mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-12-27 19:01:02 +01:00
Code Issues Projects Releases Wiki Activity
1,412 Commits 26 Branches 129 Tags
Commit Graph

129 Commits

Author SHA1 Message Date
Mészáros Mihály
abfe1fd08d Merge branch 'advisory-fix-1' CVE-2020-26262 2021-01-10 20:59:14 +01:00
Mészáros Mihály
d84028b6db Simplify the ipv6 ::/128 (in6addr_any) check 2020-12-10 14:17:00 +01:00
Mészáros Mihály
dd0ffdb51a Add comment to ioa_addr_is_zero 2020-12-10 14:15:26 +01:00
Mészáros Mihály
560684c894 Tidy: Move zero check to own function 2020-12-07 08:32:09 +01:00
Sandro Gauci
6c774b9fb8 ioa_addr_is_loopback now also covers :: 2020-11-30 14:05:22 +01:00
Sandro Gauci
af50d63a15 ioa_addr_is_loopback ipv6 now properly blocks ::1 2020-11-30 14:04:27 +01:00
Sandro Gauci
ff5e5478a3 ioa_addr_is_loopback now covers 0.0.0.0/8 2020-11-30 14:02:35 +01:00
Cédric Krier
5b6739a793 Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL 
Fix #552
 2020-07-19 10:48:44 +02:00
islamoglus
a43d3b63b4 ignore md5 for boringssl 2020-06-11 07:40:00 +03:00
Mészáros Mihály
4722697645 Fix compiler warnings 
* Changed type from int to size_t to avoid warning
  warning: comparison between signed and unsigned integer expressions
* Fixed string truncation warning
 2020-03-03 15:26:01 +01:00
Mészáros Mihály
c534eaef41 Merge branch 'input-validation' 
Merge PR #472
 2020-02-18 14:46:11 +01:00
Mészáros Mihály
79361c170f Merge branch 'fips' 2020-02-18 14:36:37 +01:00
Mészáros Mihály
4badbbf018
Merge pull request #470 from FeralInteractive/compiler-fixes 
Compiler warning fixes
 2020-02-12 07:56:54 +01:00
Feral Interactive
efa7a47632 Silence shadow variable declaration warning. 
'sar', 'value', and 'vlen' already exist in an outer scope and are safe to reuse since they're overwritten before being used again.
 2019-11-20 00:03:46 +00:00
Feral Interactive
9b8baa8055 Validate the size of an attribute before returning it to the caller. 
Previously this was being done in stun_attr_get_next_str() to check that the previous attribute didn't exceed the size of the underlying buffer, however by that point any maliciously crafted attributes would have already had their chance to attack the caller.
 2019-11-19 23:48:41 +00:00
Feral Interactive
14cb1c94e7 Validate the size of the buffer in stun_get_command_message_len_str(). 
Without this the caller could read off the end of the underlying buffer if it receives a maliciously crafted packet with an invalid header size.
 2019-11-19 23:48:34 +00:00
Feral Interactive
353e3b98e6 Add some casts to appease compiler warnings about narrowing. 2019-11-19 23:47:19 +00:00
Feral Interactive
b1990b6130 Liberally apply const where appropriate. 2019-11-19 23:47:11 +00:00
Feral Interactive
763d1f1b9c Fix a memory leak when an SHATYPE isn't supported. 
Deallocating `str` happens at the end of the function, so don't skip it when encountering an unsupported SHATYPE.
 2019-11-19 23:45:37 +00:00
Byron Clark
0e03fa86df Remove OPENSSL_FIPS wrappers. 
Because we're building with a FIPS enabled OpenSSL instead of the FIPS
canister, the resulting build should be usable on both FIPS and non-FIPS
enabled systems. Since we can't rely on building with a FIPS enabled
OpenSSL, defer the check to runtime.
 2019-05-26 10:52:51 -06:00
Byron Clark
6b01b6f450 Allow MD5 in FIPS mode. 
This is one of those special cases where a non approved cryptographic
algorithm is allowed when operating in FIPS mode. Inform OpenSSL that
this is the case.

In the STUN RFC the long-term credential mechanism requires that the key
used in the HMAC-SHA1 generation be the MD5 of specific values:
https://tools.ietf.org/html/rfc5389#section-15.4

Since this is obfuscating parameters to be used in an approved
cryptographic algorithm, this is allowed usage per the [FIPS 140-2 Implementation Guidance](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf).
See page 81.

