$OpenBSD: patch-modules_seas_encode_msg_c,v 1.1 2016/03/16 09:30:01 jasper Exp $

Security fix for CVE-2016-2385
https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643

--- modules/seas/encode_msg.c.orig	Fri Oct  2 14:35:18 2015
+++ modules/seas/encode_msg.c	Fri Mar 11 09:45:37 2016
@@ -158,6 +158,7 @@ int encode_msg(struct sip_msg *msg,char *payload,int l
 
    if(len < MAX_ENCODED_MSG + MAX_MESSAGE_LEN)
       return -1;
+
    if(parse_headers(msg,HDR_EOH_F,0)<0){
       myerror="in parse_headers";
       goto error;
@@ -266,6 +267,11 @@ int encode_msg(struct sip_msg *msg,char *payload,int l
    /*j+=k;*/
    /*pkg_free(payload2);*/
    /*now we copy the actual message after the headers-meta-section*/
+
+	if(len < j + msg->len + 1) {
+   	   LM_ERR("not enough space to encode sip message\n");
+   	   return -1;
+	}
    memcpy(&payload[j],msg->buf,msg->len);
    LM_DBG("msglen = %d,msg starts at %d\n",msg->len,j);
    j=htons(j);
