Skip to content

Commit 75a168a

Browse files
liviuchirculiviuchircu
committed
stir_shaken: Fix detection for invalid "future Date/iat"
This patch fixes a bug where both the Date hf and the "iat" PASSporT claim could be filled in with a random timestamp value "in the future" and still bypass the OpenSIPS "freshness" integrity checks. Issue discovered during OpenSIPIt'03, thanks to Pavel Bussel & Maksym Sobolyev (Sippy Software)
1 parent 4640465 commit 75a168a

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

modules/stir_shaken/stir_shaken.c

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1239,9 +1239,9 @@ static int w_stir_auth(struct sip_msg *msg, str *attest, str *origid,
12391239
return -1;
12401240
}
12411241

1242-
if (now - date_ts > auth_date_freshness) {
1243-
LM_NOTICE("Date header value is older than local policy "
1244-
"(%lds > %ds)\n", now - date_ts, auth_date_freshness);
1242+
if (abs(now - date_ts) > auth_date_freshness) {
1243+
LM_NOTICE("Date header timestamp diff exceeds local policy "
1244+
"(diff: %lds, auth-freshness: %ds)\n", now - date_ts, auth_date_freshness);
12451245
return -4;
12461246
}
12471247
}
@@ -2039,17 +2039,17 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
20392039
goto error;
20402040
}
20412041

2042-
if (now - date_ts > verify_date_freshness) {
2043-
LM_NOTICE("Date header value is older than local policy (%lds > %ds)\n",
2044-
now - date_ts, verify_date_freshness);
2042+
if (abs(now - date_ts) > verify_date_freshness) {
2043+
LM_NOTICE("Date header timestamp diff exceeds local policy "
2044+
"(diff: %lds, verify-freshness: %ds)\n", now - date_ts, verify_date_freshness);
20452045
SET_VERIFY_ERR_VARS(STALE_DATE_CODE, STALE_DATE_REASON);
20462046
rc = -6;
20472047
goto error;
20482048
}
20492049
} else {
2050-
if (now - iat_ts > verify_date_freshness) {
2051-
LM_NOTICE("'iat' value is older than local policy (%lds > %ds)\n",
2052-
now - iat_ts, verify_date_freshness);
2050+
if (abs(now - iat_ts) > verify_date_freshness) {
2051+
LM_NOTICE("'iat' timestamp diff exceeds local policy "
2052+
"(diff: %lds, verify-freshness: %ds)\n", now - iat_ts, verify_date_freshness);
20532053
SET_VERIFY_ERR_VARS(STALE_DATE_CODE, STALE_DATE_REASON);
20542054
rc = -6;
20552055
goto error;
@@ -2116,7 +2116,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
21162116
}
21172117

21182118
if (date_hf && iat_ts != date_ts &&
2119-
(now - iat_ts > verify_date_freshness))
2119+
(abs(now - iat_ts) > verify_date_freshness))
21202120
iat_ts = date_ts;
21212121

21222122
if ((rc = verify_signature(cert, parsed, iat_ts, orig_tn_p, dest_tn_p)) <= 0) {

0 commit comments

Comments
 (0)