apitech
/
coturn
mirror of https://github.com/coturn/coturn
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix missing null termination after strncpy in PostgreSQL driver (dbd_pgsql.c)

Browse Source 
Vulnerability: strncpy(realm/pwd, ...) did not null-terminate when
value length >= STUN_MAX_*_SIZE, causing unterminated strings.

Fix: Set realm[STUN_MAX_REALM_SIZE] and pwd[STUN_MAX_PWD_SIZE]
to '\0' after each strncpy.

Co-authored-by: Cursor <cursoragent@cursor.com>
pull/1804/head
Pavel Punsky 3 weeks ago
parent 29facbe639
commit 00a4a970d5
1 changed files with 2 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      src/apps/relay/dbdrivers/dbd_pgsql.c

2
src/apps/relay/dbdrivers/dbd_pgsql.c
Unescape View File

@ -883,10 +883,12 @@ static int pgsql_get_admin_user(const uint8_t *usname, uint8_t *realm, password_
const char *kval = PQgetvalue(res, 0, 0);
if (kval) {
strncpy((char *)realm, kval, STUN_MAX_REALM_SIZE);
realm[STUN_MAX_REALM_SIZE] = '\0';
}
kval = (const char *)PQgetvalue(res, 0, 1);
if (kval) {
strncpy((char *)pwd, kval, STUN_MAX_PWD_SIZE);
pwd[STUN_MAX_PWD_SIZE] = '\0';
}
ret = 0;
}

Write Preview
Loading…
Cancel
Save