diff options
author | Richard Mudgett <rmudgett@digium.com> | 2017-08-10 14:18:01 -0500 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2017-08-10 14:38:12 -0500 |
commit | bd28a9bbd8ee88f8747b512d51a8ed6a5929e494 (patch) | |
tree | 918a080cb7df66db6727c54fb2c0af8bf9fe73ef /main/stun.c | |
parent | 4ed2733ddea705761f0e340cdcba972a5f8be68a (diff) |
STUN/netsock2: Fix some valgrind uninitialized memory findings.
* netsock2.c: Test the addr->len member first as it may be the only member
initialized in the struct.
* stun.c:ast_stun_handle_packet(): The combinded[] local array could get
used uninitialized by ast_stun_request(). The uninitialized string gets
copied to another location and could overflow the destination memory
buffer.
These valgrind findings were found for ASTERISK_27150 but are not
necessarily a fix for the issue.
Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57
Diffstat (limited to 'main/stun.c')
-rw-r--r-- | main/stun.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/main/stun.c b/main/stun.c index 77ced82ae..c103ab8d8 100644 --- a/main/stun.c +++ b/main/stun.c @@ -343,6 +343,8 @@ int ast_stun_handle_packet(int s, struct sockaddr_in *src, unsigned char *data, if (st.username) { append_attr_string(&attr, STUN_USERNAME, st.username, &resplen, &respleft); snprintf(combined, sizeof(combined), "%16s%16s", st.username + 16, st.username); + } else { + combined[0] = '\0'; } append_attr_address(&attr, STUN_MAPPED_ADDRESS, src, &resplen, &respleft); @@ -398,8 +400,6 @@ int ast_stun_request(int s, struct sockaddr_in *dst, stun_req_id(req); reqlen = 0; reqleft = sizeof(req_buf) - sizeof(struct stun_header); - req->msgtype = 0; - req->msglen = 0; attr = (struct stun_attr *) req->ies; if (username) { append_attr_string(&attr, STUN_USERNAME, username, &reqlen, &reqleft); |