From bd28a9bbd8ee88f8747b512d51a8ed6a5929e494 Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Thu, 10 Aug 2017 14:18:01 -0500 Subject: STUN/netsock2: Fix some valgrind uninitialized memory findings. * netsock2.c: Test the addr->len member first as it may be the only member initialized in the struct. * stun.c:ast_stun_handle_packet(): The combinded[] local array could get used uninitialized by ast_stun_request(). The uninitialized string gets copied to another location and could overflow the destination memory buffer. These valgrind findings were found for ASTERISK_27150 but are not necessarily a fix for the issue. Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57 --- main/stun.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'main/stun.c') diff --git a/main/stun.c b/main/stun.c index 77ced82ae..c103ab8d8 100644 --- a/main/stun.c +++ b/main/stun.c @@ -343,6 +343,8 @@ int ast_stun_handle_packet(int s, struct sockaddr_in *src, unsigned char *data, if (st.username) { append_attr_string(&attr, STUN_USERNAME, st.username, &resplen, &respleft); snprintf(combined, sizeof(combined), "%16s%16s", st.username + 16, st.username); + } else { + combined[0] = '\0'; } append_attr_address(&attr, STUN_MAPPED_ADDRESS, src, &resplen, &respleft); @@ -398,8 +400,6 @@ int ast_stun_request(int s, struct sockaddr_in *dst, stun_req_id(req); reqlen = 0; reqleft = sizeof(req_buf) - sizeof(struct stun_header); - req->msgtype = 0; - req->msglen = 0; attr = (struct stun_attr *) req->ies; if (username) { append_attr_string(&attr, STUN_USERNAME, username, &reqlen, &reqleft); -- cgit v1.2.3