<p>Richard Mudgett has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/6220">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">STUN/netsock2: Fix some valgrind uninitialized memory findings.<br><br>* netsock2.c: Test the addr->len member first as it may be the only member<br>initialized in the struct.<br><br>* stun.c:ast_stun_handle_packet(): The combinded[] local array could get<br>used uninitialized by ast_stun_request(). The uninitialized string gets<br>copied to another location and could overflow the destination memory<br>buffer.<br><br>These valgrind findings were found for ASTERISK_27150 but are not<br>necessarily a fix for the issue.<br><br>Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57<br>---<br>M main/netsock2.c<br>M main/stun.c<br>2 files changed, 14 insertions(+), 6 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/20/6220/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/main/netsock2.c b/main/netsock2.c<br>index 59dddf1..dc126b6 100644<br>--- a/main/netsock2.c<br>+++ b/main/netsock2.c<br>@@ -477,8 +477,12 @@<br> <br> int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr)<br> {<br>- return addr->ss.ss_family == AF_INET &&<br>- addr->len == sizeof(struct sockaddr_in);<br>+ /*<br>+ * Test addr->len first to be tolerant of an ast_sockaddr_setnull()<br>+ * addr. In that case addr->len might be the only value initialized.<br>+ */<br>+ return addr->len == sizeof(struct sockaddr_in)<br>+ && addr->ss.ss_family == AF_INET;<br> }<br> <br> int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr)<br>@@ -500,8 +504,12 @@<br> <br> int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)<br> {<br>- return addr->ss.ss_family == AF_INET6 &&<br>- addr->len == sizeof(struct sockaddr_in6);<br>+ /*<br>+ * Test addr->len first to be tolerant of an ast_sockaddr_setnull()<br>+ * addr. In that case addr->len might be the only value initialized.<br>+ */<br>+ return addr->len == sizeof(struct sockaddr_in6)<br>+ && addr->ss.ss_family == AF_INET6;<br> }<br> <br> int ast_sockaddr_is_any(const struct ast_sockaddr *addr)<br>diff --git a/main/stun.c b/main/stun.c<br>index d9f8c87..6d524fb 100644<br>--- a/main/stun.c<br>+++ b/main/stun.c<br>@@ -345,6 +345,8 @@<br> if (st.username) {<br> append_attr_string(&attr, STUN_USERNAME, st.username, &resplen, &respleft);<br> snprintf(combined, sizeof(combined), "%16s%16s", st.username + 16, st.username);<br>+ } else {<br>+ combined[0] = '\0';<br> }<br> <br> append_attr_address(&attr, STUN_MAPPED_ADDRESS, src, &resplen, &respleft);<br>@@ -400,8 +402,6 @@<br> stun_req_id(req);<br> reqlen = 0;<br> reqleft = sizeof(req_buf) - sizeof(struct stun_header);<br>- req->msgtype = 0;<br>- req->msglen = 0;<br> attr = (struct stun_attr *) req->ies;<br> if (username) {<br> append_attr_string(&attr, STUN_USERNAME, username, &reqlen, &reqleft);<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/6220">change 6220</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/6220"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 14 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I55f8687ba4ffc0f69578fd850af006a56cbc9a57 </div>
<div style="display:none"> Gerrit-Change-Number: 6220 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Richard Mudgett <rmudgett@digium.com> </div>