mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-11-04 17:01:39 +01:00
Code Issues Projects Releases Wiki Activity

fixing SQL injection problem

Browse Source
This commit is contained in:
mom040267 2015-06-28 06:02:34 +00:00
parent 153b2d1d41
commit cfe61ab284
4 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/apps/common/ns_turn_utils.c
View File

@ -861,21 +861,23 @@ char *turn_strdup_func(const char* s, const char* function, int line) {
//////////////////////////////// ////////////////////////////////
int secure_username(u08bits *username) int is_secure_username(const u08bits *username)
{ {
int ret = -1; int ret = 0;
if(username) { if(username) {
unsigned char *s = (unsigned char*)turn_strdup((char*)username); unsigned char *s0 = (unsigned char*)turn_strdup((const char*)username);
unsigned char *s = s0;
while(*s) { while(*s) {
*s = (unsigned char)tolower((int)*s); *s = (unsigned char)tolower((int)*s);
++s; ++s;
} }
if(strstr((char*)s," ")||strstr((char*)s,"\t")||strstr((char*)s,"'")) { s = s0;
username[0]=0; if(strstr((char*)s," ")||strstr((char*)s,"\t")||strstr((char*)s,"'")||strstr((char*)s,"\"")||strstr((char*)s,"\n")||strstr((char*)s,"\r")||strstr((char*)s,"\\")) {
} else if(strstr((char*)s,"and")&&strstr((char*)s,"union")&&strstr((char*)s,"select")) { ;
username[0]=0; } else if(strstr((char*)s,"union")&&strstr((char*)s,"select")) {
;
} else { } else {
ret = 0; ret = 1;
} }
turn_free(s,strlen((char*)s)); turn_free(s,strlen((char*)s));
} }
@ -883,3 +885,4 @@ int secure_username(u08bits *username)
} }
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////

2
src/apps/common/ns_turn_utils.h
View File

@ -78,7 +78,7 @@ void rollover_logfile(void);
/////////////////////////////////////////////////////// ///////////////////////////////////////////////////////
int secure_username(u08bits *username); int is_secure_username(const u08bits *username);
/////////////////////////////////////////////////////// ///////////////////////////////////////////////////////

4
src/apps/relay/mainrelay.c
View File

@ -1536,6 +1536,10 @@ static int adminmain(int argc, char **argv)
#endif #endif
case 'u': case 'u':
STRCPY(user,optarg); STRCPY(user,optarg);
if(!is_secure_username((u08bits*)user)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name structure or symbols, choose another name: %s\n",user);
exit(-1);
}
if(SASLprep((u08bits*)user)<0) { if(SASLprep((u08bits*)user)<0) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name: %s\n",user); TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name: %s\n",user);
exit(-1); exit(-1);

8
src/server/ns_turn_server.c
View File

@ -1015,7 +1015,9 @@ static int handle_turn_allocate(turn_turnserver *server,
} }
ns_bcopy(value,username,ulen); ns_bcopy(value,username,ulen);
username[ulen]=0; username[ulen]=0;
if(secure_username(username)<0) { if(!is_secure_username(username)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong username: %s\n", __FUNCTION__, (char*)username);
username[0]=0;
*err_code = 400; *err_code = 400;
break; break;
} }
@ -3342,7 +3344,9 @@ static int check_stun_auth(turn_turnserver *server,
ns_bcopy(stun_attr_get_value(sar),usname,alen); ns_bcopy(stun_attr_get_value(sar),usname,alen);
usname[alen]=0; usname[alen]=0;
if(secure_username(usname)<0) { if(!is_secure_username(usname)) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong username: %s\n", __FUNCTION__, (char*)usname);
usname[0]=0;
*err_code = 400; *err_code = 400;
return -1; return -1;
} else if(ss->username[0]) { } else if(ss->username[0]) {