master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,469 Commits 1 Branch 0 Tags 4.8 MiB
af9bc12055
Commit Graph

94 Commits

Author SHA1 Message Date
Pavel Punsky
af9bc12055
Sanitize DB connection string before printing to log (#1020) 
Store sanitized version of DB connection string with password masked
(replace all chars with * which exposes its length)
Use sanitized version when logging connection string

Fixes #1017 and #272
 2022-10-17 08:44:30 +02:00
Pavel Punsky
d9e74af75d
Cleanup unused include of header files (#1004) 
Using clang-tidy to detect unused header files

Inspired by #855

Test Plan:
- Rebuild all on mac, review no warnings/errors
- Pass builds/docker build - review for no issues
 2022-10-05 10:28:40 +02:00
Pavel Punsky
a3d338e2c1
Silence warnings by converting STRCPY to strncpy calls (#995) 
STRCPY macro makes pointer comparison which creates a warning

In those places, replace the macro with `strncpy` with careful review of
destination buffer size

With this change I do not get compiler warnings at all
 2022-09-30 08:17:46 -07:00
Pavel Punsky
bd9e44dd7c
Replace bcopy with memcpy (#991) 
Replace all instances of `bcopy` with memcpy.

Inspired by https://github.com/coturn/coturn/pull/855
 2022-09-20 10:39:11 +02:00
Pavel Punsky
ae259637eb
Replace bzero with memset (#986) 
Replace all instances of `bzero` with memset by find-replace-edit.
This is straightforward replacement which is suboptimal in a few cases
(for example we could use calloc instead of malloc+memset(0))

Inspired by #855
 2022-09-17 08:36:28 +02:00
Pavel Punsky
a09aa989b6
Do not write outside of a buffer in admin interface (#972) 
Writing outside of a buffer can only happen if incoming HTTP request is longer than UDP_STUN_BUFFER_SIZE (16KB).

This change validates that the request is no longer than the buffer size and drops it if it is the case

Fixes #342

Test plan:
- Run in debugger and send a 16KB request using curl - response returns, logs correct
- Send 16KB + 1b request - warning logged and request dropped

Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
 2022-09-05 12:07:07 -07:00
Danilo Bargen
520e172b22 Rename "prod" config option to "no-software-attribute" 
As discussed in https://github.com/coturn/coturn/pull/478, if the
parameter only controls whether or not to send the software attribute
and not other production-relevant configurations, it should be named
accordingly.

