diff options
Diffstat (limited to 'net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch')
-rw-r--r-- | net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 |
1 files changed, 0 insertions, 125 deletions
diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch deleted file mode 100644 index 0d7df686a157..000000000000 --- a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001 -From: sauwming <ming@teluu.com> -Date: Mon, 8 Mar 2021 17:39:36 +0800 -Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph - -* Check hostname during TLS transport selection - -* revision based on feedback - -* remove the code in create_request that has been moved ---- - pjsip/include/pjsip/sip_dialog.h | 1 + - pjsip/src/pjsip/sip_dialog.c | 15 +++++++++++++++ - pjsip/src/pjsip/sip_transport.c | 13 +++++++++++++ - pjsip/src/pjsip/sip_util.c | 11 ++++++++--- - 4 files changed, 37 insertions(+), 3 deletions(-) - -diff --git a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h -index a0214d28c..e314c2ece 100644 ---- a/pjsip/include/pjsip/sip_dialog.h -+++ b/pjsip/include/pjsip/sip_dialog.h -@@ -165,6 +165,7 @@ struct pjsip_dialog - pjsip_route_hdr route_set; /**< Route set. */ - pj_bool_t route_set_frozen; /**< Route set has been set. */ - pjsip_auth_clt_sess auth_sess; /**< Client authentication session. */ -+ pj_str_t initial_dest;/**< Initial destination host. */ - - /** Session counter. */ - int sess_count; /**< Number of sessions. */ -diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c -index 27530e4f2..9571b5a35 100644 ---- a/pjsip/src/pjsip/sip_dialog.c -+++ b/pjsip/src/pjsip/sip_dialog.c -@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua, - - /* Save the remote info. */ - pj_strdup(dlg->pool, &dlg->remote.info_str, &tmp); -+ -+ /* Save initial destination host from transport's info */ -+ pj_strdup(dlg->pool, &dlg->initial_dest, -+ &rdata->tp_info.transport->remote_name.host); - - - /* Init remote's contact from Contact header. -@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw( pjsip_dialog *dlg, - return status; - } - -+ /* Copy the initial destination host to tdata. This information can be -+ * used later by transport for transport selection. -+ */ -+ if (dlg->initial_dest.slen) -+ pj_strdup(tdata->pool, &tdata->dest_info.name, &dlg->initial_dest); -+ - /* Done. */ - *p_tdata = tdata; - -@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg, const pjsip_rx_data *rdata) - * transaction as the initial transaction that establishes dialog. - */ - if (dlg->role == PJSIP_ROLE_UAC) { -+ /* Save initial destination host from transport's info. */ -+ if (!dlg->initial_dest.slen) { -+ pj_strdup(dlg->pool, &dlg->initial_dest, -+ &rdata->tp_info.transport->remote_name.host); -+ } - - /* Ignore subsequent request from remote */ - if (msg->type != PJSIP_RESPONSE_MSG) -diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c -index bef6d24fe..177274b08 100644 ---- a/pjsip/src/pjsip/sip_transport.c -+++ b/pjsip/src/pjsip/sip_transport.c -@@ -2335,6 +2335,19 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, - if (!tp_iter->tp->is_shutdown && - !tp_iter->tp->is_destroying) - { -+ if ((type & PJSIP_TRANSPORT_SECURE) && tdata) { -+ /* For secure transport, make sure tdata's -+ * destination host matches the transport's -+ * remote host. -+ */ -+ if (pj_stricmp(&tdata->dest_info.name, -+ &tp_iter->tp->remote_name.host)) -+ { -+ tp_iter = tp_iter->next; -+ continue; -+ } -+ } -+ - if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER && - sel->u.listener) - { -diff --git a/pjsip/src/pjsip/sip_util.c b/pjsip/src/pjsip/sip_util.c -index a1bf878ea..cf916805d 100644 ---- a/pjsip/src/pjsip/sip_util.c -+++ b/pjsip/src/pjsip/sip_util.c -@@ -1417,7 +1417,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_request_stateless(pjsip_endpoint *endpt, - */ - if (tdata->dest_info.addr.count == 0) { - /* Copy the destination host name to TX data */ -- pj_strdup(tdata->pool, &tdata->dest_info.name, &dest_info.addr.host); -+ if (!tdata->dest_info.name.slen) { -+ pj_strdup(tdata->pool, &tdata->dest_info.name, -+ &dest_info.addr.host); -+ } - - pjsip_endpt_resolve( endpt, tdata->pool, &dest_info, stateless_data, - &stateless_send_resolver_callback); -@@ -1810,8 +1813,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_response( pjsip_endpoint *endpt, - } - } else { - /* Copy the destination host name to TX data */ -- pj_strdup(tdata->pool, &tdata->dest_info.name, -- &res_addr->dst_host.addr.host); -+ if (!tdata->dest_info.name.slen) { -+ pj_strdup(tdata->pool, &tdata->dest_info.name, -+ &res_addr->dst_host.addr.host); -+ } - - pjsip_endpt_resolve(endpt, tdata->pool, &res_addr->dst_host, - send_state, &send_response_resolver_cb); --- -2.26.2 - |