orbisai0security left a comment (kamailio/kamailio#4750)

Thanks for the review. You're right on both points.

strncpy → memcpy: Reverted. Those copies are of AVP names sourced from the 
Kamailio config, not from SIP messages, and the length is already 
bounds-checked before the copy. There was no security justification for that 
change.

NUL byte escaping: You're correct that a NUL byte in a SIP URI would be 
rejected by the SIP parser before ever reaching the h350 module, so there is no 
exploitable injection path. However, RFC 4515 §2.4 explicitly lists NUL as a 
character that MUST be escaped as \00 in LDAP filter assertions. The case '\0': 
addition is kept purely as a spec compliance fix, not a security fix. The PR 
title and description have been updated to reflect this accurately.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4750#issuecomment-4671930914
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/4750/[email protected]>
_______________________________________________
Kamailio - Development Mailing List -- [email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!

Reply via email to