Input ik,ck keys for add_sa() function are not zero terminated that cause

• des3_ede encryption key expansion possible buffer overflow.
  Also:
• sha1 authentication key expansion has been corrected.

Pre-Submission Checklist

• Commit message has the format required by CONTRIBUTING guide
• [ X] Commits are split per component (core, individual modules, libs, utils, ...)
• Each component has a single commit (if not, squash them into one commit)
• No commits to README files for modules (changes must be done to docbook files
  in doc/ subfolder, the README file is autogenerated)

Type Of Change

• Small bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds new functionality)
• Breaking change (fix or feature that would change existing functionality)

Checklist:

• PR should be backported to stable branches
• Tested changes locally
• Related to issue #XXXX (replace XXXX with an open issue number)

Description

You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/3121

Commit Summary

• 57d8788 ims_ipsec_pcscf: ik and ck keys expansion fixes

File Changes

(1 file)

• M src/modules/ims_ipsec_pcscf/ipsec.c (50)

Patch Links:

• https://github.com/kamailio/kamailio/pull/3121.patch
• https://github.com/kamailio/kamailio/pull/3121.diff

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/pull/3121@github.com>