[OpenSIPS-Devel] [OpenSIPS/opensips] 00a19e: auth: Avoid abort() if len(secret) is not 32 bytes

Liviu Chircu Mon, 10 Apr 2023 07:44:02 -0700

  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: 00a19ede805577c29ae8b65af8a0cb81fc583209
      
https://github.com/OpenSIPS/opensips/commit/00a19ede805577c29ae8b65af8a0cb81fc583209
  Author: Liviu Chircu <li...@opensips.org>
  Date:   2023-04-10 (Mon, 10 Apr 2023)


  Changed paths:
    M lib/digest_auth/dauth_nonce.c
    M lib/digest_auth/dauth_nonce.h
    M modules/auth/auth_mod.c

  Log Message:
  -----------
  auth: Avoid abort() if len(secret) is not 32 bytes

Before OpenSIPS 3.2, the "secret" modparam supported random-length
strings, to be hashed into an MD5 computation when generating the nonce.

Starting with 3.2 and the new AES-CBC based nonce generation algorithm,
the "secret" has been restricted to 32-bytes only, however OpenSIPS
would assert() -> abort() on startup without displaying any helper error
if the user supplied a different-length secret.

Many thanks to @thuroc for an accurate report on the assert() issue!

Fixes #3043



_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel

[OpenSIPS-Devel] [OpenSIPS/opensips] 00a19e: auth: Avoid abort() if len(secret) is not 32 bytes

Reply via email to