Bug 820410/bug 818293/bug 817432/bug 817341: Update to imported ICE library r=jesup

2012-12-13 14:01:13 -06:00 · 2012-12-13 14:01:13 -06:00 · a8ee93abb1
--- a/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
@ -222,7 +222,7 @@ static int nr_ice_get_foundation(nr_ice_ctx *ctx,nr_ice_candidate *cand)
      if(cand->stun_server != foundation->stun_server)
        goto next;

-      sprintf(fnd,"%d",i);
+      snprintf(fnd,sizeof(fnd),"%d",i);
      if(!(cand->foundation=r_strdup(fnd)))
        ABORT(R_NO_MEMORY);
      return(0);
@ -239,7 +239,7 @@ static int nr_ice_get_foundation(nr_ice_ctx *ctx,nr_ice_candidate *cand)
    foundation->stun_server=cand->stun_server;
    STAILQ_INSERT_TAIL(&ctx->foundations,foundation,entry);

-    sprintf(fnd,"%d",i);
+    snprintf(fnd,sizeof(fnd),"%d",i);
    if(!(cand->foundation=r_strdup(fnd)))
      ABORT(R_NO_MEMORY);

--- a/media/mtransport/third_party/nICEr/src/ice/ice_candidate_pair.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_candidate_pair.c
@ -117,7 +117,7 @@ int nr_ice_candidate_pair_create(nr_ice_peer_ctx *pctx, nr_ice_candidate *lcand,
    t_priority = tmpcand.priority;

    /* Our sending context */
-    if(r=nr_concat_strings(&l2ruser,lufrag,":",rufrag,NULL))
+    if(r=nr_concat_strings(&l2ruser,rufrag,":",lufrag,NULL))
      ABORT(r);
    if(r=nr_stun_client_ctx_create(pair->as_string,
      lcand->osock,
@ -125,7 +125,7 @@ int nr_ice_candidate_pair_create(nr_ice_peer_ctx *pctx, nr_ice_candidate *lcand,
      ABORT(r);
    if(!(pair->stun_client->params.ice_binding_request.username=r_strdup(l2ruser)))
      ABORT(R_NO_MEMORY);
-    if(r=r_data_make(&pair->stun_client->params.ice_binding_request.password,(UCHAR *)lpwd,strlen(lpwd)))
+    if(r=r_data_make(&pair->stun_client->params.ice_binding_request.password,(UCHAR *)rpwd,strlen(rpwd)))
      ABORT(r);
    pair->stun_client->params.ice_binding_request.priority=t_priority;
    pair->stun_client->params.ice_binding_request.control = pctx->controlling?
@ -135,9 +135,9 @@ int nr_ice_candidate_pair_create(nr_ice_peer_ctx *pctx, nr_ice_candidate *lcand,

    /* Our receiving username/passwords. Stash these for later 
       injection into the stun server ctx*/
-    if(r=nr_concat_strings(&pair->r2l_user,rufrag,":",lufrag,NULL))
+    if(r=nr_concat_strings(&pair->r2l_user,lufrag,":",rufrag,NULL))
      ABORT(r);
-    if(!(r2lpass=r_strdup(rpwd)))
+    if(!(r2lpass=r_strdup(lpwd)))
      ABORT(R_NO_MEMORY);
    INIT_DATA(pair->r2l_pwd,(UCHAR *)r2lpass,strlen(r2lpass));
    
--- a/media/mtransport/third_party/nICEr/src/ice/ice_parser.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_parser.c
@ -101,7 +101,7 @@ grab_token(char **str, char **out)
    if (!tmp)
        ABORT(R_NO_MEMORY);

-    strncpy(tmp, *str, len);
+    memcpy(tmp, *str, len);
    tmp[len] = '\0';

    *str = c;
@ -319,12 +319,15 @@ nr_ice_peer_candidate_from_attribute(nr_ice_ctx *ctx,char *orig,nr_ice_media_str

    skip_whitespace(&str);

+    /* Ignore extensions per RFC 5245 S 15.1 */
+#if 0
    /* This used to be an assert, but we don't want to exit on invalid
       remote data */
    if (strlen(str) != 0) {
      ABORT(R_BAD_DATA);
    }
-      
+#endif
+
    *candp=cand;

