From eff1f9a09ac1750544f8e5555fab0faee658c7d0 Mon Sep 17 00:00:00 2001
From: Pavel Punsky <eakraly@users.noreply.github.com>
Date: Tue, 6 Dec 2022 17:04:57 -0800
Subject: [PATCH] Set string bytes to null to prevent random origin (#1114)

Fix #1111
---
 src/apps/relay/turn_admin_server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c
index 8c1b351..4b7be30 100644
--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@@ -3511,7 +3511,7 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) {
                 uint8_t o[STUN_MAX_ORIGIN_SIZE + 1];
                 STRCPY(o, origin);
                 dbd->del_origin(o);
-                uint8_t corigin[STUN_MAX_ORIGIN_SIZE + 1];
+                uint8_t corigin[STUN_MAX_ORIGIN_SIZE + 1] = "\0";
                 get_canonic_origin((const char *)origin, (char *)corigin, sizeof(corigin) - 1);
                 dbd->del_origin(corigin);
               }
@@ -3521,7 +3521,7 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) {
           const uint8_t *add_realm = (const uint8_t *)current_eff_realm();
           const uint8_t *add_origin = (const uint8_t *)get_http_header_value(hr, HR_ADD_ORIGIN, "");
           const char *msg = "";
-          uint8_t corigin[STUN_MAX_ORIGIN_SIZE + 1];
+          uint8_t corigin[STUN_MAX_ORIGIN_SIZE + 1] = "\0";
           get_canonic_origin((const char *)add_origin, (char *)corigin, sizeof(corigin) - 1);
           if (corigin[0]) {
             add_realm = (const uint8_t *)get_http_header_value(hr, HR_ADD_REALM, current_realm());