kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-31 02:37:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

STUN/netsock2: Fix some valgrind uninitialized memory findings.

Browse Source 
* netsock2.c: Test the addr->len member first as it may be the only member
initialized in the struct.

* stun.c:ast_stun_handle_packet(): The combinded[] local array could get
used uninitialized by ast_stun_request().  The uninitialized string gets
copied to another location and could overflow the destination memory
buffer.

These valgrind findings were found for ASTERISK_27150 but are not
necessarily a fix for the issue.

Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57
This commit is contained in:
Richard Mudgett
2017-08-10 14:18:01 -05:00
parent 7ad750477d
commit bac3e8c08b
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
main/netsock2.c
View File

@@ -477,8 +477,12 @@ uint32_t ast_sockaddr_ipv4(const struct ast_sockaddr *addr)
int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr)
{
return addr->ss.ss_family == AF_INET &&
addr->len == sizeof(struct sockaddr_in);
/*
* Test addr->len first to be tolerant of an ast_sockaddr_setnull()
* addr. In that case addr->len might be the only value initialized.
*/
return addr->len == sizeof(struct sockaddr_in)
&& addr->ss.ss_family == AF_INET;
}
int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr)
@@ -500,8 +504,12 @@ int ast_sockaddr_is_ipv6_link_local(const struct ast_sockaddr *addr)
int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)
{
return addr->ss.ss_family == AF_INET6 &&
addr->len == sizeof(struct sockaddr_in6);
/*
* Test addr->len first to be tolerant of an ast_sockaddr_setnull()
* addr. In that case addr->len might be the only value initialized.
*/
return addr->len == sizeof(struct sockaddr_in6)
&& addr->ss.ss_family == AF_INET6;
}
int ast_sockaddr_is_any(const struct ast_sockaddr *addr)

4
main/stun.c
View File

@@ -345,6 +345,8 @@ int ast_stun_handle_packet(int s, struct sockaddr_in *src, unsigned char *data,
if (st.username) {
append_attr_string(&attr, STUN_USERNAME, st.username, &resplen, &respleft);
snprintf(combined, sizeof(combined), "%16s%16s", st.username + 16, st.username);
} else {
combined[0] = '\0';
}
append_attr_address(&attr, STUN_MAPPED_ADDRESS, src, &resplen, &respleft);
@@ -400,8 +402,6 @@ int ast_stun_request(int s, struct sockaddr_in *dst,
stun_req_id(req);
reqlen = 0;
reqleft = sizeof(req_buf) - sizeof(struct stun_header);
req->msgtype = 0;
req->msglen = 0;
attr = (struct stun_attr *) req->ies;
if (username) {
append_attr_string(&attr, STUN_USERNAME, username, &reqlen, &reqleft);