[Asterisk-code-review] AST-2022-004: pjproject - possible integer underflow on STUN message (asterisk[certified/16.8])

Kevin Harwell asteriskteam at digium.com
Fri Mar 4 12:36:04 CST 2022


Kevin Harwell has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/18166 )

Change subject: AST-2022-004: pjproject - possible integer underflow on STUN message
......................................................................

AST-2022-004: pjproject - possible integer underflow on STUN message

ASTERISK-29945 #close

Change-Id: I721cd254e4f8aa6d3a97a37529cca53519694c54
---
A third-party/pjproject/patches/0170-stun-integer-underflow.patch
1 file changed, 26 insertions(+), 0 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, approved; Approved for Submit



diff --git a/third-party/pjproject/patches/0170-stun-integer-underflow.patch b/third-party/pjproject/patches/0170-stun-integer-underflow.patch
new file mode 100644
index 0000000..011f8c4
--- /dev/null
+++ b/third-party/pjproject/patches/0170-stun-integer-underflow.patch
@@ -0,0 +1,26 @@
+From 15663e3f37091069b8c98a7fce680dc04bc8e865 Mon Sep 17 00:00:00 2001
+From: sauwming <ming at teluu.com>
+Date: Tue, 10 Aug 2021 11:53:25 +0800
+Subject: [PATCH] Merge pull request from GHSA-2qpg-f6wf-w984
+
+---
+ pjnath/src/pjnath/stun_msg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
+index cd5870f82..bd83351e6 100644
+--- a/pjnath/src/pjnath/stun_msg.c
++++ b/pjnath/src/pjnath/stun_msg.c
+@@ -1763,6 +1763,9 @@ static pj_status_t decode_errcode_attr(pj_pool_t *pool,
+     /* Get pointer to the string in the message */
+     value.ptr = ((char*)buf + ATTR_HDR_LEN + 4);
+     value.slen = attr->hdr.length - 4;
++    /* Make sure the length is never negative */
++    if (value.slen < 0)
++    	value.slen = 0;
+ 
+     /* Copy the string to the attribute */
+     pj_strdup(pool, &attr->reason, &value);
+-- 
+2.25.1
+

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18166
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: certified/16.8
Gerrit-Change-Id: I721cd254e4f8aa6d3a97a37529cca53519694c54
Gerrit-Change-Number: 18166
Gerrit-PatchSet: 1
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-CC: Friendly Automation
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220304/ffcb36f1/attachment.html>


More information about the asterisk-code-review mailing list