Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28098: parse_param_name(): Improve param parsing macros · OpenSIPS/opensips@dd9141b

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parse_param_name() . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function q_memchr() which is being called by the function parse_param_name(). This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function www_authorize() . Versions 3.1.7 and 3.2.4 contain a fix.

CVE
Open in Source
#mac#auth

Permalink

Browse files

parse_param_name(): Improve param parsing macros

Issue discovered during OpenSIPS Security Audit 2021, by Alfred Farrugia & Sandro Gauci (Enable Security)

GHSA-jrqg-vppj-hr2h

  • Loading branch information

Showing 1 changed file with 12 additions and 9 deletions.

@@ -72,6 +72,7 @@

#define READ(val) \

(*(val + 0) + (*(val + 1) << 8) + (*(val + 2) << 16) + (*(val + 3) << 24))

#define NEED(bytes) do { if (end - p < (bytes)) goto other; } while (0)

#define name_CASE \

switch(LOWER_DWORD(val)) { \

@@ -83,28 +84,30 @@

#define user_CASE \

p += 4; \

p += 4; NEED(4); \

val = READ§; \

name_CASE; \

goto other;

#define real_CASE \

p += 4; \

p += 4; NEED(1); \

if (LOWER_BYTE(*p) == ‘m’) { \

*_type = PAR_REALM; \

p++; \

goto end; \

}

} \

goto other;

#define nonc_CASE \

p += 4; \

p += 4; NEED(1); \

if (LOWER_BYTE(*p) == ‘e’) { \

*_type = PAR_NONCE; \

p++; \

goto end; \

}

} \

goto other;

#define onse_CASE \

@@ -117,14 +120,14 @@

#define resp_CASE \

p += 4; \

p += 4; NEED(4); \

val = READ§; \

onse_CASE; \

goto other;

#define cnon_CASE \

p += 4; \

p += 4; NEED(2); \

if (LOWER_BYTE(*p) == ‘c’) { \

p++; \

if (LOWER_BYTE(*p) == ‘e’) { \

@@ -137,7 +140,7 @@

#define opaq_CASE \

p += 4; \

p += 4; NEED(2); \

if (LOWER_BYTE(*p) == ‘u’) { \

p++; \

if (LOWER_BYTE(*p) == ‘e’) { \

@@ -163,7 +166,7 @@

#define algo_CASE \

p += 4; \

p += 4; NEED(5); \

val = READ§; \

rith_CASE; \

goto other

0 comments on commit dd9141b

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE