search

pjsip / pjproject

PJSIP project
http://www.pjsip.org
GNU General Public License v2.0
2.07k stars 786 forks source link

Lost (missing) patches #4157

Closed aol-nnov closed 1 week ago

aol-nnov commented 1 week ago

Describe the bug

I'm trying to revive Debian packaging of PJSIP and currently I'm checking if all debian/patches reached upstream or received enough motivation to be rejected.

So, I've stumbled upon a patch marked as CVE-2021-37706 referring https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865

But to my surprise, it is only present in 2.13 and then missing in 2.13.1, 2.14 and master.

@sauwming could you please explain why it was later discarded?

Steps to reproduce

no response

PJSIP version

2.13.1 and later

Context

no response

Log, call stack, etc

no response
sauwming commented 1 week ago

I believe it's https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36

aol-nnov commented 1 week ago

Indeed, check was added few lines above to assure non-negative result of attr->hdr.length - 4.

So, my patch can be safely dropped. Thank you for the clarification!