Hi, When speaking with the rest of the team, we agreed that is was better to wait until we finish another kannel-related task (back-porting the ParlayX to our current patchset and testing it) before posting the patches, in order not to miss anything. You will hear from me before the end of the week. Which format is the better ? A big .patch with all differences ? Is it ok if I get that diff from kannel release 1.5.0 ?
Kr, Aris Le 5/02/13 14:18, spameden a écrit : > Interesting find.. Would love to see what actually you've changed and > what's considered to be insecure. I think you can post your diff to > this devel list. > > Many thanks for your work. > > 2013/2/5 Aris Adamantiadis <[email protected]>: >> Dear Kannel developers, >> >> During a security audit of Kannel, we identified several weaknesses in >> the code, mostly unsafe C functions or data copying used without bound >> checkings. These patches currently run in production on our site, but >> we'd prefer to give them out to the community (and this makes our update >> process easier as well). >> >> What is the best way to provide you with these patches ? Currently, they >> are being tracked in a local git repository. I can make the work of >> porting them to the latest subversion repository, but you would still >> need someone to review and publish them on your svn. >> >> How can we proceed ? >> >> Kind regards, >> >> Aris Adamantiadis >> >> output of "git diff old_prod..new_prod --stat": >> >> addons/opensmppbox/gw/opensmppbox.c | 2 +- >> gw/smsbox.c | 6 +- >> gw/smsc/smsc.c | 2 +- >> gw/smsc/smsc_at.c | 6 +- >> gw/smsc/smsc_cgw.c | 2 +- >> gw/smsc/smsc_cimd.c | 47 ++++++------ >> gw/smsc/smsc_cimd2.c | 4 +- >> gw/smsc/smsc_emi_x25.c | 74 +++++++++--------- >> gw/smsc/smsc_ois.c | 140 >> +++++++++++++++++------------------ >> gw/smsc/smsc_sema.c | 66 ++++++++++------- >> gw/smsc/smsc_sema.h | 2 +- >> gw/smsc/smsc_soap.c | 27 ++++--- >> gw/wap-appl.c | 10 ++- >> gw/wap_push_ppg.c | 10 ++- >> gwlib/accesslog.c | 6 +- >> gwlib/conn.c | 2 +- >> gwlib/date.c | 2 +- >> gwlib/gw_uuid.c | 6 +- >> gwlib/gwthread-pthread.c | 2 +- >> gwlib/log.c | 33 +++++---- >> gwlib/octstr.c | 4 +- >> gwlib/utils.c | 13 ---- >> gwlib/utils.h | 6 -- >> test/fakewap.c | 8 +- >> utils/run_kannel_box.c | 2 +- >> utils/seewbmp.c | 8 +- >> utils/start-stop-daemon.c | 26 ++++--- >> wap/cookies.c | 8 +- >> wap/wsp_session.c | 4 +- >> wmlscript/wsstream_data.c | 12 +-- >> wmlscript/wsstream_file.c | 6 +- >> 31 files changed, 288 insertions(+), 258 deletions(-) >> >