    _status=0;
@ -377,9 +380,12 @@ nr_ice_peer_ctx_parse_media_stream_attribute(nr_ice_peer_ctx *pctx, nr_ice_media
    }

    skip_whitespace(&str);
-    /* it's expected to be at EOD at this point */

-    assert(strlen(str) == 0);
+    /* RFC 5245 grammar doesn't have an extension point for ice-pwd or
+       ice-ufrag: if there's anything left on the line, we treat it as bad. */
+    if (str[0] != '\0') {
+      ABORT(R_BAD_DATA);
+    }

    _status=0;
  abort:
@ -403,7 +409,7 @@ nr_ice_peer_ctx_parse_global_attributes(nr_ice_peer_ctx *pctx, char **attrs, int
    unsigned int port;
    in_addr_t addr;
    char *ice_option_tag = 0;
-    
+
    for(i=0;i<attr_ct;i++){
        orig = str = attrs[i];

@ -517,9 +523,13 @@ nr_ice_peer_ctx_parse_global_attributes(nr_ice_peer_ctx *pctx, char **attrs, int
        }

        skip_whitespace(&str);
-        /* it's expected to be at EOD at this point */

-        assert(strlen(str) == 0);
+      /* RFC 5245 grammar doesn't have an extension point for any of the
+         preceding attributes: if there's anything left on the line, we
+         treat it as bad data. */
+      if (str[0] != '\0') {
+        ABORT(R_BAD_DATA);
+      }
    }

    _status=0;
--- a/media/mtransport/third_party/nICEr/src/stun/addrs.c
+++ b/media/mtransport/third_party/nICEr/src/stun/addrs.c
@ -158,7 +158,7 @@ stun_grab_addrs(char *name, int addrcount, struct ifa_msghdr *ifam, nr_transport
    struct sockaddr_in *sin;

    ifr.ifr_addr.sa_family = AF_INET;
-    strncpy(ifr.ifr_name, name, sizeof ifr.ifr_name);
+    strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));

    if ((s = socket(ifr.ifr_addr.sa_family, SOCK_DGRAM, 0)) < 0) {
      r_log(NR_LOG_STUN, LOG_WARNING, "unable to obtain addresses from socket");
@ -266,7 +266,11 @@ stun_get_mib_addrs(nr_transport_addr addrs[], int maxaddrs, int *count)
            next += nextifm->ifm_msglen;
        }

-        strncpy(name, sdl->sdl_data, sdl->sdl_nlen);
+        if (sdl->sdl_nlen > sizeof(name) - 1) {
+            ABORT(R_INTERNAL);
+        }
+
+        memcpy(name, sdl->sdl_data, sdl->sdl_nlen);
        name[sdl->sdl_nlen] = '\0';

        stun_grab_addrs(name, addrcount, ifam, addrs, maxaddrs, count);
@ -303,7 +307,7 @@ static int nr_win32_get_adapter_friendly_name(char *adapter_GUID, char **friendl
    mbstowcs_s(&converted_chars, adapter_GUID_tchar, strlen(adapter_GUID)+1,
               adapter_GUID, _TRUNCATE);
 #else
-    strncpy(adapter_GUID_tchar, _NR_MAX_NAME_LENGTH, adapter_GUID);
+    strlcpy(adapter_GUID_tchar, adapter_GUID, _NR_MAX_NAME_LENGTH);
 #endif

    _tcscpy_s(adapter_key, _NR_MAX_KEY_LENGTH, TEXT(_ADAPTERS_BASE_REG));
@ -430,7 +434,7 @@ stun_get_win32_addrs(nr_transport_addr addrs[], int maxaddrs, int *count)
        addrs[n].addr=(struct sockaddr *)&(addrs[n].u.addr4);
        addrs[n].addr_len=sizeof(struct sockaddr_in);

-        strncpy(addrs[n].ifname, munged_ifname, sizeof(addrs[n].ifname));
+        strlcpy(addrs[n].ifname, munged_ifname, sizeof(addrs[n].ifname));
        snprintf(addrs[n].as_string,40,"IP4:%s:%d",inet_ntoa(addrs[n].u.addr4.sin_addr),
                 ntohs(addrs[n].u.addr4.sin_port));

@ -530,7 +534,7 @@ stun_get_win32_addrs(nr_transport_addr addrs[], int maxaddrs, int *count)
            continue;
          }

