master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix missing strncpy in fix_stun_check_message_integrity_str (#1282)

Browse Source 
Co-authored-by: Gustavo Garcia <gustavogb@mail.com>
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
This commit is contained in:
Gustavo Garcia 2023-10-04 19:06:40 +02:00 committed by GitHub
parent 213ecd3388
commit 597b36c5a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/client/ns_turn_msg.c
View File

@ -1967,10 +1967,12 @@ int stun_check_message_integrity_str(turn_credential_type ct, uint8_t *buf, size
hmackey_t key;
password_t pwd;
if (ct == TURN_CREDENTIALS_SHORT_TERM)
strncpy((char *)pwd, (const char *)upwd, sizeof(password_t));
else if (stun_produce_integrity_key_str(uname, realm, upwd, key, shatype) < 0)
if (ct == TURN_CREDENTIALS_SHORT_TERM) {
len = strncpy((char *)pwd, (const char *)upwd, sizeof(password_t) - 1);
pwd[sizeof(password_t) - 1] = 0;
} else if (stun_produce_integrity_key_str(uname, realm, upwd, key, shatype) < 0) {
return -1;
}
return stun_check_message_integrity_by_key_str(ct, buf, len, key, pwd, shatype);
}