mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-31 06:51:30 +01:00
Code Issues Projects Releases Wiki Activity

Do not write outside of a buffer in admin interface (#972)

Browse Source 
Writing outside of a buffer can only happen if incoming HTTP request is longer than UDP_STUN_BUFFER_SIZE (16KB).

This change validates that the request is no longer than the buffer size and drops it if it is the case

Fixes #342

Test plan:
- Run in debugger and send a 16KB request using curl - response returns, logs correct
- Send 16KB + 1b request - warning logged and request dropped

Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
This commit is contained in:
Pavel Punsky 2022-09-05 12:07:07 -07:00 committed by GitHub
parent 6d9b75dbef
commit a09aa989b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/apps/relay/turn_admin_server.c
View File

@ -1202,7 +1202,11 @@ static void web_admin_input_handler(ioa_socket_handle s, int event_type,
int to_be_closed = 0;
int buffer_size = (int)ioa_network_buffer_get_size(in_buffer->nbh);
if (buffer_size > 0) {
if (buffer_size >= UDP_STUN_BUFFER_SIZE) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "%s: request is too big: %d\n", __FUNCTION__, buffer_size);
to_be_closed = 1;
}
else if (buffer_size > 0) {
SOCKET_TYPE st = get_ioa_socket_type(s);