From 216db7d99859b1d5b77cb97f95ae85c5223b91c4 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Fri, 10 Mar 2023 08:32:58 -0500
Subject: [PATCH] MT#55283 use correct password for STUN errors

We're supposed to use the remote password for sending STUN error
responses (same as for sending STUN success responses), not the local
one.

Fixes a bug from 2015.

Closes #1626

Change-Id: I975178405dcd41661bdc5e0c1208295f9db70006
(cherry picked from commit 394ed2fc62449e04843a6b734e3f8c63e004b09e)
---
 daemon/stun.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/daemon/stun.c b/daemon/stun.c
index 9d0f37bc6..3104c70db 100644
--- a/daemon/stun.c
+++ b/daemon/stun.c
@@ -393,7 +393,7 @@ static void stun_error_len(struct stream_fd *sfd, const endpoint_t *sin,
 	if (attr_cont)
 		output_add_data_wr(&mh, &aa, add_attr, attr_cont, attr_len);
 
-	integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[0]);
+	integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[1]);
 	fingerprint(&mh, &fp);
 
 	output_finish_src(&mh);
@@ -464,7 +464,6 @@ static int check_auth(const str *msg, struct stun_attrs *attrs, struct call_medi
 	return memcmp(digest, attrs->msg_integrity.s, 20) ? -1 : 0;
 }
 
-/* XXX way too many parameters being passed around here, unify into a struct */
 static int stun_binding_success(struct stream_fd *sfd, struct header *req, struct stun_attrs *attrs,
 		const endpoint_t *sin)
 {