From 93c5387180617568fdd55da84ac8e2dedc7f51e6 Mon Sep 17 00:00:00 2001
From: Haseeb Abdul Qadir <haseebq@jumpdesktop.com>
Date: Fri, 21 May 2021 07:51:45 -0400
Subject: [PATCH 1/2] Avoid using bzero for the entire stun_buffer_list_elem
 and only init metadata

On high traffic servers bzero -> memset takes a significant amount of time because each stun_buffer_list_elem can be ~64kb
---
 src/apps/relay/ns_ioalib_engine_impl.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/apps/relay/ns_ioalib_engine_impl.c b/src/apps/relay/ns_ioalib_engine_impl.c
index 4640225b..e979a540 100644
--- a/src/apps/relay/ns_ioalib_engine_impl.c
+++ b/src/apps/relay/ns_ioalib_engine_impl.c
@@ -297,15 +297,15 @@ static stun_buffer_list_elem *new_blist_elem(ioa_engine_handle e)
 
 	if(!ret) {
 	  ret = (stun_buffer_list_elem *)malloc(sizeof(stun_buffer_list_elem));
-	  if (ret) {
-		ret->next = NULL;
-	  } else {
-		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Cannot allocate memory for STUN buffer!\n", __FUNCTION__);
-	  }
 	}
 
 	if(ret) {
-	  bzero(&ret->buf, sizeof(stun_buffer));
+	  ret->buf.len = 0;
+	  ret->buf.offset = 0;
+	  ret->buf.coffset = 0;
+	  ret->next = NULL;
+	} else {
+	  TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Cannot allocate memory for STUN buffer!\n", __FUNCTION__);
 	}
 
 	return ret;

From e88de80abd566dafcda0260e7a35a1db5d43b674 Mon Sep 17 00:00:00 2001
From: Haseeb Abdul Qadir <haseebq@jumpdesktop.com>
Date: Sat, 22 May 2021 11:53:25 -0400
Subject: [PATCH 2/2] Make sure we zero out any padding added to the attribute

---
 src/client/ns_turn_msg.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c
index d0c8d889..c23312be 100644
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@@ -1448,8 +1448,10 @@ int stun_attr_add_str(uint8_t* buf, size_t *len, uint16_t attr, const uint8_t* a
   int clen = stun_get_command_message_len_str(buf,*len);
   int newlen = clen + 4 + alen;
   int newlenrem4=newlen & 0x00000003;
+  int paddinglen = 0;
   if(newlenrem4) {
-    newlen=newlen+(4-newlenrem4);
+	paddinglen=4-newlenrem4;
+    newlen=newlen+paddinglen;
   }
   if(newlen>=MAX_STUN_MESSAGE_SIZE) return -1;
   else {
@@ -1463,6 +1465,10 @@ int stun_attr_add_str(uint8_t* buf, size_t *len, uint16_t attr, const uint8_t* a
     attr_start_16t[0]=nswap16(attr);
     attr_start_16t[1]=nswap16(alen);
     if(alen>0) bcopy(avalue,attr_start+4,alen);
+	
+	// Write 0 padding to not leak data
+	bzero(attr_start+4+alen, paddinglen);
+
     return 0;
   }
 }