From 0f3bc8362b1c86c8c4fbead03dd9243be9831056 Mon Sep 17 00:00:00 2001 From: George Joseph Date: Thu, 31 Jul 2025 08:36:28 -0600 Subject: [PATCH] res_stir_shaken: Test for missing semicolon in Identity header. ast_stir_shaken_vs_verify() now makes sure there's a semicolon in the Identity header to prevent a possible segfault. Resolves: #GHSA-mrq5-74j5-f5cr --- res/res_stir_shaken/verification.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/res/res_stir_shaken/verification.c b/res/res_stir_shaken/verification.c index f6609e6236..905dfb3508 100644 --- a/res/res_stir_shaken/verification.c +++ b/res/res_stir_shaken/verification.c @@ -910,6 +910,11 @@ enum ast_stir_shaken_vs_response_code } p = strchr(ctx->identity_hdr, ';'); + if (ast_strlen_zero(p)) { + SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_HEADER, + LOG_ERROR, "%s: Malformed identity header\n", ctx->tag); + } + len = p - ctx->identity_hdr + 1; jwt_encoded = ast_malloc(len); if (!jwt_encoded) { @@ -920,7 +925,11 @@ enum ast_stir_shaken_vs_response_code memcpy(jwt_encoded, ctx->identity_hdr, len); jwt_encoded[len - 1] = '\0'; - jwt_decode(&jwt, jwt_encoded, NULL, 0); + rc = jwt_decode(&jwt, jwt_encoded, NULL, 0); + if (rc != 0) { + SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_HEADER, "%s: %s\n", + ctx->tag, vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_HEADER)); + } ppt_header = jwt_get_header(jwt, "ppt"); if (!ppt_header || strcmp(ppt_header, STIR_SHAKEN_PPT)) { -- 2.47.2