master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

guarantee no oob write in strncat (#1702)

Browse Source 
based on [this codescanning
alert](https://github.com/redraincatching/coturn/security/code-scanning/166)

guarantees that the `turn_params.cipher_list` will be null-terminated,
and that the call to strncpy cannot attempt to access out-of-bounds
memory
This commit is contained in:
redraincatching 2025-06-12 10:15:46 +01:00 committed by GitHub
parent 1368e65988
commit afec2e2add
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/apps/relay/mainrelay.c
View File

@ -36,6 +36,7 @@
#include "dbdrivers/dbdriver.h"
#include "prom_server.h"
#include <assert.h>
#if defined(WINDOWS)
#include <iphlpapi.h>
@ -3568,9 +3569,10 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
if (!(turn_params.cipher_list[0])) {
strncpy(turn_params.cipher_list, DEFAULT_CIPHER_LIST, TURN_LONG_STRING_SIZE);
assert(strlen(DEFAULT_CIPHER_LIST) < TURN_LONG_STRING_SIZE);
#if defined(DEFAULT_CIPHERSUITES)
strncat(turn_params.cipher_list, ":", TURN_LONG_STRING_SIZE - strlen(turn_params.cipher_list));
strncat(turn_params.cipher_list, DEFAULT_CIPHERSUITES, TURN_LONG_STRING_SIZE - strlen(turn_params.cipher_list));
strncat(turn_params.cipher_list, ":", TURN_LONG_STRING_SIZE - strlen(turn_params.cipher_list) - 1);
strncat(turn_params.cipher_list, DEFAULT_CIPHERSUITES, TURN_LONG_STRING_SIZE - strlen(turn_params.cipher_list) - 1);
#endif
}