master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Realm not sanitized against sql statements

Browse Source
This commit is contained in:
Mészáros Mihály 2018-12-07 10:00:52 +01:00 committed by Mészáros Mihály
parent 18d81f26c5
commit e4d6b57abc
5 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/apps/common/ns_turn_utils.c
View File

@ -867,7 +867,7 @@ char *turn_strdup_func(const char* s, const char* function, int line) {
////////////////////////////////
int is_secure_string(const u08bits *string)
int is_secure_string(const u08bits *string, int sanitizesql)
{
int ret = 0;
if(string) {
@ -880,7 +880,7 @@ int is_secure_string(const u08bits *string)
s = s0;
if(strstr((char*)s," ")||strstr((char*)s,"\t")||strstr((char*)s,"'")||strstr((char*)s,"\"")||strstr((char*)s,"\n")||strstr((char*)s,"\r")||strstr((char*)s,"\\")) {
;
} else if(strstr((char*)s,"union")&&strstr((char*)s,"select")) {
} else if(sanitizesql && strstr((char*)s,"union")&&strstr((char*)s,"select")) {
;
} else {
ret = 1;

2
src/apps/common/ns_turn_utils.h
View File

@ -78,7 +78,7 @@ void rollover_logfile(void);
///////////////////////////////////////////////////////
int is_secure_string(const u08bits *string);
int is_secure_string(const u08bits *string, int sanitizesql);
///////////////////////////////////////////////////////

2
src/apps/relay/mainrelay.c
View File

@ -1823,7 +1823,7 @@ static int adminmain(int argc, char **argv)
#endif
case 'u':
STRCPY(user,optarg);
if(!is_secure_string((u08bits*)user)) {
if(!is_secure_string((u08bits*)user,1)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name structure or symbols, choose another name: %s\n",user);
exit(-1);
}

2
src/apps/relay/turn_admin_server.c
View File

@ -3295,7 +3295,7 @@ static void handle_logon_request(ioa_socket_handle s, struct http_request* hr)
s->special_session_size = sizeof(struct admin_session);
}
if(!(as->as_ok) && uname && is_secure_string((const u08bits*)uname) && pwd && is_secure_string((const u08bits*)pwd)) {
if(!(as->as_ok) && uname && is_secure_string((const u08bits*)uname,1)) {
const turn_dbdriver_t * dbd = get_dbdriver();
if (dbd && dbd->get_admin_user) {
password_t password;

6
src/server/ns_turn_server.c
View File

@ -1029,7 +1029,7 @@ static int handle_turn_allocate(turn_turnserver *server,
}
ns_bcopy(value,username,ulen);
username[ulen]=0;
if(!is_secure_string(username)) {
if(!is_secure_string(username,1)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong username: %s\n", __FUNCTION__, (char*)username);
username[0]=0;
*err_code = 400;
@ -3346,7 +3346,7 @@ static int check_stun_auth(turn_turnserver *server,
ns_bcopy(stun_attr_get_value(sar),realm,alen);
realm[alen]=0;
if(!is_secure_string(realm)) {
if(!is_secure_string(realm,0)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong realm: %s\n", __FUNCTION__, (char*)realm);
realm[0]=0;
*err_code = 400;
@ -3388,7 +3388,7 @@ static int check_stun_auth(turn_turnserver *server,
ns_bcopy(stun_attr_get_value(sar),usname,alen);
usname[alen]=0;
if(!is_secure_string(usname)) {
if(!is_secure_string(usname,1)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong username: %s\n", __FUNCTION__, (char*)usname);
usname[0]=0;
*err_code = 400;