kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-20 12:20:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

STUN/netsock2: Fix some valgrind uninitialized memory findings.

Browse Source 
* netsock2.c: Test the addr->len member first as it may be the only member
initialized in the struct.

* stun.c:ast_stun_handle_packet(): The combinded[] local array could get
used uninitialized by ast_stun_request().  The uninitialized string gets
copied to another location and could overflow the destination memory
buffer.

These valgrind findings were found for ASTERISK_27150 but are not
necessarily a fix for the issue.

Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57
This commit is contained in:
Richard Mudgett
2017-08-10 14:18:01 -05:00
parent 4ed2733dde
commit bd28a9bbd8
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
main/netsock2.c
View File

@@ -475,8 +475,12 @@ uint32_t ast_sockaddr_ipv4(const struct ast_sockaddr *addr)
int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr) int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr)
{ {
return addr->ss.ss_family == AF_INET && /*
addr->len == sizeof(struct sockaddr_in); * Test addr->len first to be tolerant of an ast_sockaddr_setnull()
* addr. In that case addr->len might be the only value initialized.
*/
return addr->len == sizeof(struct sockaddr_in)
&& addr->ss.ss_family == AF_INET;
} }
int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr) int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr)
@@ -498,8 +502,12 @@ int ast_sockaddr_is_ipv6_link_local(const struct ast_sockaddr *addr)
int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr) int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)
{ {
return addr->ss.ss_family == AF_INET6 && /*
addr->len == sizeof(struct sockaddr_in6); * Test addr->len first to be tolerant of an ast_sockaddr_setnull()
* addr. In that case addr->len might be the only value initialized.
*/
return addr->len == sizeof(struct sockaddr_in6)
&& addr->ss.ss_family == AF_INET6;
} }
int ast_sockaddr_is_any(const struct ast_sockaddr *addr) int ast_sockaddr_is_any(const struct ast_sockaddr *addr)

4
main/stun.c
View File

@@ -343,6 +343,8 @@ int ast_stun_handle_packet(int s, struct sockaddr_in *src, unsigned char *data,
if (st.username) { if (st.username) {
append_attr_string(&attr, STUN_USERNAME, st.username, &resplen, &respleft); append_attr_string(&attr, STUN_USERNAME, st.username, &resplen, &respleft);
snprintf(combined, sizeof(combined), "%16s%16s", st.username + 16, st.username); snprintf(combined, sizeof(combined), "%16s%16s", st.username + 16, st.username);
} else {
combined[0] = '\0';
} }
append_attr_address(&attr, STUN_MAPPED_ADDRESS, src, &resplen, &respleft); append_attr_address(&attr, STUN_MAPPED_ADDRESS, src, &resplen, &respleft);
@@ -398,8 +400,6 @@ int ast_stun_request(int s, struct sockaddr_in *dst,
stun_req_id(req); stun_req_id(req);
reqlen = 0; reqlen = 0;
reqleft = sizeof(req_buf) - sizeof(struct stun_header); reqleft = sizeof(req_buf) - sizeof(struct stun_header);
req->msgtype = 0;
req->msglen = 0;
attr = (struct stun_attr *) req->ies; attr = (struct stun_attr *) req->ies;
if (username) { if (username) {
append_attr_string(&attr, STUN_USERNAME, username, &reqlen, &reqleft); append_attr_string(&attr, STUN_USERNAME, username, &reqlen, &reqleft);