[reSIProcate] Security hotfix (see crash after receiving invalid Via line)
Jason Fischl
jason at counterpath.com
Fri Nov 3 16:18:08 CST 2006
I agree that we should backport to 1.0. I'll make the fix in main.
On 11/3/06, Byron Campen <bcampen at estacado.net> wrote:
> This bug allows an attacker to bring down a SIP element built on the
> resip stack by sending a request with a single empty Via header. This
> bug happens when we try to send a 400 to this malformed request. When
> this is fixed, I propose we backport the fix to the resiprocate-1.0
> branch, and release resiprocate-1.0.1 Any objections? (Or, additional
> bugs of this nature that have been found?)
>
> Best regards,
> Byron Campen
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at list.sipfoundry.org
> https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
>
>
>
More information about the resiprocate-devel
mailing list