mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2026-04-10 06:41:38 +02:00
Code Issues Projects Releases Wiki Activity
1,879 Commits 23 Branches 134 Tags
Commit Graph

2 Commits

Author SHA1 Message Date
Pavel Punsky
c85248fb7a
Fix uint16_t truncation overflow in stun_get_message_len_str() causes… (#1844) 
… TCP channel framing bypass

stun_get_message_len_str (line 931) — widened bret from uint16_t to
uint32_t. 4 + 0xFFFF = 65539 now fits without truncation; the buffer
check bret <= blen correctly returns -1 when the full message hasn't
arrived.

stun_is_channel_message_str (lines 791–795) — replaced the silent
mutation of the caller's *blen with a local blen16 variable. The
original code wrote *blen = 65535 before the function even confirmed a
valid channel message, leaving the caller's buffer-length corrupted on a
false return.

Fixes #1837
 2026-04-04 16:10:16 -07:00
Arjun
dda0c99759
fuzzing support (#982) 
Adding fuzzing to finding memory-corruption-related bugs.

Hello coturn team,
Can you check this pr harness suite for creating harnesses and compiling
harnesses?
Any other thoughts on adding a new interface for fuzzing support ?


Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>

Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
 2022-10-24 22:01:58 +02:00