From 30bfdac0c2c711e0d07994e454242dd7ff0a00b5 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Fri, 10 Mar 2023 08:32:58 -0500 Subject: [PATCH] MT#55283 use correct password for STUN errors We're supposed to use the remote password for sending STUN error responses (same as for sending STUN success responses), not the local one. Fixes a bug from 2015. Closes #1626 Change-Id: I975178405dcd41661bdc5e0c1208295f9db70006 (cherry picked from commit 394ed2fc62449e04843a6b734e3f8c63e004b09e) --- daemon/stun.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/daemon/stun.c b/daemon/stun.c index 63852a10f..09e789813 100644 --- a/daemon/stun.c +++ b/daemon/stun.c @@ -393,7 +393,7 @@ static void stun_error_len(struct stream_fd *sfd, const endpoint_t *sin, if (attr_cont) output_add_data_wr(&mh, &aa, add_attr, attr_cont, attr_len); - integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[0]); + integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[1]); fingerprint(&mh, &fp); output_finish_src(&mh); @@ -464,7 +464,6 @@ static int check_auth(const str *msg, struct stun_attrs *attrs, struct call_medi return memcmp(digest, attrs->msg_integrity.s, 20) ? -1 : 0; } -/* XXX way too many parameters being passed around here, unify into a struct */ static int stun_binding_success(struct stream_fd *sfd, struct header *req, struct stun_attrs *attrs, const endpoint_t *sin) {