]> git.ipfire.org Git - thirdparty/freeswitch.git/commitdiff
projects / thirdparty / freeswitch.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 05e58fa)
[Core] switch_stun.c: Coverity 1468480: Out-of-bounds access (OVERRUN) 2549/head
authorAndrey Volk <andywolk@gmail.com>
Thu, 6 Jun 2024 09:47:07 +0000 (12:47 +0300)
committerAndrey Volk <andywolk@gmail.com>
Tue, 30 Jul 2024 12:23:49 +0000 (15:23 +0300)
src/include/switch_stun.h patch | blob | blame | history
src/switch_stun.c patch | blob | blame | history

diff --git a/src/include/switch_stun.h b/src/include/switch_stun.h
index 54b03088e8133d1cd61afad718d3ee6a20a92246..ca612c06aab6f6a33cc38b4c4ee367f746ec36a1 100644 (file)
--- a/src/include/switch_stun.h
+++ b/src/include/switch_stun.h
@@ -141,6 +141,13 @@ typedef struct {
        uint32_t address;
 } switch_stun_ip_t;
 
+typedef struct {
+       uint8_t wasted;
+       uint8_t family;
+       uint16_t port;
+       uint8_t address[16];
+} switch_stun_ipv6_t;
+
 #if SWITCH_BYTE_ORDER == __BIG_ENDIAN
 
 typedef struct {
diff --git a/src/switch_stun.c b/src/switch_stun.c
index d4a2c965032a60533ec110946b03d1a2c122e931..2ab1f41d5a1210dffd7e32f22de09c3e2a806082 100644 (file)
--- a/src/switch_stun.c
+++ b/src/switch_stun.c
@@ -401,13 +401,17 @@ SWITCH_DECLARE(uint8_t) switch_stun_packet_attribute_get_mapped_address(switch_s
 SWITCH_DECLARE(uint8_t) switch_stun_packet_attribute_get_xor_mapped_address(switch_stun_packet_attribute_t *attribute, switch_stun_packet_header_t *header, char *ipstr, switch_size_t iplen, uint16_t *port)
 {
        switch_stun_ip_t *ip;
+       switch_stun_ipv6_t *ipv6;
        uint8_t x, *i;
        char *p = ipstr;
 
        ip = (switch_stun_ip_t *) attribute->value;
 
        if (ip->family == 2) {
-               uint8_t *v6addr = (uint8_t *) &ip->address;
+               uint8_t *v6addr;
+
+               ipv6 = (switch_stun_ipv6_t *)attribute->value;
+               v6addr = (uint8_t *) &ipv6->address;
                v6_xor(v6addr, (uint8_t *)header->id);
                inet_ntop(AF_INET6, v6addr, ipstr, iplen);
        } else {
Mirror of https://github.com/signalwire/freeswitch.git