From bc63cbc8492e6fcefa989b19adbef02bfdfa75c6 Mon Sep 17 00:00:00 2001
From: lazedo <luis.azedo@factorlusitano.com>
Date: Mon, 6 Aug 2018 18:32:47 +0100
Subject: [PATCH] CVE-2018-14767

---
 kamailio/default.cfg | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index d6ff5aa..d6a4d37 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -378,6 +378,12 @@ route[CHECK_RETRANS]
 
 route[SANITY_CHECK]
 {
+    ## CVE-2018-14767
+    if($(hdr(To)[1]) != $null) {
+        xlog("second To header not null - dropping message");
+        drop;
+    }
+    
     if (!sanity_check()) {
         xlog("L_WARN", "$ci|end|message from $si:$sp is insane\n");
         exit;