rfc5769check.c file is using ERROR as a label for gotos but apparently
that name is already used for a constant and msvc analyzer detects it as
an error.
Rename it to "err" that is already used in other parts of the codebase
and also more consistent in terms of casing.
Co-authored-by: Gustavo Garcia <gustavogb@mail.com>
Fixed an issue in libevent's CMake configuration where pthreads were not
correctly added to the optional components list, leading to a
compilation error. #1448
Co-authored-by: linwenchen <wenchen0803@qq.com>
I came across the open issue #1368 which is a leaksanitizer report about
a leak that happens on make check. I was able to reproduce the bug on
running `make check` and was able to generate a patch for it. The leak
happens within function `check_oauth`.
Issue: The variable `base64encoded_ltp` is allocated within
`base64_encode` however it is not de-allocated within the coming loop.
I have verified that after the patch, the leak no longer occurs through
`leaksanitizer` (and there is no double free for that matter)
---------
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
This is in response to issue #1366
The clang static analyzer basically claims that there is a memory leak
happening in `set_ssl_ctx` for the variable `args`. The leak is
triggered when the base event `base` is NULL and the condition within
`set_ssl_ctx` is not triggered. Therefore as a patch I am adding an else
condition to free it. (It cannot be freed after the event is created by
`event_new` because `args` can be invoked as argument for callback
function later on)
Please let me know if this patch is helpful :)
---------
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
This is in response to issue #1365.
The clang static analyzer basically claims that there is a memory leak
happening in `parse_http_request_1` for the variable `kv`. The leak is
triggered when evhttp_parse_query_str fails and is unable to obtain key
value pairs for a given URI. In this case ret is freed, however kv is
still not freed and thereafter not used. Therefore as a patch I am
freeing kv right after ret is freed.
Please let me know if this patch is helpful :)
---------
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
# changed variables that appeared in `stunclient.c` and their uses to
`bool` to follow C11 idioms
## approach was as follows:
- if a variable of type `int` was only being used as a boolean, replace
it with bool as defined in `<stdbool.h>`
- replace its declaration and assignment with true/false, depending on
prior assignment as 0/1
changes were only made when i was certain the variables were not being
used as an int, so i may have missed some
---
## variables changed in `stunclient.c`
- `rfc5780`
- `change_ip`
- `change_port`
their usages were changed only where they appeared in the apps
directory, and then everywhere that generated a warning after make
- `stunclient.c` itself
- `natdiscovery.c`
trivial - cmake generated a warning that `ns_turn_msg.c` used a function
that had no prior prototype - most other files used the `turn_random()`
function but this uses `turn_random_number()` which has no prototype, so
i've added it to the header file
- Why? Because code where conditionals lack braces is much harder to read, and prone to indentation confusion.
- How? Just added an extra flag to .clang-format and re-ran clang-format on all the files.
I also moved .clang-format up to the top level of the repo so that it can be applied to the fuzz targets as well.
Co-authored-by: KORAY VATANSEVER <koray.vatansever@turkcell.com.tr>
Some events are missed when logs are filtered by session ID. That's why I added the sessionID to some log lines.
Co-authored-by: CUMHUR KARAHAN <cumhur.karahan@turkcell.com.tr>
Added session id parameter to use it in "A peer IP denied in the range" logs. Besides, server ID has been made visible in this logs.
Before
```
023-08-24T17:23:17.221745770+03:00 stdout F 268472: : ERROR: A peer IP 169.254.38.68 denied in the range: 169.254.0.0-169.254.255.255
```
And after - new view:
```
2023-09-28T10:53:49.627778472+03:00 stdout F 1247: : ERROR: session 006000000000000004: A peer IP 172.21.198.41 denied in the range: 172.21.198.40-172.21.198.50 in server 6
```
Co-authored-by: Evgeny Khramtsov <evgeny.khramtsov@ringcentral.com>
If IPv6 is not enabled during runtime, prometheus server fails to start with `EAFNOSUPPORT` because `MHD_USE_DUAL_STACK` is set unconditionally.
This PR fixes it. As a bonus, it also checks if libmicrohttpd is compiled with IPv6 support.
Fixes#1266
According to RFC 5766, [section 6.2](https://www.rfc-editor.org/rfc/rfc5766#section-6.2) point no. 5, the turn server needs to reject the request with 508 (Insufficient Capacity) error code when the given RESERVATION-TOKEN is not valid.
