From 7383f9a27ff4f77fe34ba3d9803b0b9f1e143217 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Fri, 10 Mar 2023 08:32:58 -0500 Subject: [PATCH] MT#55283 use correct password for STUN errors We're supposed to use the remote password for sending STUN error responses (same as for sending STUN success responses), not the local one. Fixes a bug from 2015. Closes #1626 Change-Id: I975178405dcd41661bdc5e0c1208295f9db70006 (cherry picked from commit 394ed2fc62449e04843a6b734e3f8c63e004b09e) --- daemon/stun.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/daemon/stun.c b/daemon/stun.c index 9d0f37bc6..3104c70db 100644 --- a/daemon/stun.c +++ b/daemon/stun.c @@ -393,7 +393,7 @@ static void stun_error_len(struct stream_fd *sfd, const endpoint_t *sin, if (attr_cont) output_add_data_wr(&mh, &aa, add_attr, attr_cont, attr_len); - integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[0]); + integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[1]); fingerprint(&mh, &fp); output_finish_src(&mh); @@ -464,7 +464,6 @@ static int check_auth(const str *msg, struct stun_attrs *attrs, struct call_medi return memcmp(digest, attrs->msg_integrity.s, 20) ? -1 : 0; } -/* XXX way too many parameters being passed around here, unify into a struct */ static int stun_binding_success(struct stream_fd *sfd, struct header *req, struct stun_attrs *attrs, const endpoint_t *sin) {