`ada3701d22b1` makes `build_local_reparse` track which of CSeq/To/From/Call-ID 
it's already emitted and bail on a duplicate. without it a crafted request with 
duplicate headers is rebuilt with the duplicates intact — header injection / 
smuggling. missing on 5.0.

modeled the header-copy loop with an INVITE carrying two From headers: pre-fix 
both copy through, post-fix the duplicate is detected and the request rejected. 
(modeled the control flow rather than a full daemon build.) clean cherry-pick.

upstream: https://github.com/kamailio/kamailio/commit/ada3701d22b1
CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-27507

old CVE; companion PR for 5.1 alongside this.
You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/4751

-- Commit Summary --

  * tm: do not add duplicate headers in local requests

-- File Changes --

    M src/modules/tm/t_msgbuilder.c (31)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/4751.patch
https://github.com/kamailio/kamailio/pull/4751.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4751
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/[email protected]>
_______________________________________________
Kamailio - Development Mailing List -- [email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!

Reply via email to