Add an upstream patch to fix security vulnerability.

PR: 223574 Approved by: bofh (maintainer timeout, 3 weeks) MFH: 2017Q4 Security: CVE-2017-7853
svn path=/head/; revision=455239
2017-12-01 00:02:47 +00:00 · 2017-12-01 00:02:47 +00:00 · 6a1409ed2c · 2021-03-31 03:12:20 +00:00
commit 6a1409ed2c
parent 04b78a0074
2 changed files with 16 additions and 0 deletions
--- a/net/libosip2/Makefile
+++ b/net/libosip2/Makefile
@ -2,6 +2,7 @@

 PORTNAME=	libosip2
 PORTVERSION=	5.0.0
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	GNU/osip

--- a/net/libosip2/files/patch-src_osipparser2_osipmessageparse.c
+++ b/net/libosip2/files/patch-src_osipparser2_osipmessageparse.c
@ -0,0 +1,15 @@
+--- src/osipparser2/osip_message_parse.c.orig	2016-09-05 14:19:31 UTC
+++ src/osipparser2/osip_message_parse.c
+@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char 
+     if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
+       start_of_body++;
+ 
+    /* if message body is empty or contains a single CR/LF */
+    if (end_of_body <= start_of_body) {
+      osip_free (sep_boundary);
+      return OSIP_SYNTAXERROR;
+    }
+
+     body_len = end_of_body - start_of_body;
+ 
+     /* Skip CR before end boundary. */