Skip to content
Permalink
Browse files Browse the repository at this point in the history
[sipmsgops] fix parse_to_param() parsing
Issue discovered during OpenSIPS Security Audit 2021,
	by Alfred Farrugia & Sandro Gauci (Enable Security)

GHSA-qvj2-vqrg-f5jx
  • Loading branch information
bogdan-iancu committed Nov 12, 2021
1 parent c6ab3bb commit cb56694
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions parser/parse_to.c
Expand Up @@ -232,6 +232,8 @@ static inline char* parse_to_param(char *buffer, char *end,
switch (status)
{
case PARA_VALUE_QUOTED:
if (tmp+1==end)
goto parse_error;
switch (*(tmp+1))
{
case '\r':
Expand Down Expand Up @@ -453,8 +455,13 @@ static inline char* parse_to_param(char *buffer, char *end,
}/*switch*/
}/*for*/

if (status==PARA_VALUE_QUOTED) {
LM_ERR("unexpected end of header in state %d\n", status);
goto parse_error;
}

endofheader:
LM_DBG("end of header reached, state=%d\n", status);
if (param) {
if (saved_status==S_EQUAL||saved_status==S_PARA_VALUE) {
saved_status = E_PARA_VALUE;
Expand Down

0 comments on commit cb56694

Please sign in to comment.