pjsip/sip_transport.c
+@@ -253,6 +253,7 @@ PJ_DEF(pj_status_t) pjsip_transport_register_type( unsigned tp_flag,
+ int *p_tp_type)
+ {
+ unsigned i;
++ pjsip_transport_type_e parent = 0;
+
+ PJ_ASSERT_RETURN(tp_flag && tp_name && def_port, PJ_EINVAL);
+ PJ_ASSERT_RETURN(pj_ansi_strlen(tp_name) <
+@@ -260,6 +261,11 @@ PJ_DEF(pj_status_t) pjsip_transport_register_type( unsigned tp_flag,
+ PJ_ENAMETOOLONG);
+
+ for (i=1; i<PJ_ARRAY_SIZE(transport_names); ++i) {
++ if (tp_flag & PJSIP_TRANSPORT_IPV6 &&
++ pj_stricmp2(&transport_names[i].name, tp_name) == 0)
++ {
++ parent = transport_names[i].type;
++ }
+ if (transport_names[i].type == 0)
+ break;
+ }
+@@ -267,14 +273,19 @@ PJ_DEF(pj_status_t) pjsip_transport_register_type( unsigned tp_flag,
+ if (i == PJ_ARRAY_SIZE(transport_names))
+ return PJ_ETOOMANY;
+
+- transport_names[i].type = (pjsip_transport_type_e)i;
++ if (tp_flag & PJSIP_TRANSPORT_IPV6 && parent) {
++ transport_names[i].type = parent | PJSIP_TRANSPORT_IPV6;
++ } else {
++ transport_names[i].type = (pjsip_transport_type_e)i;
++ }
++
+ transport_names[i].port = (pj_uint16_t)def_port;
+ pj_ansi_strcpy(transport_names[i].name_buf, tp_name);
+ transport_names[i].name = pj_str(transport_names[i].name_buf);
+ transport_names[i].flag = tp_flag;
+
+ if (p_tp_type)
+- *p_tp_type = i;
++ *p_tp_type = transport_names[i].type;
+
+ return PJ_SUCCESS;
+ }
+--
+2.7.4
+
Added: branches/1.0/package/pjsip/pjsip-0025-fix-print-xml-crash.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0025-fix-print-xml-crash.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0025-fix-print-xml-crash.patch 2017-05-20 04:20:15 UTC (rev 8308)
@@ -0,0 +1,24 @@
+From 1bc5ca699f523bd8e910203a3eb4dee58f366976 Mon Sep 17 00:00:00 2001
+From: Joshua Elson <jos...@gm...>
+Date: Mon, 20 Mar 2017 19:28:47 -0600
+Subject: [PATCH] Prevent memory corruption on xml tag write
+
+---
+ pjlib-util/src/pjlib-util/xml.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pjlib-util/src/pjlib-util/xml.c b/pjlib-util/src/pjlib-util/xml.c
+index 296b232..b0aad26 100644
+--- a/pjlib-util/src/pjlib-util/xml.c
++++ b/pjlib-util/src/pjlib-util/xml.c
+@@ -248,6 +248,7 @@ static int xml_print_node( const pj_xml_node *node, int indent,
+ if (node->content.slen==0 &&
+ node->node_head.next==(pj_xml_node*)&node->node_head)
+ {
++ if (SIZE_LEFT() < 3) return -1;
+ *p++ = ' ';
+ *p++ = '/';
+ *p++ = '>';
+--
+2.10.1 (Apple Git-78)
+
Added: branches/1.0/package/pjsip/pjsip-0058-Parse-zero-length-multipart-body-parts-correctly.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0058-Parse-zero-length-multipart-body-parts-correctly.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0058-Parse-zero-length-multipart-body-parts-correctly.patch 2017-05-20 04:20:15 UTC (rev 8308)
@@ -0,0 +1,41 @@
+From f0c717463d569f87a16f9b014033c8ca8939a7b4 Mon Sep 17 00:00:00 2001
+From: Mark Michelson <mmi...@di...>
+Date: Thu, 13 Apr 2017 16:59:40 -0500
+Subject: [PATCH] Parse zero-length multipart body parts correctly.
+
+The calculation of end_body could result in a negative length being
+passed to multipart_body_parse_part().
+---
+ pjsip/src/pjsip/sip_multipart.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/pjsip/src/pjsip/sip_multipart.c b/pjsip/src/pjsip/sip_multipart.c
+index 8351f7e..b302139 100644
+--- a/pjsip/src/pjsip/sip_multipart.c
++++ b/pjsip/src/pjsip/sip_multipart.c
+@@ -646,13 +646,15 @@ PJ_DEF(pjsip_msg_body*) pjsip_multipart_parse(pj_pool_t *pool,
+
+ end_body = curptr;
+
+- /* The newline preceeding the delimiter is conceptually part of
+- * the delimiter, so trim it from the body.
+- */
+- if (*(end_body-1) == '\n')
+- --end_body;
+- if (*(end_body-1) == '\r')
+- --end_body;
++ if (end_body > start_body) {
++ /* The newline preceeding the delimiter is conceptually part of
++ * the delimiter, so trim it from the body.
++ */
++ if (*(end_body-1) == '\n')
++ --end_body;
++ if (*(end_body-1) == '\r')
++ --end_body;
++ }
+
+ /* Now that we have determined the part's boundary, parse it
+ * to get the header and body part of the part.
+--
+1.9.1
+
Added: branches/1.0/package/pjsip/pjsip-0059-Ensure-2543-transaction-key-buffer-is-large-enough.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0059-Ensure-2543-transaction-key-buffer-is-large-enough.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0059-Ensure-2543-transaction-key-buffer-is-large-enough.patch 2017-05-20 04:20:15 UTC (rev 8308)
@@ -0,0 +1,29 @@
+From b5f0f8868363c482a2c4ce343e3ee6ad256b0708 Mon Sep 17 00:00:00 2001
+From: Mark Michelson <mmi...@di...>
+Date: Thu, 13 Apr 2017 16:20:07 -0500
+Subject: [PATCH] Ensure 2543 transaction key buffer is large enough.
+
+The CSeq method length needs to be factored into the allocated buffer
+length. Otherwise, the buffer may not be large enough to accommodate the
+entire key.
+---
+ pjsip/src/pjsip/sip_transaction.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c
+index c1750dc..2200d8d 100644
+--- a/pjsip/src/pjsip/sip_transaction.c
++++ b/pjsip/src/pjsip/sip_transaction.c
+@@ -288,7 +288,8 @@ static pj_status_t create_tsx_key_2543( pj_pool_t *pool,
+ host = &rdata->msg_info.via->sent_by.host;
+
+ /* Calculate length required. */
+- len_required = 9 + /* CSeq number */
++ len_required = method->name.slen + /* Method */
++ 9 + /* CSeq number */
+ rdata->msg_info.from->tag.slen + /* From tag. */
+ rdata->msg_info.cid->id.slen + /* Call-ID */
+ host->slen + /* Via host. */
+--
+1.9.1
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
