[Asterisk-code-review] STUN/netsock2: Fix some valgrind uninitialized memory findings. (asterisk[15])
Jenkins2
asteriskteam at digium.com
Mon Aug 14 09:00:26 CDT 2017
Jenkins2 has submitted this change and it was merged. ( https://gerrit.asterisk.org/6221 )
Change subject: STUN/netsock2: Fix some valgrind uninitialized memory findings.
......................................................................
STUN/netsock2: Fix some valgrind uninitialized memory findings.
* netsock2.c: Test the addr->len member first as it may be the only member
initialized in the struct.
* stun.c:ast_stun_handle_packet(): The combinded[] local array could get
used uninitialized by ast_stun_request(). The uninitialized string gets
copied to another location and could overflow the destination memory
buffer.
These valgrind findings were found for ASTERISK_27150 but are not
necessarily a fix for the issue.
Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57
---
M main/netsock2.c
M main/stun.c
2 files changed, 14 insertions(+), 6 deletions(-)
Approvals:
Joshua Colp: Looks good to me, but someone else must approve
Corey Farrell: Looks good to me, but someone else must approve
Sean Bright: Looks good to me, approved
Jenkins2: Approved for Submit
diff --git a/main/netsock2.c b/main/netsock2.c
index 8fb9c9e..53a43e0 100644
--- a/main/netsock2.c
+++ b/main/netsock2.c
@@ -475,8 +475,12 @@
int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr)
{
- return addr->ss.ss_family == AF_INET &&
- addr->len == sizeof(struct sockaddr_in);
+ /*
+ * Test addr->len first to be tolerant of an ast_sockaddr_setnull()
+ * addr. In that case addr->len might be the only value initialized.
+ */
+ return addr->len == sizeof(struct sockaddr_in)
+ && addr->ss.ss_family == AF_INET;
}
int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr)
@@ -498,8 +502,12 @@
int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)
{
- return addr->ss.ss_family == AF_INET6 &&
- addr->len == sizeof(struct sockaddr_in6);
+ /*
+ * Test addr->len first to be tolerant of an ast_sockaddr_setnull()
+ * addr. In that case addr->len might be the only value initialized.
+ */
+ return addr->len == sizeof(struct sockaddr_in6)
+ && addr->ss.ss_family == AF_INET6;
}
int ast_sockaddr_is_any(const struct ast_sockaddr *addr)
diff --git a/main/stun.c b/main/stun.c
index 77ced82..c103ab8 100644
--- a/main/stun.c
+++ b/main/stun.c
@@ -343,6 +343,8 @@
if (st.username) {
append_attr_string(&attr, STUN_USERNAME, st.username, &resplen, &respleft);
snprintf(combined, sizeof(combined), "%16s%16s", st.username + 16, st.username);
+ } else {
+ combined[0] = '\0';
}
append_attr_address(&attr, STUN_MAPPED_ADDRESS, src, &resplen, &respleft);
@@ -398,8 +400,6 @@
stun_req_id(req);
reqlen = 0;
reqleft = sizeof(req_buf) - sizeof(struct stun_header);
- req->msgtype = 0;
- req->msglen = 0;
attr = (struct stun_attr *) req->ies;
if (username) {
append_attr_string(&attr, STUN_USERNAME, username, &reqlen, &reqleft);
--
To view, visit https://gerrit.asterisk.org/6221
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: merged
Gerrit-Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57
Gerrit-Change-Number: 6221
Gerrit-PatchSet: 1
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20170814/744e59cb/attachment.html>
More information about the asterisk-code-review
mailing list