diff options
author | Fabrice Bellet <fabrice@bellet.info> | 2021-02-13 14:16:10 +0100 |
---|---|---|
committer | Olivier CrĂȘte <olivier.crete@collabora.com> | 2021-05-13 19:21:46 -0400 |
commit | a0cfef727f6fdbc584514b6eefc6d9743874df97 (patch) | |
tree | 46b16ab3fe254f9e947b9403f376e61e8682b28d | |
parent | 90a91282dd38e60c9aa149e24454a963dcbc2763 (diff) | |
download | libnice-a0cfef727f6fdbc584514b6eefc6d9743874df97.tar.gz |
test-restart: fix potential stack buffer overflow with new candidate API
-rw-r--r-- | tests/test-restart.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/tests/test-restart.c b/tests/test-restart.c index 2f1e1b6..18bf8d2 100644 --- a/tests/test-restart.c +++ b/tests/test-restart.c @@ -199,18 +199,17 @@ static void priv_get_local_addr (NiceAgent *agent, guint stream_id, guint compon static int run_restart_test (NiceAgent *lagent, NiceAgent *ragent, NiceAddress *baseaddr) { NiceAddress laddr, raddr, laddr_rtcp, raddr_rtcp; - NiceCandidate cdes; + NiceCandidate *cdes; GSList *cands; guint ls_id, rs_id; /* XXX: dear compiler, these are for you: */ (void)baseaddr; - memset (&cdes, 0, sizeof(NiceCandidate)); - cdes.priority = 10000; - strcpy (cdes.foundation, "1"); - cdes.type = NICE_CANDIDATE_TYPE_HOST; - cdes.transport = NICE_CANDIDATE_TRANSPORT_UDP; + cdes = nice_candidate_new (NICE_CANDIDATE_TYPE_HOST); + cdes->priority = 100000; + strcpy (cdes->foundation, "1"); + cdes->transport = NICE_CANDIDATE_TRANSPORT_UDP; /* step: initialize variables modified by the callbacks */ global_components_ready = 0; @@ -276,7 +275,7 @@ static int run_restart_test (NiceAgent *lagent, NiceAgent *ragent, NiceAddress * nice_address_get_port (&laddr_rtcp)); /* step: pass the remote candidates to agents */ - cands = g_slist_append (NULL, &cdes); + cands = g_slist_append (NULL, cdes); { gchar *ufrag = NULL, *password = NULL; nice_agent_get_local_credentials(lagent, ls_id, &ufrag, &password); @@ -290,15 +289,15 @@ static int run_restart_test (NiceAgent *lagent, NiceAgent *ragent, NiceAddress * g_free (ufrag); g_free (password); } - cdes.component_id = NICE_COMPONENT_TYPE_RTP; - cdes.addr = raddr; + cdes->component_id = NICE_COMPONENT_TYPE_RTP; + cdes->addr = raddr; nice_agent_set_remote_candidates (lagent, ls_id, NICE_COMPONENT_TYPE_RTP, cands); - cdes.addr = laddr; + cdes->addr = laddr; nice_agent_set_remote_candidates (ragent, rs_id, NICE_COMPONENT_TYPE_RTP, cands); - cdes.component_id = NICE_COMPONENT_TYPE_RTCP; - cdes.addr = raddr_rtcp; + cdes->component_id = NICE_COMPONENT_TYPE_RTCP; + cdes->addr = raddr_rtcp; nice_agent_set_remote_candidates (lagent, ls_id, NICE_COMPONENT_TYPE_RTCP, cands); - cdes.addr = laddr_rtcp; + cdes->addr = laddr_rtcp; nice_agent_set_remote_candidates (ragent, rs_id, NICE_COMPONENT_TYPE_RTCP, cands); /* This role switch request will be effective after restart. We test * here that the role cannot be externally modified after conncheck @@ -362,15 +361,15 @@ static int run_restart_test (NiceAgent *lagent, NiceAgent *ragent, NiceAddress * global_components_ready = 0; /* step: exchange remote candidates */ - cdes.component_id = NICE_COMPONENT_TYPE_RTP; - cdes.addr = raddr; + cdes->component_id = NICE_COMPONENT_TYPE_RTP; + cdes->addr = raddr; nice_agent_set_remote_candidates (lagent, ls_id, NICE_COMPONENT_TYPE_RTP, cands); - cdes.addr = laddr; + cdes->addr = laddr; nice_agent_set_remote_candidates (ragent, rs_id, NICE_COMPONENT_TYPE_RTP, cands); - cdes.component_id = NICE_COMPONENT_TYPE_RTCP; - cdes.addr = raddr_rtcp; + cdes->component_id = NICE_COMPONENT_TYPE_RTCP; + cdes->addr = raddr_rtcp; nice_agent_set_remote_candidates (lagent, ls_id, NICE_COMPONENT_TYPE_RTCP, cands); - cdes.addr = laddr_rtcp; + cdes->addr = laddr_rtcp; nice_agent_set_remote_candidates (ragent, rs_id, NICE_COMPONENT_TYPE_RTCP, cands); g_main_loop_run (global_mainloop); @@ -388,6 +387,7 @@ static int run_restart_test (NiceAgent *lagent, NiceAgent *ragent, NiceAddress * /* step: clean up resources and exit */ g_slist_free (cands); + nice_candidate_free (cdes); nice_agent_remove_stream (lagent, ls_id); nice_agent_remove_stream (ragent, rs_id); |