diff options
author | Fabrice Bellet <fabrice@bellet.info> | 2019-06-09 13:13:43 +0200 |
---|---|---|
committer | Olivier CrĂȘte <olivier.crete@collabora.com> | 2019-07-04 17:03:43 -0400 |
commit | 8e5809b7f709f8f2b49022610e0da7c8e761d322 (patch) | |
tree | c33d8815d315285f26adfccbf3c8a73b1284694d /agent/candidate.h | |
parent | 17170c9a393041157f69a3d4ae4eca5a1aaf9a7a (diff) | |
download | libnice-8e5809b7f709f8f2b49022610e0da7c8e761d322.tar.gz |
discovery: fix an use-after-free in SFB user credentials
The base64 decoded username and password strings given to
stun_usage_turn_create() should not freed immediately, since they remain
used when handling the following related inbound stun replies.
Diffstat (limited to 'agent/candidate.h')
-rw-r--r-- | agent/candidate.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/agent/candidate.h b/agent/candidate.h index e556c16..3418219 100644 --- a/agent/candidate.h +++ b/agent/candidate.h @@ -141,6 +141,10 @@ typedef struct _TurnServer TurnServer; * @server: The #NiceAddress of the TURN server * @username: The TURN username * @password: The TURN password + * @decoded_username: The base64 decoded TURN username + * @decoded_password: The base64 decoded TURN password + * @decoded_username_len: The length of @decoded_username + * @decoded_password_len: The length of @decoded_password * @type: The #NiceRelayType of the server * * A structure to store the TURN relay settings @@ -152,6 +156,10 @@ struct _TurnServer NiceAddress server; gchar *username; gchar *password; + uint8_t *decoded_username; + uint8_t *decoded_password; + gsize decoded_username_len; + gsize decoded_password_len; NiceRelayType type; }; |