[OpenSIPS-Devel] [OpenSIPS/opensips] 0fadc0: Fix crash with REGISTER + incomplete Authorization...

Liviu Chircu Mon, 27 Sep 2021 15:20:40 -0700

  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: 0fadc0a6cb130d40fba6cf36bb1399d45d0496aa
      
https://github.com/OpenSIPS/opensips/commit/0fadc0a6cb130d40fba6cf36bb1399d45d0496aa
  Author: Liviu Chircu <li...@opensips.org>
  Date:   2021-09-27 (Mon, 27 Sep 2021)


  Changed paths:
    M modules/auth/api.c

  Log Message:
  -----------
  Fix crash with REGISTER + incomplete Authorization header

Avoid re-using anonymous structures outside of the block scope they were
declared in.  The compiler allows such broken code, yet it is also quick
to re-use/re-claim that memory quickly after exiting the block, leading
to stack corruption later down the road, when the "now re-used struct"
is read.

Issue discovered during OpenSIPS Security Audit 2021,
    by Alfred Farrugia & Sandro Gauci (Enable Security)



_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel

[OpenSIPS-Devel] [OpenSIPS/opensips] 0fadc0: Fix crash with REGISTER + incomplete Authorization...

Reply via email to