Skip to content

Commit

Permalink
stir_shaken: Fix detection for invalid "future Date/iat"
Browse files Browse the repository at this point in the history
This patch fixes a bug where both the Date hf and the "iat" PASSporT
claim could be filled in with a random timestamp value "in the future"
and still bypass the OpenSIPS "freshness" integrity checks.

Issue discovered during OpenSIPIt'03,
        thanks to Pavel Bussel & Maksym Sobolyev (Sippy Software)
  • Loading branch information
liviuchircu committed Sep 27, 2023
1 parent 4640465 commit 75a168a
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions modules/stir_shaken/stir_shaken.c
Original file line number Diff line number Diff line change
Expand Up @@ -1239,9 +1239,9 @@ static int w_stir_auth(struct sip_msg *msg, str *attest, str *origid,
return -1;
}

if (now - date_ts > auth_date_freshness) {
LM_NOTICE("Date header value is older than local policy "
"(%lds > %ds)\n", now - date_ts, auth_date_freshness);
if (abs(now - date_ts) > auth_date_freshness) {
LM_NOTICE("Date header timestamp diff exceeds local policy "
"(diff: %lds, auth-freshness: %ds)\n", now - date_ts, auth_date_freshness);
return -4;
}
}
Expand Down Expand Up @@ -2039,17 +2039,17 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
goto error;
}

if (now - date_ts > verify_date_freshness) {
LM_NOTICE("Date header value is older than local policy (%lds > %ds)\n",
now - date_ts, verify_date_freshness);
if (abs(now - date_ts) > verify_date_freshness) {
LM_NOTICE("Date header timestamp diff exceeds local policy "
"(diff: %lds, verify-freshness: %ds)\n", now - date_ts, verify_date_freshness);
SET_VERIFY_ERR_VARS(STALE_DATE_CODE, STALE_DATE_REASON);
rc = -6;
goto error;
}
} else {
if (now - iat_ts > verify_date_freshness) {
LM_NOTICE("'iat' value is older than local policy (%lds > %ds)\n",
now - iat_ts, verify_date_freshness);
if (abs(now - iat_ts) > verify_date_freshness) {
LM_NOTICE("'iat' timestamp diff exceeds local policy "
"(diff: %lds, verify-freshness: %ds)\n", now - iat_ts, verify_date_freshness);
SET_VERIFY_ERR_VARS(STALE_DATE_CODE, STALE_DATE_REASON);
rc = -6;
goto error;
Expand Down Expand Up @@ -2116,7 +2116,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
}

if (date_hf && iat_ts != date_ts &&
(now - iat_ts > verify_date_freshness))
(abs(now - iat_ts) > verify_date_freshness))
iat_ts = date_ts;

if ((rc = verify_signature(cert, parsed, iat_ts, orig_tn_p, dest_tn_p)) <= 0) {
Expand Down

0 comments on commit 75a168a

Please sign in to comment.