The old --prod configuration option still works, but is now deprecated
and undocumented.
 2020-03-13 11:03:05 +01:00
Thibaut Ackermann
cf938cd915 fix the webadmin ip permission add/delete sql injection 2019-05-07 11:23:29 +02:00
Bradley T. Hughes
d2ee3ac291 Remove [su]{08,16,32,64}bits type defines 
Do not overload the standard types with #defines, just use them
directly.
 2019-03-08 09:08:30 +01:00
Bradley T. Hughes
7663167dff Remove pointer debugging machinery 
There are tools and debugging options that can be used instead. Do not
reinvent the wheel with our own pointer tracking/debugging code.
 2019-03-07 08:39:20 +01:00
Bradley T. Hughes
7a43aae7c3 Remove ns_bzero(), ns_bcopy(), and ns_bcmp() 
Do not overload bzero(), bcopy(), and bcmp() from strings.h
 2019-03-07 08:39:20 +01:00
Bradley T. Hughes
043b102e38 Remove turn_strdup() 
Do not overload strdup() from string.h
 2019-03-07 08:00:08 +01:00
Bradley T. Hughes
b50fc77124 Remote turn_free() 
Do not overload free() with a different API.
 2019-03-07 07:58:12 +01:00
Bradley T. Hughes
31033c3ffa Remote turn_realloc() 
Do not overload realloc() with a different API.
 2019-03-07 07:57:35 +01:00
Bradley T. Hughes
fef016901e Remove turn_malloc() 
Do not overload malloc() from stdlib.h
 2019-03-06 23:38:20 +01:00
Mészáros Mihály
2d59a5de2b readd pwd check 
regression from 4.5.1.0
 2019-01-29 13:13:13 +01:00
Mészáros Mihály
fc5a5452f9
Merge pull request #330 from gribunin/master 
Fixed missed \r\n symbols in HTTP headers from HTTPS management UI
 2019-01-29 11:00:47 +01:00
Kirill Gribunin
5d54bd5335 Fixed missed \r\n symbols in HTTP headers from HTTPS management interface when no admin users defined 2019-01-18 19:18:34 +03:00
Mészáros Mihály
e4d6b57abc Realm not sanitized against sql statements 2018-12-07 13:48:05 +01:00
Mészáros Mihály
eb9b9c49be Add username sanity check, to avoid sql-injection 2018-11-07 10:47:24 +01:00
Thibaut Ackermann
8c7dbcdda0 fix memory leak in web_admin_input_handler 2018-10-31 10:36:26 +01:00
Mészáros Mihály
5d6f4fa920 Disable web-admin by default 2018-09-12 10:30:09 +02:00
Thibaut Ackermann
b2fcc81a0d Move web-admin to dedicated (configurable) ip:port 2018-09-12 10:30:09 +02:00
Mészáros Mihály
025dc300ce Revert "Enhancement: Add option to disable Web-Management-Interface" 
This reverts commit c48835e230.
 2018-09-12 10:30:09 +02:00
Nicolas Edet
fa59c5f5d1 ensure all sessions are printed in webadmin 2018-09-12 10:30:09 +02:00
Mészáros Mihály
8a60754d70 Change loopback defaults 2018-09-12 10:30:07 +02:00
Mészáros Mihály
65d65937d0 Add +2 to not truncate string and avoid warning 2018-08-01 15:44:00 +02:00
Carsten Bock
c48835e230 Enhancement: Add option to disable Web-Management-Interface 2017-04-10 14:49:55 +02:00
yohan
e241d0c71f Add "--prod" to turnserver command-line options. It will hide turnserver version (like apache does). 
This is a common corporate security requirement.
 2016-10-27 17:48:32 +02:00
Oleg Moskalenko
88bd6268d8 iupdate https response on invalid http request 2016-02-27 22:29:17 -08:00
Oleg Moskalenko
51ca693359 SSLv3 support removed 2015-11-15 14:58:45 -08:00
Oleg Moskalenko
8ed6f9bd67 web interface adjusted 2015-09-15 22:42:39 -07:00
Oleg Moskalenko
dbc9dee42b working on multi-tenant server based upon oauth 2015-09-14 00:16:13 -07:00
mom040267
014177f274 compilation warning fixed 2015-05-05 06:52:59 +00:00
mom040267
be736f9f60 working on oauth 2015-04-22 05:59:31 +00:00
mom040267
ef552b16f4 working on oauth 2015-04-19 09:25:45 +00:00
mom040267
31b25414b4 working on oauth 2015-04-19 08:14:29 +00:00
mom040267
6dbee00b74 working on new third-party auth draft 2015-04-19 07:37:12 +00:00
mom040267
86f40b4bd9 working on third-party auth 2015-04-19 06:18:28 +00:00
mom040267
4424b3c92a --sha256, --sha384, --sha512 parameters retired. 2015-04-11 07:26:55 +00:00
mom040267
8662de6d73 sctp fixes 2015-04-02 05:32:46 +00:00
mom040267
c92e4e7480 encrypted admin user passwords 2015-03-21 07:29:00 +00:00
mom040267
e40236419e encrypted CLI password 2015-03-21 06:28:47 +00:00
mom040267
fb8324fa51 working on encrypted passwords 2015-03-20 07:00:21 +00:00
mom040267
6c247bbbae 'no sctp' implemented 2015-03-17 06:27:02 +00:00
mom040267
b824384faa working on SCTP 2015-03-16 06:10:10 +00:00
mom040267
0496635edd fixing SCTP on Linux 2015-03-15 21:08:31 +00:00
mom040267
1b279a2a5f optional SCTP support added 2015-03-15 06:10:49 +00:00
mom040267
61239f9aa8 bandwidth limit is 64 bits now 2015-03-02 01:44:29 +00:00
mom040267
caf63a35de sha384 added 2015-02-06 08:17:49 +00:00