Branch: refs/heads/4.0
Home: https://github.com/OpenSIPS/opensips
Commit: c5af7f7f5ba4e09502b6c8d1fd3cfd074cb139c4
https://github.com/OpenSIPS/opensips/commit/c5af7f7f5ba4e09502b6c8d1fd3cfd074cb139c4
Author: volga629-1 <[email protected]>
Date: 2026-05-13 (Wed, 13 May 2026)
Changed paths:
M modules/proto_smpp/smpp.c
Log Message:
-----------
proto_smpp: bound sm_length against buffer overflow (#3891)
Clamp attacker-controlled sm_length to MAX_SMS_CHARACTERS in
parse_submit_or_deliver_body() and reject oversized or odd UCS2
lengths in recv_smpp_msg() before they reach copy_fixed_str()
or the GSM7/UCS2 decoders.
Fixes a stack/heap buffer overflow reachable from a malicious
SMSC peer sending submit_sm/deliver_sm with sm_length > 254.
Signed-off-by: NetworkLab Dev <[email protected]>
(cherry picked from commit 6089db4ab94ba2ea09f8a88fd792c64949198ba4)
To unsubscribe from these emails, change your notification settings at
https://github.com/OpenSIPS/opensips/settings/notifications
_______________________________________________
Devel mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
