* [Buildroot] [PATCH 1/1] package/libpjsip: fix CVE-2022-31031
@ 2022-06-19 16:29 Fabrice Fontaine
2022-06-21 14:41 ` Luca Ceresoli via buildroot
2022-07-22 7:04 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2022-06-19 16:29 UTC (permalink / raw)
To: buildroot; +Cc: Luca Ceresoli, Fabrice Fontaine
PJSIP is a free and open source multimedia communication library written
in C language implementing standard based protocols such as SIP, SDP,
RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a
stack buffer overflow vulnerability affects PJSIP users that use STUN in
their applications, either by: setting a STUN server in their
account/media config in PJSUA/PJSUA2 level, or directly using
`pjlib-util/stun_simple` API.
https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...ull-request-from-GHSA-26j7-ww69-c4qj.patch | 44 +++++++++++++++++++
package/libpjsip/libpjsip.mk | 3 ++
2 files changed, 47 insertions(+)
create mode 100644 package/libpjsip/0001-Merge-pull-request-from-GHSA-26j7-ww69-c4qj.patch
diff --git a/package/libpjsip/0001-Merge-pull-request-from-GHSA-26j7-ww69-c4qj.patch b/package/libpjsip/0001-Merge-pull-request-from-GHSA-26j7-ww69-c4qj.patch
new file mode 100644
index 0000000000..42b842a616
--- /dev/null
+++ b/package/libpjsip/0001-Merge-pull-request-from-GHSA-26j7-ww69-c4qj.patch
@@ -0,0 +1,44 @@
+From 450baca94f475345542c6953832650c390889202 Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Tue, 7 Jun 2022 12:00:13 +0800
+Subject: [PATCH] Merge pull request from GHSA-26j7-ww69-c4qj
+
+[Retrieved from:
+https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ pjlib-util/src/pjlib-util/stun_simple.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/pjlib-util/src/pjlib-util/stun_simple.c b/pjlib-util/src/pjlib-util/stun_simple.c
+index 722519584..d0549176d 100644
+--- a/pjlib-util/src/pjlib-util/stun_simple.c
++++ b/pjlib-util/src/pjlib-util/stun_simple.c
+@@ -54,6 +54,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
+ {
+ pj_uint16_t msg_type, msg_len;
+ char *p_attr;
++ int attr_max_cnt = PJ_ARRAY_SIZE(msg->attr);
+
+ PJ_CHECK_STACK();
+
+@@ -83,7 +84,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
+ msg->attr_count = 0;
+ p_attr = (char*)buf + sizeof(pjstun_msg_hdr);
+
+- while (msg_len > 0) {
++ while (msg_len > 0 && msg->attr_count < attr_max_cnt) {
+ pjstun_attr_hdr **attr = &msg->attr[msg->attr_count];
+ pj_uint32_t len;
+ pj_uint16_t attr_type;
+@@ -111,6 +112,10 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
+ p_attr += len;
+ ++msg->attr_count;
+ }
++ if (msg->attr_count == attr_max_cnt) {
++ PJ_LOG(4, (THIS_FILE, "Warning: max number attribute %d reached.",
++ attr_max_cnt));
++ }
+
+ return PJ_SUCCESS;
+ }
diff --git a/package/libpjsip/libpjsip.mk b/package/libpjsip/libpjsip.mk
index a3303d1e8a..4134d40da8 100644
--- a/package/libpjsip/libpjsip.mk
+++ b/package/libpjsip/libpjsip.mk
@@ -16,6 +16,9 @@ LIBPJSIP_CPE_ID_PRODUCT = pjsip
LIBPJSIP_INSTALL_STAGING = YES
LIBPJSIP_MAKE = $(MAKE1)
+# 0001-Merge-pull-request-from-GHSA-26j7-ww69-c4qj.patch
+LIBPJSIP_IGNORE_CVES += CVE-2022-31031
+
LIBPJSIP_CFLAGS = $(TARGET_CFLAGS) -DPJ_HAS_IPV6=1
# relocation truncated to fit: R_68K_GOT16O
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libpjsip: fix CVE-2022-31031
2022-06-19 16:29 [Buildroot] [PATCH 1/1] package/libpjsip: fix CVE-2022-31031 Fabrice Fontaine
@ 2022-06-21 14:41 ` Luca Ceresoli via buildroot
2022-06-27 22:32 ` Peter Korsgaard
2022-07-22 7:04 ` Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Luca Ceresoli via buildroot @ 2022-06-21 14:41 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
On Sun, 19 Jun 2022 18:29:33 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> PJSIP is a free and open source multimedia communication library written
> in C language implementing standard based protocols such as SIP, SDP,
> RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a
> stack buffer overflow vulnerability affects PJSIP users that use STUN in
> their applications, either by: setting a STUN server in their
> account/media config in PJSUA/PJSUA2 level, or directly using
> `pjlib-util/stun_simple` API.
>
> https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
--
Luca Ceresoli, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libpjsip: fix CVE-2022-31031
2022-06-21 14:41 ` Luca Ceresoli via buildroot
@ 2022-06-27 22:32 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2022-06-27 22:32 UTC (permalink / raw)
To: Luca Ceresoli via buildroot; +Cc: Luca Ceresoli, Fabrice Fontaine
>>>>> "Luca" == Luca Ceresoli via buildroot <buildroot@buildroot.org> writes:
> On Sun, 19 Jun 2022 18:29:33 +0200
> Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
>> PJSIP is a free and open source multimedia communication library written
>> in C language implementing standard based protocols such as SIP, SDP,
>> RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a
>> stack buffer overflow vulnerability affects PJSIP users that use STUN in
>> their applications, either by: setting a STUN server in their
>> account/media config in PJSUA/PJSUA2 level, or directly using
>> `pjlib-util/stun_simple` API.
>>
>> https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
>>
>> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libpjsip: fix CVE-2022-31031
2022-06-19 16:29 [Buildroot] [PATCH 1/1] package/libpjsip: fix CVE-2022-31031 Fabrice Fontaine
2022-06-21 14:41 ` Luca Ceresoli via buildroot
@ 2022-07-22 7:04 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2022-07-22 7:04 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Luca Ceresoli, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> PJSIP is a free and open source multimedia communication library written
> in C language implementing standard based protocols such as SIP, SDP,
> RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a
> stack buffer overflow vulnerability affects PJSIP users that use STUN in
> their applications, either by: setting a STUN server in their
> account/media config in PJSUA/PJSUA2 level, or directly using
> `pjlib-util/stun_simple` API.
> https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.05.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-07-22 7:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-19 16:29 [Buildroot] [PATCH 1/1] package/libpjsip: fix CVE-2022-31031 Fabrice Fontaine
2022-06-21 14:41 ` Luca Ceresoli via buildroot
2022-06-27 22:32 ` Peter Korsgaard
2022-07-22 7:04 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.