-          strncpy(addrs[n].ifname, munged_ifname, sizeof(addrs[n].ifname));
+          strlcpy(addrs[n].ifname, munged_ifname, sizeof(addrs[n].ifname));
          if (++n >= maxaddrs)
            goto done;
        }
--- a/media/mtransport/third_party/nICEr/src/stun/stun_codec.c
+++ b/media/mtransport/third_party/nICEr/src/stun/stun_codec.c
@ -397,7 +397,8 @@ nr_stun_attr_codec_addr_encode(nr_stun_attr_info *attr_info, void *data, int off
        break;

    case NR_IPV6:
-        UNIMPLEMENTED;
+        assert(0);
+        ABORT(R_INTERNAL);
        break;
    default:
        assert(0);
--- a/media/mtransport/third_party/nICEr/src/stun/stun_msg.c
+++ b/media/mtransport/third_party/nICEr/src/stun/stun_msg.c
@ -58,7 +58,7 @@ nr_stun_message_create(nr_stun_message **msg)
    m = RCALLOC(sizeof(*m));
    if (!m)
        ABORT(R_NO_MEMORY);
- 
+
    TAILQ_INIT(&m->attributes);

    *msg = m;
@ -74,6 +74,10 @@ nr_stun_message_create2(nr_stun_message **msg, UCHAR *buffer, int length)
    int r,_status;
    nr_stun_message *m = 0;

+    if (length > sizeof(m->buffer)) {
+        ABORT(R_BAD_DATA);
+    }
+
    if ((r=nr_stun_message_create(&m)))
        ABORT(r);

@ -200,7 +204,7 @@ NR_STUN_MESSAGE_ADD_ATTRIBUTE(
 int
 nr_stun_message_add_error_code_attribute(nr_stun_message *msg, UINT2 number, char *reason)
 NR_STUN_MESSAGE_ADD_ATTRIBUTE(
-    NR_STUN_ATTR_ERROR_CODE, 
+    NR_STUN_ATTR_ERROR_CODE,
    {
        attr->u.error_code.number = number;
        strlcpy(attr->u.error_code.reason, reason, sizeof(attr->u.error_code.reason));
--- a/media/mtransport/third_party/nICEr/src/stun/stun_server_ctx.c
+++ b/media/mtransport/third_party/nICEr/src/stun/stun_server_ctx.c
@ -391,7 +391,8 @@ int nr_stun_get_message_client(nr_stun_server_ctx *ctx, nr_stun_message *req, nr
    }

    STAILQ_FOREACH(clnt, &ctx->clients, entry) {
-        if (!strcmp(clnt->username, attr->u.username))
+        if (!strncmp(clnt->username, attr->u.username,
+                     sizeof(attr->u.username)))
            break;
    }
    if (!clnt) {
--- a/media/mtransport/third_party/nICEr/src/stun/stun_util.c
+++ b/media/mtransport/third_party/nICEr/src/stun/stun_util.c
@ -83,7 +83,8 @@ nr_stun_xor_mapped_address(UINT4 magicCookie, nr_transport_addr *from, nr_transp
            from->protocol, to);
        break;
    case NR_IPV6:
-        UNIMPLEMENTED;
+        assert(0);
+        ABORT(R_INTERNAL);
        break;
    default:
        assert(0);
--- a/media/mtransport/third_party/nICEr/src/stun/turn_client_ctx.c
+++ b/media/mtransport/third_party/nICEr/src/stun/turn_client_ctx.c
@ -101,7 +101,8 @@ nr_turn_client_next_action(nr_turn_client_ctx *ctx, int stun_ctx_state)
 #if 0
            ctx->state = NR_TURN_CLIENT_STATE_ACTIVE;
 #else
-            UNIMPLEMENTED;
+            assert(0);
+            ABORT(R_INTERNAL);
 #endif
            r_log(NR_LOG_TURN,LOG_DEBUG,"TURN-CLIENT(%s): Active", ctx->label);
        }
@ -112,6 +113,9 @@ nr_turn_client_next_action(nr_turn_client_ctx *ctx, int stun_ctx_state)
        }
        else {
            ++(ctx->phase);
+            if (ctx->phase > NUMBER_OF_STUN_CTX) {
+                ABORT(R_INTERNAL);
+            }

            ctx->state=NR_TURN_CLIENT_STATE_RUNNING;