For our deployment, it is useful if coturn returns a valid HTTP response to an HTTP request. To do this on the same port as STUN/TURN and without enabling the admin site, I have extended `read_client_connection()` to return a canned HTTP response, in response to an HTTP request, rather than immediately closing the connection.
Fixes#1259
If `ur_string_map_put ` fails then the string that was just `strdup`-ed
will leak memory
Now the return value is checked and memory free-ed in case of failure
- srandom/random provide stronger randomness characteristics than
srand/rand in some operating systems.
- usage of srand/rand is not very consistent in coturn.
There is room for more refactoring and use apputils helper functions in
ns_turn_msg.c too but i'm not sure that dependency from "client" module
to "apps" module is a good idea yet.
Thx @0xdea
Co-authored-by: Gustavo Garcia <gustavogb@mail.com>
Add missing checks for length of realm/nonce/server_name before copying
those values to the buffer passed to stun_is_challenge_response_str.
The function stun_is_challenge_response_str is only used in uclient test
application.
Thank you very much @0xdea
Co-authored-by: Gustavo Garcia <gustavogb@mail.com>
Fixes https://github.com/coturn/coturn/issues/1239
https to web ui freeze in browser if no_tls option used, because no tls
stuff initialized.
This PR add warning about this and comment aboute this in default config
Environment:
- Windows 10
- Cygwin 2.925
make output:
```
<command-line>: note: this is the location of the previous definition
src/apps/common/ns_turn_utils.c:53:10: fatal error: sys/syscall.h: No such file or directory
53 | #include <sys/syscall.h>
| ^~~~~~~~~~~~~~~
compilation terminated.
In file included from src/client/ns_turn_ioaddr.h:34,
from src/client/ns_turn_msg.h:34,
from src/apps/common/stun_buffer.h:34,
from src/apps/common/stun_buffer.c:31:
src/ns_turn_defs.h:223: warning: "TURN_NO_SCTP" redefined
223 | #define TURN_NO_SCTP
|
<command-line>: note: this is the location of the previous definition
make: *** [Makefile:127: bin/turnutils_oauth] Error 1
```
I tested the code part by using manual and automated tools for more than
2 years.
Fixes#823
When you try to delete an alternate server in the list by using "das :" command on the CLI, the session gets stuck and can't response although alternate server is removed.
The problem appears to be related to calling del_alt_server function in the same function recursively.
Co-authored-by: CUMHUR KARAHAN <cumhur.karahan@turkcell.com.tr>
Update version number, generate authors and changelog files
Release notes (short summary of changes)
```
- Make sure microhttpd starts using epoll if supported
- Add sessioncount to prometheus metrics
- Add STUN request/response/error prometheus counters
- Cleanup logs on turnserver start
- Fix duplicate stdout log output
- Log threadId to logs to aid in multi-threaded debugging
- Optional build info compiled into turnserver binary
- Fix arguments expansion in `docker-entrypoint.sh`
- Santise database connection strings before printing to log
- Support Windows MSVC
- Add configuration option for TLS 1.3 ciphersuites
- Improve openssl3 and FIPS support
- Use single SSL_CTX for TLS and DTLS support
- Update openssl API use to non-deprecated version
- Set string bytes to null to prevent random origin
- Fix memory corruption on socket close
- Fix packet backlog fifo that processed packets in reverse order in some scenarios
- Fix off-by-one when terminating gcm_nonce
- Fixes to Redis memleaks and socketleaks
- Fix malformed response to mobility refresh request
- Fuzzing support
- Ignore raw UDP if no_udp is enabled
- Better detect availability of SCTP protocol
```
---------
Co-authored-by: tyranron <tyranron@gmail.com>
In some cases the prometheus server was started using SELECT even if
EPOLL was supported.
Some flags were changed in microhttpd and now we use MHD_VERSION to make
sure to use the right ones in all cases (support old version, for ubuntu
16.04 for ex).
This fixes the issue #1167
I also added a log to make sure we know which version is used,
especially to inform the user that the SELECT version might lead to
issues on highly used servers.
PR #855 introduced new include <ssys/sysinfo.h>
It is not required for compilation or turnserver function but breaks
OpenBSD build (which does not have this file)
This PR removes the include to restore OpenBSD build compatibility
Fixes#1162
Test Plan:
TBD - need some one to test build
