<p>Kevin Harwell has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/18166">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2022-004: pjproject - possible integer underflow on STUN message<br><br>ASTERISK-29945 #close<br><br>Change-Id: I721cd254e4f8aa6d3a97a37529cca53519694c54<br>---<br>A third-party/pjproject/patches/0170-stun-integer-underflow.patch<br>1 file changed, 26 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/66/18166/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/third-party/pjproject/patches/0170-stun-integer-underflow.patch b/third-party/pjproject/patches/0170-stun-integer-underflow.patch</span><br><span>new file mode 100644</span><br><span>index 0000000..011f8c4</span><br><span>--- /dev/null</span><br><span>+++ b/third-party/pjproject/patches/0170-stun-integer-underflow.patch</span><br><span>@@ -0,0 +1,26 @@</span><br><span style="color: hsl(120, 100%, 40%);">+>From 15663e3f37091069b8c98a7fce680dc04bc8e865 Mon Sep 17 00:00:00 2001</span><br><span style="color: hsl(120, 100%, 40%);">+From: sauwming <ming@teluu.com></span><br><span style="color: hsl(120, 100%, 40%);">+Date: Tue, 10 Aug 2021 11:53:25 +0800</span><br><span style="color: hsl(120, 100%, 40%);">+Subject: [PATCH] Merge pull request from GHSA-2qpg-f6wf-w984</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+---</span><br><span style="color: hsl(120, 100%, 40%);">+ pjnath/src/pjnath/stun_msg.c | 3 +++</span><br><span style="color: hsl(120, 100%, 40%);">+ 1 file changed, 3 insertions(+)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c</span><br><span style="color: hsl(120, 100%, 40%);">+index cd5870f82..bd83351e6 100644</span><br><span style="color: hsl(120, 100%, 40%);">+--- a/pjnath/src/pjnath/stun_msg.c</span><br><span>++++ b/pjnath/src/pjnath/stun_msg.c</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -1763,6 +1763,9 @@ static pj_status_t decode_errcode_attr(pj_pool_t *pool,</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Get pointer to the string in the message */</span><br><span style="color: hsl(120, 100%, 40%);">+ value.ptr = ((char*)buf + ATTR_HDR_LEN + 4);</span><br><span style="color: hsl(120, 100%, 40%);">+ value.slen = attr->hdr.length - 4;</span><br><span style="color: hsl(120, 100%, 40%);">++ /* Make sure the length is never negative */</span><br><span style="color: hsl(120, 100%, 40%);">++ if (value.slen < 0)</span><br><span style="color: hsl(120, 100%, 40%);">++ value.slen = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Copy the string to the attribute */</span><br><span style="color: hsl(120, 100%, 40%);">+ pj_strdup(pool, &attr->reason, &value);</span><br><span style="color: hsl(120, 100%, 40%);">+-- </span><br><span style="color: hsl(120, 100%, 40%);">+2.25.1</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/18166">change 18166</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/18166"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: certified/16.8 </div>
<div style="display:none"> Gerrit-Change-Id: I721cd254e4f8aa6d3a97a37529cca53519694c54 </div>
<div style="display:none"> Gerrit-Change-Number: 18166 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>