diff --git a/meshcore/KVM/Linux/linux_kvm.c b/meshcore/KVM/Linux/linux_kvm.c index 839327f..e1616cc 100644 --- a/meshcore/KVM/Linux/linux_kvm.c +++ b/meshcore/KVM/Linux/linux_kvm.c @@ -526,7 +526,7 @@ int kvm_init(int displayNo) } - sprintf(displayString, ":%d", (int)displayNo); + sprintf_s(displayString, sizeof(displayString), ":%d", (int)displayNo); if (count == 10) { return -1; } count = 0; @@ -549,7 +549,7 @@ int kvm_init(int displayNo) while (eventdisplay == NULL && count++ < 100) { if (getNextDisplay() == -1) { return -1; } - sprintf(displayString, ":%d", (int)current_display); + sprintf_s(displayString, sizeof(displayString), ":%d", (int)current_display); eventdisplay = x11_exports->XOpenDisplay(displayString); } @@ -945,7 +945,7 @@ void* kvm_server_mainloop(void* parm) CheckDesktopSwitch(1); //fprintf(logFile, "After CheckDesktopSwitch.\n"); fflush(logFile); - sprintf(displayString, ":%d", (int)current_display); + sprintf_s(displayString, sizeof(displayString), ":%d", (int)current_display); imagedisplay = x11_exports->XOpenDisplay(displayString); count = 0; diff --git a/meshcore/KVM/Linux/linux_tile.c b/meshcore/KVM/Linux/linux_tile.c index bb8f768..923a7d2 100644 --- a/meshcore/KVM/Linux/linux_tile.c +++ b/meshcore/KVM/Linux/linux_tile.c @@ -52,7 +52,7 @@ int get_tile_buffer(int x, int y, void **buffer, long long bufferSize, void *des int height = 0; for (height = y; height < y + tileheight; height++) { - memcpy(target, (const void *)(((char *)desktop) + (3 * ((height * adjust_screen_size(SCREEN_WIDTH)) + x))), (size_t)(tilewidth * 3)); + memcpy_s(target, (size_t)bufferSize, (const void *)(((char *)desktop) + (3 * ((height * adjust_screen_size(SCREEN_WIDTH)) + x))), (size_t)(tilewidth * 3)); target = (char *) (target + (3 * tilewidth)); } @@ -380,7 +380,7 @@ int getTileAt(int x, int y, void** buffer, long long *bufferSize, void *desktop, ((unsigned short*)*buffer)[5] = 0; // RESERVED ((unsigned short*)*buffer)[6] = (unsigned short)htons((unsigned short)x); // X position ((unsigned short*)*buffer)[7] = (unsigned short)htons((unsigned short)y); // Y position - memcpy((char *)(*buffer) + 16, jpeg_buffer, jpeg_buffer_length); + memcpy_s((char *)(*buffer) + 16, *bufferSize -16, jpeg_buffer, jpeg_buffer_length); } else { @@ -388,7 +388,7 @@ int getTileAt(int x, int y, void** buffer, long long *bufferSize, void *desktop, ((unsigned short*)*buffer)[1] = (unsigned short)htons((unsigned short)*bufferSize); // Write the size ((unsigned short*)*buffer)[2] = (unsigned short)htons((unsigned short)x); // X position ((unsigned short*)*buffer)[3] = (unsigned short)htons((unsigned short)y); // Y position - memcpy((char *)(*buffer) + 8, jpeg_buffer, jpeg_buffer_length); + memcpy_s((char *)(*buffer) + 8, *bufferSize -8, jpeg_buffer, jpeg_buffer_length); } free(jpeg_buffer); diff --git a/meshcore/KVM/MacOS/mac_tile.c b/meshcore/KVM/MacOS/mac_tile.c index b35687f..abeb924 100644 --- a/meshcore/KVM/MacOS/mac_tile.c +++ b/meshcore/KVM/MacOS/mac_tile.c @@ -10,6 +10,7 @@ #include "mac_tile.h" #include "../../meshinfo.h" #include "../../meshdefines.h" +#include "../../../microstack/ILibParsers.h" extern CGDirectDisplayID SCREEN_NUM; extern