From db02736534467c667832f4337ae2b635f8a9d7c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@niif.hu>
Date: Mon, 4 Dec 2017 13:03:39 +0100
Subject: [PATCH] realm sanity check

---
 src/server/ns_turn_server.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c
index 36d18b3..8f9a1f5 100644
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@@ -3348,6 +3348,13 @@ static int check_stun_auth(turn_turnserver *server,
 		ns_bcopy(stun_attr_get_value(sar),realm,alen);
 		realm[alen]=0;
 
+		if(!is_secure_string(realm)) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong realm: %s\n", __FUNCTION__, (char*)realm);
+			realm[0]=0;
+			*err_code = 400;
+			return -1;
+		}
+		
 		if(method == STUN_METHOD_CONNECTION_BIND) {
 
 			get_realm_options_by_name((char *)realm, &(ss->realm_options));