Without this change, coturn crashes when trying to set up any long-term
credential mechanism.
 2019-05-24 00:16:36 +00:00
Byron Clark
68feff5ca3 Use EVP_MD_CTX instead of MD5_CTX. 
Switch to EVP_MD_CTX APIs for MD5 to match how other digest types are
created in this function.
 2019-05-24 00:01:52 +00:00
Bradley T. Hughes
d2ee3ac291 Remove [su]{08,16,32,64}bits type defines 
Do not overload the standard types with #defines, just use them
directly.
 2019-03-08 09:08:30 +01:00
Bradley T. Hughes
7a43aae7c3 Remove ns_bzero(), ns_bcopy(), and ns_bcmp() 
Do not overload bzero(), bcopy(), and bcmp() from strings.h
 2019-03-07 08:39:20 +01:00
Bradley T. Hughes
043b102e38 Remove turn_strdup() 
Do not overload strdup() from string.h
 2019-03-07 08:00:08 +01:00
Bradley T. Hughes
b50fc77124 Remote turn_free() 
Do not overload free() with a different API.
 2019-03-07 07:58:12 +01:00
Bradley T. Hughes
31033c3ffa Remote turn_realloc() 
Do not overload realloc() with a different API.
 2019-03-07 07:57:35 +01:00
Bradley T. Hughes
fef016901e Remove turn_malloc() 
Do not overload malloc() from stdlib.h
 2019-03-06 23:38:20 +01:00
Mészáros Mihály
53bae81e78 SPARC64 mem alingment fixes 2019-03-02 21:18:41 +01:00
Mészáros Mihály
bf30f5adc0 set addrtmp size to IPv6 address max length 
To avoid -Wformat-truncation
 2018-12-19 13:12:15 +01:00
Oleg Moskalenko
95eec6b88b minor cleaning 2016-10-03 22:48:40 -07:00
Richard Garnier
027a760066 fix memory initialization 2016-10-04 09:50:05 +09:00
Oleg Moskalenko
2434b95e89 Merge branch 'permission' of https://github.com/akatsukle/coturn into akatsukle-permission 2016-09-25 00:01:14 -07:00
Oleg Moskalenko
bd5ff5fe2f Merge branch 'channel-lifetime' of https://github.com/akatsukle/coturn into akatsukle-channel-lifetime 2016-09-24 23:49:36 -07:00
Oleg Moskalenko
49e632d37f Merge branch 'lifetime-p' of https://github.com/akatsukle/coturn into akatsukle-lifetime-p 2016-09-24 23:04:34 -07:00
Richard Garnier
2128253b31 channel lifetime 2016-09-20 15:04:28 +09:00
Richard Garnier
98e7a36515 permission lifetime 2016-09-20 14:55:45 +09:00
Richard Garnier
3d5140c995 parameter for stale-nonce 2016-09-20 14:26:29 +09:00
Richard Garnier
5a24333eaa max lifetime parameters 2016-09-20 13:57:31 +09:00
Mészáros Mihály
9b7256e32f nonce decode and display & fix auto random nonce generation 2016-09-07 15:28:27 +02:00
Oleg Moskalenko
7624480c8f compilation warning fixed 2016-09-05 21:53:39 -07:00
Oleg Moskalenko
a2c17748af cleaning 2016-08-27 20:18:42 -07:00
Oleg Moskalenko
79aed7d8b7 libreSSL compatibility 2016-08-27 16:49:26 -07:00
Oleg Moskalenko
73f891f666 compilation cleaned 2016-08-20 22:16:19 -07:00
Oleg Moskalenko
eec7e0cac9 basic OpenSSL 1.1.0 support 2016-08-20 18:49:30 -07:00
Oleg Moskalenko
0752c18b4d MOBILITY-TICKET changed to 0x8030 2015-08-27 05:20:29 -07:00
Oleg Moskalenko
de84442ade conflict resolution for STUN attributes (temporary solution) 2015-08-27 00:55:40 -07:00
Oleg Moskalenko
81012200c0 mobility STUN moved to experimental and conflict resolved 2015-08-27 00:43:15 -07:00
mom040267
15291e813c header file renamed 2015-06-27 09:32:35 +00:00
mom040267
8e3834ce1b oauth stuff moved out of 'new' because it is more-or-less established now 2015-06-27 09:26:55 +00:00