[Asterisk-code-review] AST-2022-006: pjproject - unconstrained malformed multipart SIP message (asterisk[certified/16.8])
Kevin Harwell
asteriskteam at digium.com
Fri Mar 4 12:47:39 CST 2022
Kevin Harwell has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/18177 )
Change subject: AST-2022-006: pjproject - unconstrained malformed multipart SIP message
......................................................................
AST-2022-006: pjproject - unconstrained malformed multipart SIP message
ASTERISK-29945 #close
Change-Id: Ic58957afc453195d53c2bd25c905df3d91d1abe6
---
A third-party/pjproject/patches/0172-prevent-multipart-oob.patch
1 file changed, 42 insertions(+), 0 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/77/18177/1
diff --git a/third-party/pjproject/patches/0172-prevent-multipart-oob.patch b/third-party/pjproject/patches/0172-prevent-multipart-oob.patch
new file mode 100644
index 0000000..2c82035
--- /dev/null
+++ b/third-party/pjproject/patches/0172-prevent-multipart-oob.patch
@@ -0,0 +1,42 @@
+From 077b465c33f0aec05a49cd2ca456f9a1b112e896 Mon Sep 17 00:00:00 2001
+From: sauwming <ming at teluu.com>
+Date: Wed, 26 Jan 2022 13:28:57 +0800
+Subject: [PATCH] Merge pull request from GHSA-7fw8-54cv-r7pm
+
+---
+ pjlib-util/src/pjlib-util/scanner.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/scanner.c b/pjlib-util/src/pjlib-util/scanner.c
+index 27a0b8831..a54edf2d8 100644
+--- a/pjlib-util/src/pjlib-util/scanner.c
++++ b/pjlib-util/src/pjlib-util/scanner.c
+@@ -444,16 +444,21 @@ PJ_DEF(void) pj_scan_get_n( pj_scanner *scanner,
+
+ PJ_DEF(int) pj_scan_get_char( pj_scanner *scanner )
+ {
+- int chr = *scanner->curptr;
++ register char *s = scanner->curptr;
++ int chr;
+
+- if (!chr) {
++ if (s >= scanner->end || !*s) {
+ pj_scan_syntax_err(scanner);
+ return 0;
+ }
+
+- ++scanner->curptr;
++ chr = *s;
+
+- if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws) {
++ ++s;
++ scanner->curptr = s;
++ if (PJ_SCAN_CHECK_EOF(s) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
++ scanner->skip_ws)
++ {
+ pj_scan_skip_whitespace(scanner);
+ }
+ return chr;
+--
+2.25.1
+
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18177
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: certified/16.8
Gerrit-Change-Id: Ic58957afc453195d53c2bd25c905df3d91d1abe6
Gerrit-Change-Number: 18177
Gerrit-PatchSet: 1
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220304/77e7378c/attachment-0001.html>
More information about the asterisk-code-review
mailing list