From: <arc...@us...> - 2012-12-22 01:50:09
|
Revision: 607 http://sourceforge.net/p/sipp/code/607 Author: arcady-91 Date: 2012-12-22 01:50:07 +0000 (Sat, 22 Dec 2012) Log Message: ----------- Merged from Fedora RPM - fix compile with -D_FORTIFY_SOURCE=2 gcc parameter Modified Paths: -------------- sipp/trunk/auth.c Modified: sipp/trunk/auth.c =================================================================== --- sipp/trunk/auth.c 2012-12-22 01:50:03 UTC (rev 606) +++ sipp/trunk/auth.c 2012-12-22 01:50:07 UTC (rev 607) @@ -224,6 +224,7 @@ static unsigned int mync = 1; int has_opaque = 0; md5_state_t Md5Ctx; + char tmpbuf[2048]; // Extract the Auth Type - If not present, using 'none' cnonce[0] = '\0'; @@ -284,9 +285,11 @@ hashToHex(&ha2[0], &ha2_hex[0]); if (cnonce[0] != '\0') { - sprintf(result, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype); + snprintf(tmpbuf, 2048, ",cnonce=\"%s\",nc=%s,qop=%s",cnonce,nc,authtype); + strcat(result,tmpbuf); } - sprintf(result, "%s,uri=\"%s\"",result,tmp); + snprintf(tmpbuf, 2048, ",uri=\"%s\"",tmp); + strcat(result,tmpbuf); // Extract the Nonce if (!getAuthParameter("nonce", auth, tmp, sizeof(tmp))) { @@ -311,10 +314,12 @@ md5_finish(&Md5Ctx, resp); hashToHex(&resp[0], &resp_hex[0]); - sprintf(result, "%s,nonce=\"%s\",response=\"%s\",algorithm=%s",result,tmp,resp_hex,algo); + snprintf(tmpbuf, 2048, ",nonce=\"%s\",response=\"%s\",algorithm=%s",tmp,resp_hex,algo); + strcat(result,tmpbuf); if (has_opaque) { - sprintf(result, "%s,opaque=\"%s\"",result,opaque); + snprintf(tmpbuf, 2048, ",opaque=\"%s\"",opaque); + strcat(result,tmpbuf); } return 1; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <arc...@us...> - 2013-02-15 00:44:27
|
Revision: 636 http://sourceforge.net/p/sipp/code/636 Author: arcady-91 Date: 2013-02-15 00:44:25 +0000 (Fri, 15 Feb 2013) Log Message: ----------- Fixed memory leak Modified Paths: -------------- sipp/trunk/auth.c Modified: sipp/trunk/auth.c =================================================================== --- sipp/trunk/auth.c 2013-02-15 00:44:19 UTC (rev 635) +++ sipp/trunk/auth.c 2013-02-15 00:44:25 UTC (rev 636) @@ -588,6 +588,7 @@ /* compute XMAC */ f1(k,rnd,sqn,(unsigned char *) aka_AMF,xmac,op); if (memcmp(mac,xmac,MACLEN)!=0) { + free(nonce); sprintf(result,"createAuthHeaderAKAv1MD5 : MAC != eXpectedMAC -> Server might not know the secret (man-in-the-middle attack?) \n"); return 0; } @@ -603,6 +604,7 @@ resuf = createAuthHeaderMD5(user, (char *) res, RESLEN, method, uri, msgbody, auth, algo, result); if (resuf == 0) { sprintf(result,"createAuthHeaderAKAv1MD5 : Unexpected return value from createAuthHeaderMD5\n"); + free(nonce); return 0; } } else { @@ -617,6 +619,7 @@ resuf = createAuthHeaderMD5(user,"",0,method,uri,msgbody,auth,algo,result); if (resuf == 0) { sprintf(result,"createAuthHeaderAKAv1MD5 : Unexpected return value from createAuthHeaderMD5\n"); + free(nonce); return 0; } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <arc...@us...> - 2013-02-15 00:45:43
|
Revision: 644 http://sourceforge.net/p/sipp/code/644 Author: arcady-91 Date: 2013-02-15 00:45:39 +0000 (Fri, 15 Feb 2013) Log Message: ----------- A better fix for compilation with -D_FORTIFY_SOURCE=2 gcc parameter See rhbz #559620 for details: https://bugzilla.redhat.com/559620 Signed-off-by: Peter Lemenkov <lem...@gm...> Modified Paths: -------------- sipp/trunk/auth.c Modified: sipp/trunk/auth.c =================================================================== --- sipp/trunk/auth.c 2013-02-15 00:45:28 UTC (rev 643) +++ sipp/trunk/auth.c 2013-02-15 00:45:39 UTC (rev 644) @@ -226,11 +226,10 @@ md5_byte_t resp[MD5_HASH_SIZE], body[MD5_HASH_SIZE]; unsigned char ha1_hex[HASH_HEX_SIZE+1], ha2_hex[HASH_HEX_SIZE+1]; unsigned char resp_hex[HASH_HEX_SIZE+1], body_hex[HASH_HEX_SIZE+1]; - char tmp[MAX_HEADER_LEN], authtype[16], cnonce[32], nc[32], opaque[64]; + char tmp[MAX_HEADER_LEN], tmp2[MAX_HEADER_LEN], authtype[16], cnonce[32], nc[32], opaque[64]; static unsigned int mync = 1; int has_opaque = 0; md5_state_t Md5Ctx; - char tmpbuf[2048]; // Extract the Auth Type - If not present, using 'none' cnonce[0] = '\0'; @@ -291,11 +290,11 @@ hashToHex(&ha2[0], &ha2_hex[0]); if (cnonce[0] != '\0') { - snprintf(tmpbuf, 2048, ",cnonce=\"%s\",nc=%s,qop=%s",cnonce,nc,authtype); - strcat(result,tmpbuf); + snprintf(tmp2, sizeof(tmp2), ",cnonce=\"%s\",nc=%s,qop=%s",cnonce,nc,authtype); + strcat(result,tmp2); } - snprintf(tmpbuf, 2048, ",uri=\"%s\"",tmp); - strcat(result,tmpbuf); + snprintf(tmp2, sizeof(tmp2), ",uri=\"%s\"",tmp); + strcat(result,tmp2); // Extract the Nonce if (!getAuthParameter("nonce", auth, tmp, sizeof(tmp))) { @@ -320,12 +319,12 @@ md5_finish(&Md5Ctx, resp); hashToHex(&resp[0], &resp_hex[0]); - snprintf(tmpbuf, 2048, ",nonce=\"%s\",response=\"%s\",algorithm=%s",tmp,resp_hex,algo); - strcat(result,tmpbuf); + snprintf(tmp2, sizeof(tmp2), ",nonce=\"%s\",response=\"%s\",algorithm=%s",tmp,resp_hex,algo); + strcat(result,tmp2); if (has_opaque) { - snprintf(tmpbuf, 2048, ",opaque=\"%s\"",opaque); - strcat(result,tmpbuf); + snprintf(tmp2, sizeof(tmp2), ",opaque=\"%s\"",opaque); + strcat(result,tmp2); } return 1; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |