Skip to content

Commit c1ce2f2

Browse files
botovqbotovq
committedMay 30, 2024
sofia-sip: don't rely on HMAC() returning a static buffer
freeswitch/sofia-sip#263
1 parent 3d43305 commit c1ce2f2

File tree

2 files changed

+44
-1
lines changed

2 files changed

+44
-1
lines changed
 

‎telephony/sofia-sip/Makefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ COMMENT= open source SIP User-Agent library
33
DISTNAME= sofia-sip-1.12.11
44
SHARED_LIBS += sofia-sip-ua-glib 0.0 # 3.0
55
SHARED_LIBS += sofia-sip-ua 0.0 # 6.0
6-
REVISION= 3
6+
REVISION= 4
77

88
API= 1.12
99

‎telephony/sofia-sip/patches/patch-libsofia-sip-ua_stun_stun_common_c

+43
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
https://github.com/freeswitch/sofia-sip/pull/263
2+
3+
Index: libsofia-sip-ua/stun/stun_common.c
4+
--- libsofia-sip-ua/stun/stun_common.c.orig
5+
+++ libsofia-sip-ua/stun/stun_common.c
6+
@@ -437,6 +437,7 @@ int stun_encode_message_integrity(stun_attr_t *attr,
7+
stun_buffer_t *pwd) {
8+
int padded_len;
9+
unsigned int dig_len;
10+
+ unsigned char md[EVP_MAX_MD_SIZE];
11+
unsigned char *padded_text = NULL;
12+
void *sha1_hmac;
13+
14+
@@ -452,10 +453,10 @@ int stun_encode_message_integrity(stun_attr_t *attr,
15+
memcpy(padded_text, buf, len);
16+
memset(padded_text + len, 0, padded_len - len);
17+
18+
- sha1_hmac = HMAC(EVP_sha1(), pwd->data, pwd->size, padded_text, padded_len, NULL, &dig_len);
19+
+ sha1_hmac = HMAC(EVP_sha1(), pwd->data, pwd->size, padded_text, padded_len, md, &dig_len);
20+
}
21+
else {
22+
- sha1_hmac = HMAC(EVP_sha1(), pwd->data, pwd->size, buf, len, NULL, &dig_len);
23+
+ sha1_hmac = HMAC(EVP_sha1(), pwd->data, pwd->size, buf, len, md, &dig_len);
24+
}
25+
26+
assert(dig_len == 20);
27+
@@ -503,6 +504,7 @@ int stun_validate_message_integrity(stun_msg_t *msg, s
28+
int padded_len, len;
29+
unsigned int dig_len;
30+
unsigned char dig[20]; /* received sha1 digest */
31+
+ unsigned char md[EVP_MAX_MD_SIZE];
32+
unsigned char *padded_text;
33+
#endif
34+
35+
@@ -528,7 +530,7 @@ int stun_validate_message_integrity(stun_msg_t *msg, s
36+
memset(padded_text, 0, padded_len);
37+
memcpy(padded_text, msg->enc_buf.data, len);
38+
39+
- memcpy(dig, HMAC(EVP_sha1(), pwd->data, pwd->size, padded_text, padded_len, NULL, &dig_len), 20);
40+
+ memcpy(dig, HMAC(EVP_sha1(), pwd->data, pwd->size, padded_text, padded_len, md, &dig_len), 20);
41+
42+
if (memcmp(dig, msg->enc_buf.data + msg->enc_buf.size - 20, 20) != 0) {
43+
/* does not match, but try the test server's password */

0 commit comments

Comments
 (0)
Please sign in to comment.