Author: sgriepentrog Date: Fri Nov 14 09:51:17 2014 New Revision: 427876 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=427876 Log: stun: correct attribute string padding to match rfc
When sending the USERNAME attribute in an RTP STUN response, the implementation in append_attr_string passed the actual length, instead of padding it up to a multiple of four bytes as required by the RFC 3489. This change adds separate variables for the string and padded attributed lengths, and performs padding correctly. Reported by: Thomas Arimont Review: https://reviewboard.asterisk.org/r/4139/ ........ Merged revisions 427874 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 427875 from http://svn.asterisk.org/svn/asterisk/branches/12 Modified: branches/13/ (props changed) branches/13/main/stun.c Propchange: branches/13/ ------------------------------------------------------------------------------ Binary property 'branch-12-merged' - no diff available. Modified: branches/13/main/stun.c URL: http://svnview.digium.com/svn/asterisk/branches/13/main/stun.c?view=diff&rev=427876&r1=427875&r2=427876 ============================================================================== --- branches/13/main/stun.c (original) +++ branches/13/main/stun.c Fri Nov 14 09:51:17 2014 @@ -201,12 +201,15 @@ /*! \brief append a string to an STUN message */ static void append_attr_string(struct stun_attr **attr, int attrval, const char *s, int *len, int *left) { - int size = sizeof(**attr) + strlen(s); + int str_length = strlen(s); + int attr_length = str_length + ((~(str_length - 1)) & 0x3); + int size = sizeof(**attr) + attr_length; if (*left > size) { (*attr)->attr = htons(attrval); - (*attr)->len = htons(strlen(s)); - memcpy((*attr)->value, s, strlen(s)); - (*attr) = (struct stun_attr *)((*attr)->value + strlen(s)); + (*attr)->len = htons(attr_length); + memcpy((*attr)->value, s, str_length); + memset((*attr)->value + str_length, 0, attr_length - str_length); + (*attr) = (struct stun_attr *)((*attr)->value + attr_length); *len += size; *left -= size; } -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
