res_stir_shaken: Test for missing semicolon in Identity header.

ast_stir_shaken_vs_verify() now makes sure there's a semicolon in
the Identity header to prevent a possible segfault.

Resolves: #GHSA-mrq5-74j5-f5cr

diff --git a/res/res_stir_shaken/verification.c b/res/res_stir_shaken/verification.c
index 6e8366585c5a3671ee5da0a416d9b3df2da98d4b..ca030199ba7f77fe791b66c6a6a720f23ad776a6 100644 (file)
--- a/res/res_stir_shaken/verification.c
+++ b/res/res_stir_shaken/verification.c
@@ -908,6 +908,11 @@ enum ast_stir_shaken_vs_response_code
        }
 
        p = strchr(ctx->identity_hdr, ';');
+       if (ast_strlen_zero(p)) {
+               SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_HEADER,
+                       LOG_ERROR, "%s: Malformed identity header\n", ctx->tag);
+       }
+
        len = p - ctx->identity_hdr + 1;
        jwt_encoded = ast_malloc(len);
        if (!jwt_encoded) {
@@ -918,7 +923,11 @@ enum ast_stir_shaken_vs_response_code
        memcpy(jwt_encoded, ctx->identity_hdr, len);
        jwt_encoded[len - 1] = '\0';
 
-       jwt_decode(&jwt, jwt_encoded, NULL, 0);
+       rc = jwt_decode(&jwt, jwt_encoded, NULL, 0);
+       if (rc != 0) {
+               SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_HEADER, "%s: %s\n",
+                       ctx->tag, vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_HEADER));
+       }
 
        ppt_header = jwt_get_header(jwt, "ppt");
        if (!ppt_header || strcmp(ppt_header, STIR_SHAKEN_PPT)) {