From c00dc51636b1fedead1c570aef76b32db6208f44 Mon Sep 17 00:00:00 2001
From: Matthew Jordan <mjordan@digium.com>
Date: Fri, 19 Dec 2014 19:58:50 +0000
Subject: [PATCH] stun: correct attribute string padding to match rfc

When sending the USERNAME attribute in an RTP STUN
response, the implementation in append_attr_string
passed the actual length, instead of padding it up
to a multiple of four bytes as required by the RFC
3489.  This change adds separate variables for the
string and padded attributed lengths, and performs
padding correctly.

Reported by: Thomas Arimont
Review: https://reviewboard.asterisk.org/r/4139/
........

Merged revisions 427874 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429854 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 main/stun.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/main/stun.c b/main/stun.c
index 3b4d2ad6b1..97306a691b 100644
--- a/main/stun.c
+++ b/main/stun.c
@@ -201,12 +201,15 @@ static int stun_process_attr(struct stun_state *state, struct stun_attr *attr)
 /*! \brief append a string to an STUN message */
 static void append_attr_string(struct stun_attr **attr, int attrval, const char *s, int *len, int *left)
 {
-	int size = sizeof(**attr) + strlen(s);
+	int str_length = strlen(s);
+	int attr_length = str_length + ((~(str_length - 1)) & 0x3);
+	int size = sizeof(**attr) + attr_length;
 	if (*left > size) {
 		(*attr)->attr = htons(attrval);
-		(*attr)->len = htons(strlen(s));
-		memcpy((*attr)->value, s, strlen(s));
-		(*attr) = (struct stun_attr *)((*attr)->value + strlen(s));
+		(*attr)->len = htons(attr_length);
+		memcpy((*attr)->value, s, str_length);
+		memset((*attr)->value + str_length, 0, attr_length - str_length);
+		(*attr) = (struct stun_attr *)((*attr)->value + attr_length);
 		*len += size;
 		*left -= size;
 	}
-- 
GitLab