[sr-dev] [kamailio/kamailio] Falta atributo de seguridad en Cookie de Sesión / Falta atributo de HttpOnly en Cookie de Sesión (Issue #3938)

2024-08-09 Thread Diego Godoy via sr-dev 
Necesito solventar para las instancias de synapsis estos dos vulnerabilidades 
que comparto a continuación.

![image](https://github.com/user-attachments/assets/39d228bd-d35c-455a-9b6e-bd245870f304)

![image](https://github.com/user-attachments/assets/7b967f7c-433a-404b-85b5-710c38f7034f)

Gracias

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3938
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Falta atributo de seguridad en Cookie de Sesión / Falta atributo de HttpOnly en Cookie de Sesión (Issue #3938)

2024-08-09 Thread Diego Godoy via sr-dev 
Closed #3938 as completed.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3938#event-13822906636
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:8361471e: dispatcher: use char for oc distribution array

2024-08-09 Thread Daniel-Constantin Mierla via sr-dev 
Module: kamailio
Branch: master
Commit: 8361471e6ec49d3b92443e0ddd728bf665460c02
URL: 
https://github.com/kamailio/kamailio/commit/8361471e6ec49d3b92443e0ddd728bf665460c02

Author: Daniel-Constantin Mierla 
Committer: Daniel-Constantin Mierla 
Date: 2024-08-09T16:04:11+02:00

dispatcher: use char for oc distribution array

- reduce array size

---

Modified: src/modules/dispatcher/dispatch.c
Modified: src/modules/dispatcher/dispatch.h

---

Diff:  
https://github.com/kamailio/kamailio/commit/8361471e6ec49d3b92443e0ddd728bf665460c02.diff
Patch: 
https://github.com/kamailio/kamailio/commit/8361471e6ec49d3b92443e0ddd728bf665460c02.patch

---

diff --git a/src/modules/dispatcher/dispatch.c 
b/src/modules/dispatcher/dispatch.c
index 95f0128f9bd..f17963cc3bf 100644
--- a/src/modules/dispatcher/dispatch.c
+++ b/src/modules/dispatcher/dispatch.c
@@ -143,6 +143,7 @@ static void ds_run_route(
struct sip_msg *msg, str *uri, char *route, ds_rctx_t *rctx);
 
 void shuffle_uint100array(unsigned int *arr);
+void shuffle_char100array(char *arr);
 int ds_reinit_rweight_on_state_change(
int old_state, int new_state, ds_set_t *dset);
 
@@ -442,12 +443,12 @@ void ds_oc_prepare(ds_dest_t *dp)
 {
int i;
for(i = 0; i < dp->ocdata.ocrate; i++) {
-   dp->ocdata.ocdist[i] = 0;
+   dp->ocdata.ocdist[i] = '0';
}
for(i = dp->ocdata.ocrate; i < 100; i++) {
-   dp->ocdata.ocdist[i] = 1;
+   dp->ocdata.ocdist[i] = '1';
}
-   shuffle_uint100array(dp->ocdata.ocdist);
+   shuffle_char100array(dp->ocdata.ocdist);
 }
 
 /**
@@ -525,7 +526,7 @@ static inline int ds_oc_skip(ds_set_t *dsg, int alg, int n)
LM_DBG("time validity not matching\n");
return 0;
}
-   if(dsg->dlist[n].ocdata.ocdist[dsg->dlist[n].ocdata.ocidx] == 1) {
+   if(dsg->dlist[n].ocdata.ocdist[dsg->dlist[n].ocdata.ocidx] == '1') {
/* use it */
ret = 0;
} else {
@@ -793,6 +794,23 @@ void shuffle_uint100array(unsigned int *arr)
 }
 
 
+/* for internal usage; arr must be arr[100] */
+void shuffle_char100array(char *arr)
+{
+   int k;
+   int j;
+   char t;
+   if(arr == NULL)
+   return;
+   for(j = 0; j < 100; j++) {
+   k = j + (kam_rand() % (100 - j));
+   t = arr[j];
+   arr[j] = arr[k];
+   arr[k] = t;
+   }
+}
+
+
 /**
  * Initialize the relative weight distribution for a destination set
  * - fill the array of 0..99 elements where to keep the index of the
diff --git a/src/modules/dispatcher/dispatch.h 
b/src/modules/dispatcher/dispatch.h
index ed0ceb99978..9c1167d6dbe 100644
--- a/src/modules/dispatcher/dispatch.h
+++ b/src/modules/dispatcher/dispatch.h
@@ -222,10 +222,11 @@ typedef struct _ds_latency_stats {
 void latency_stats_init(ds_latency_stats_t *latency_stats, int latency, int 
count);
 ds_latency_stats_t *latency_stats_find(int group, str *address);
 
+#define DS_OCDIST_SIZE 104
 typedef struct _ds_ocdata {
uint32_t ocrate;
uint32_t ocidx;
-   uint32_t ocdist[100];
+   char ocdist[DS_OCDIST_SIZE];
struct timeval octime;
uint32_t ocseq;
uint32_t ocmin;

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Wrong Route header order in called party re-INVITE when using topos (Issue #3778)

2024-08-09 Thread github-actions[bot] via sr-dev 
This issue is stale because it has been open 6 weeks with no activity. Remove 
stale label or comment or this will be closed in 2 weeks.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3778#issuecomment-2278950955
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] topos:added get_callid_mask/get_callid_unmask funtion for handeling Refer-To header (PR #3872)

2024-08-09 Thread github-actions[bot] via sr-dev 
Closed #3872.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3872#event-13826794258
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org