int SCREEN_WIDTH; @@ -47,7 +48,7 @@ int get_tile_buffer(int x, int y, void **buffer, long long bufferSize, void *des int height = 0; for (height = y; height < y + tileheight; height++) { - memcpy(target, (const void *)(((char *)desktop) + (3 * ((height * adjust_screen_size(SCREEN_WIDTH)) + x))), (size_t)(tilewidth * 3)); + memcpy_s(target, (size_t)bufferSize - (target - (char*)*buffer), (void *)(((char *)desktop) + (3 * ((height * adjust_screen_size(SCREEN_WIDTH)) + x))), (size_t)(tilewidth * 3)); target = (char *) (target + (3 * tilewidth)); } @@ -375,7 +376,7 @@ int getTileAt(int x, int y, void** buffer, long long *bufferSize, void *desktop, ((unsigned short*)*buffer)[5] = 0; // RESERVED ((unsigned short*)*buffer)[6] = (unsigned short)htons((unsigned short)x); // X position ((unsigned short*)*buffer)[7] = (unsigned short)htons((unsigned short)y); // Y position - memcpy((char *)(*buffer) + 16, jpeg_buffer, jpeg_buffer_length); + memcpy_s((char *)(*buffer) + 16, (*bufferSize - 16), jpeg_buffer, jpeg_buffer_length); } else { @@ -383,7 +384,7 @@ int getTileAt(int x, int y, void** buffer, long long *bufferSize, void *desktop, ((unsigned short*)*buffer)[1] = (unsigned short)htons((unsigned short)*bufferSize); // Write the size ((unsigned short*)*buffer)[2] = (unsigned short)htons((unsigned short)x); // X position ((unsigned short*)*buffer)[3] = (unsigned short)htons((unsigned short)y); // Y position - memcpy((char *)(*buffer) + 8, jpeg_buffer, jpeg_buffer_length); + memcpy_s((char *)(*buffer) + 8, (*bufferSize - 8), jpeg_buffer, jpeg_buffer_length); } free(jpeg_buffer); jpeg_buffer = NULL; diff --git a/meshcore/agentcore.c b/meshcore/agentcore.c index 3cf4d53..73cbb63 100644 --- a/meshcore/agentcore.c +++ b/meshcore/agentcore.c @@ -709,6 +709,7 @@ duk_ret_t ILibDuktape_MeshAgent_GenerateCertificate(duk_context *ctx) util_free(data); util_freecert(&cert); SSL_TRACE2("ILibDuktape_MeshAgent_GenerateCertificate()"); + passphrase = NULL; return 1; #endif } @@ -3334,7 +3335,7 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent) { if (agent->multicastServerUrl != NULL) { serverUrl = agent->multicastServerUrl; - serverUrlLen = (int)strlen(serverUrl); + serverUrlLen = (int)strnlen_s(serverUrl, sizeof(ILibScratchPad)); } else { @@ -4716,6 +4717,7 @@ int MeshAgent_AgentMode(MeshAgentHostContainer *agentHost, int paramLen, char ** duk_peval_string_noresult(agentHost->meshCoreCtx, "require('win-console').hide()"); } #endif + ILibIPAddressMonitor_Create(agentHost->chain, MeshAgent_AgentMode_IPAddressChanged_Handler, agentHost); MeshServer_Connect(agentHost); diff --git a/microscript/ILibDuktape_Commit.h b/microscript/ILibDuktape_Commit.h index 0bbaeba..2dddb30 100644 --- a/microscript/ILibDuktape_Commit.h +++ b/microscript/ILibDuktape_Commit.h @@ -1,3 +1,3 @@ -// This file is auto-generated, any edits may be overwritten -#define SOURCE_COMMIT_DATE "2019-Nov-26 11:09:12-0800" -#define SOURCE_COMMIT_HASH "170536b267edea4ab1c67a6fb93c4a4a723d5470" +// This file is auto-generated, any edits may be overwritten +#define SOURCE_COMMIT_DATE "2020-Sep-17 12:49:12-0700" +#define SOURCE_COMMIT_HASH "20d4345a87cb5a912f4d891da35bb2ba690b4588" diff --git a/microscript/ILibDuktape_Helpers.c b/microscript/ILibDuktape_Helpers.c index d3cdc1b..70b6dbd 100644 --- a/microscript/ILibDuktape_Helpers.c +++ b/microscript/ILibDuktape_Helpers.c @@ -51,6 +51,32 @@ typedef struct Duktape_EventLoopDispatchData void *user; }Duktape_EventLoopDispatchData; + +duk_ret_t duk_fixed_buffer_finalizer(duk_context *ctx) +{ + duk_size_t bufLen; + char *buf = (char*)Duktape_GetBuffer(ctx, 0, &bufLen); + memset(buf, 0, bufLen); + return(0); +} +void duk_buffer_enable_autoclear(duk_context *ctx) +{ + duk_size_t len; + + duk_push_buffer_object(ctx, -1, 0, len, DUK_BUFOBJ_NODEJS_BUFFER); // [buffer][obj] + duk_remove(ctx, -2); // [bufobj] + duk_push_c_function(ctx, duk_fixed_buffer_finalizer, DUK_VARARGS); // [bufobj][func] + duk_set_finalizer(ctx, -2); // [bufobj] +} +void* duk_push_fixed_buffer_autoclear(duk_context *ctx, duk_size_t size) +{ + void *ret = duk_push_fixed_buffer(ctx, size); // [buffer] + duk_push_buffer_object(ctx, -1, 0, size, DUK_BUFOBJ_NODEJS_BUFFER); // [buffer][obj] + duk_remove(ctx, -2); // [obj] + duk_push_c_function(ctx, duk_fixed_buffer_finalizer, DUK_VARARGS); + duk_set_finalizer(ctx, -2); + return(ret); +} void* Duktape_DynamicBuffer_Resize(duk_context *ctx, duk_idx_t idx, duk_size_t bufSize) { void *buffer = ILibMemory_FromRaw(duk_resize_buffer(ctx, idx, bufSize + sizeof(ILibMemory_Header))); @@ -152,7 +178,10 @@ duk_ret_t ILibDuktape_Error(duk_context *ctx, char *format, ...) va_list argptr; va_start(argptr, format); - len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr); + if ((size_t)len < sizeof(dest)) + { + len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr); + } va_end(argptr); duk_push_string(ctx, dest); @@ -651,7 +680,7 @@ duk_ret_t ILibDuktape_Process_UncaughtExceptionExGetter(duk_context *ctx) } void ILibDuktape_Process_UncaughtExceptionEx(duk_context *ctx, char *format, ...) { - if (ctx == NULL) { return; } + if (ctx == NULL || !duk_ctx_is_alive(ctx)) { return; } char dest[4096]; int len = 0; va_list argptr; @@ -667,7 +696,10 @@ void ILibDuktape_Process_UncaughtExceptionEx(duk_context *ctx, char *format, ... duk_pop(ctx); // ... va_start(argptr, format); - len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr); + if (len < sizeof(dest)) + { + len += vsnprintf(dest + len, sizeof(dest) - len, format, argptr); + } va_end(argptr); if (errmsgLen + len < sizeof(dest)) @@ -743,7 +775,7 @@ void Duktape_SafeDestroyHeap(duk_context *ctx) threadList[i++] = ILibLinkedList_GetDataFromNode(node); ILibLinkedList_Remove(node); } - while (WaitForMultipleObjectsEx(i, threadList, TRUE, 5000, TRUE) == WAIT_IO_COMPLETION); + while (WaitForMultipleObjectsEx(i, threadList, TRUE, 1000, TRUE) == WAIT_IO_COMPLETION); ILibMemory_Free(threadList); #else int rv; diff --git a/microscript/ILibDuktape_Helpers.h b/microscript/ILibDuktape_Helpers.h index f394389..be15e48 100644 --- a/microscript/ILibDuktape_Helpers.h +++ b/microscript/ILibDuktape_Helpers.h @@ -156,6 +156,7 @@ char *ILibDuktape_String_WideToUTF8(duk_context *ctx, char *wstr); char *ILibDuktape_String_UTF8ToWide(duk_context *ctx, char *str); void ILibDuktape_String_UTF8ToWideEx(duk_context *ctx, char *str); +void duk_buffer_enable_autoclear(duk_context *ctx); #define Duktape_PushBuffer(ctx, bufSize) ILibMemory_Init(duk_push_fixed_buffer(ctx, (duk_size_t)(bufSize) + sizeof(ILibMemory_Header)), (bufSize), 0, ILibMemory_Types_OTHER) #define Duktape_PushDynamicBuffer(ctx, bufSize) ILibMemory_Init(duk_push_dynamic_buffer(ctx, (duk_size_t)(bufSize) + sizeof(ILibMemory_Header)), (bufSize), 0, ILibMemory_Types_OTHER) void* Duktape_DynamicBuffer_Resize(duk_context *ctx, duk_idx_t idx, duk_size_t bufSize); diff --git a/microscript/ILibDuktape_HttpStream.c b/microscript/ILibDuktape_HttpStream.c index 7d4d574..da2c8b2 100644 --- a/microscript/ILibDuktape_HttpStream.c +++ b/microscript/ILibDuktape_HttpStream.c @@ -466,6 +466,7 @@ duk_ret_t ILibDuktape_HttpStream_http_onUpgrade(duk_context *ctx) duk_get_prop_string(ctx, 0, "headers"); // [headers] duk_get_prop_string(ctx, -1, "Sec-WebSocket-Accept"); // [headers][key] key = (char*)Duktape_GetBuffer(ctx, -1, &keyLen); + if (keyLen > 255) { keyLen = 255; } if (duk_has_prop_string(ctx, -2, "Sec-WebSocket-Extensions")) { @@ -2891,6 +2892,7 @@ duk_ret_t ILibDuktape_HttpStream_IncomingMessage_Digest_ValidatePassword(duk_con retVal = (responseLen == 32 && strncmp(result3, response, 32)) == 0 ? 1 : 0; duk_push_int(ctx, retVal); + password = NULL; return(1); } duk_ret_t ILibDuktape_HttpStream_IncomingMessage_finalizer(duk_context *ctx) @@ -3803,6 +3805,7 @@ duk_ret_t ILibDuktape_httpStream_parseUri(duk_context *ctx) { duk_push_null(ctx); } + password = NULL; return 1; } diff --git a/microscript/ILibDuktape_SHA256.c b/microscript/ILibDuktape_SHA256.c index dbddd4f..ae18bec 100644 --- a/microscript/ILibDuktape_SHA256.c +++ b/microscript/ILibDuktape_SHA256.c @@ -264,6 +264,7 @@ void ILibDuktape_SHA256_SIGNER_PUSH(duk_context *ctx, void *chain) ILibDuktape_SHA256_Signer_Data* data; duk_push_object(ctx); // [signer] data = (ILibDuktape_SHA256_Signer_Data*)Duktape_PushBuffer(ctx, sizeof(ILibDuktape_SHA256_Signer_Data)); + duk_buffer_enable_autoclear(ctx); duk_put_prop_string(ctx, -2, ILibDuktape_SHA256_SIGNER_PTR); // [signer] data->obj = duk_get_heapptr(ctx, -1); data->ctx = ctx; diff --git a/microscript/ILibDuktape_WebRTC.c b/microscript/ILibDuktape_WebRTC.c index 9eb0e62..1a02d99 100644 --- a/microscript/ILibDuktape_WebRTC.c +++ b/microscript/ILibDuktape_WebRTC.c @@ -74,13 +74,14 @@ duk_ret_t ILibWebRTC_Duktape_ConnectionFactory_SetTurn(duk_context *ctx) struct sockaddr_in6* server; ILibWrapper_WebRTC_ConnectionFactory factory; - if (host == NULL || username == NULL) { return(ILibDuktape_Error(ctx, "Invalid TURN parameters")); } + if (host == NULL || username == NULL) { password = NULL; return(ILibDuktape_Error(ctx, "Invalid TURN parameters")); } server = Duktape_IPAddress4_FromString(host, (unsigned short)port); duk_push_this(ctx); factory = Duktape_GetPointerProperty(ctx, -1, "FactoryPtr"); ILibWrapper_WebRTC_ConnectionFactory_SetTurnServer(factory, server, username, (int)usernameLen, password, (int)passwordLen, flags); + password = NULL; return 0; } diff --git a/microscript/ILibDuktape_net.c b/microscript/ILibDuktape_net.c index b33711a..8e52945 100644 --- a/microscript/ILibDuktape_net.c +++ b/microscript/ILibDuktape_net.c @@ -2324,6 +2324,7 @@ duk_ret_t ILibDuktape_TLS_generateCertificate(duk_context *ctx) ILibDuktape_WriteID(ctx, "tls.pfxCertificate"); util_free(data); util_freecert(&cert); + passphrase = NULL; return 1; } duk_ret_t ILibDuktape_TLS_loadpkcs7b(duk_context *ctx) @@ -2473,7 +2474,7 @@ void ILibDuktape_ipaddress_PUSH(duk_context *ctx, struct sockaddr_in6* addr) ILibDuktape_CreateInstanceMethod(ctx, "toString", ILibDuktape_ipaddress_toString, 1); struct sockaddr_in6* _addr = (struct sockaddr_in6*)Duktape_PushBuffer(ctx, sizeof(struct sockaddr_in6));// [Address4][addr] duk_put_prop_string(ctx, -2, ILibDuktape_IPAddress_SockAddr); // [Address4] - memcpy(_addr, addr, sizeof(struct sockaddr_in6)); + memcpy_s(_addr, sizeof(struct sockaddr_in6), addr, sizeof(struct sockaddr_in6)); } duk_ret_t ILibDuktape_ipaddress_address4_constructor(duk_context *ctx) diff --git a/microscript/ILibduktape_EventEmitter.c b/microscript/ILibduktape_EventEmitter.c index 124ecf9..058aca3 100644 --- a/microscript/ILibduktape_EventEmitter.c +++ b/microscript/ILibduktape_EventEmitter.c @@ -435,7 +435,9 @@ ILibDuktape_EventEmitter* ILibDuktape_EventEmitter_GetEmitter_fromThis(duk_conte } ILibDuktape_EventEmitter* ILibDuktape_EventEmitter_GetEmitter(duk_context *ctx, duk_idx_t i) { + if (!duk_ctx_is_alive(ctx)) { return(NULL); } ILibDuktape_EventEmitter *retVal = (ILibDuktape_EventEmitter*)Duktape_GetBufferProperty(ctx, i, ILibDuktape_EventEmitter_Data); + if (!duk_ctx_is_alive(retVal->object)) { retVal = NULL; } return retVal; } duk_ret_t ILibDuktape_EventEmitter_removeListener(duk_context *ctx) @@ -495,8 +497,12 @@ duk_ret_t ILibDuktape_EventEmitter_removeAllListeners(duk_context *ctx) duk_ret_t ILibDuktape_EventEmitter_EmbeddedFinalizer(duk_context *ctx) { + ILibDuktape_EventEmitter *data = ILibDuktape_EventEmitter_GetEmitter(ctx, 0); + if (!ILibMemory_CanaryOK(data) || !duk_ctx_is_alive(data->ctx)) { return(0); } + ILibDuktape_EventEmitter_SetupEmit(ctx, duk_get_heapptr(ctx, 0), "~"); // [emit][this][~] duk_dup(ctx, 0); // [emit][this][~][self] + char *meta = Duktape_GetStringPropertyValue(ctx, -1, ILibDuktape_OBJID, "UNKNOWN"); if (g_displayFinalizerMessages) { printf("+-+- Finalizer Event for: %s [%p] -+-+\n", Duktape_GetStringPropertyValue(ctx, -1, ILibDuktape_OBJID, "UNKNOWN"), duk_get_heapptr(ctx, -1)); @@ -532,17 +538,10 @@ duk_ret_t ILibDuktape_EventEmitter_EmbeddedFinalizer(duk_context *ctx) } if (duk_pcall_method(ctx, 2) != 0) { - ILibDuktape_Process_UncaughtExceptionEx(ctx, "Error in Finalizer: [Invalid C function means you forgot to return 0] "); + ILibDuktape_Process_UncaughtExceptionEx(ctx, "Error in Finalizer (%s): [Invalid C function means you forgot to return 0] ", meta); } - ILibDuktape_EventEmitter *data = ILibDuktape_EventEmitter_GetEmitter(ctx, 0); - if (data == NULL) { return(ILibDuktape_Error(ctx, "Internal Error")); } // This is deadcode, will never occur, but is here because Klockwork thinks this could happen - if (!ILibMemory_CanaryOK(data) || !duk_ctx_is_alive(data->ctx)) { return(0); } sem_destroy(&(data->listenerCountTableLock)); - - // We need to clear the Native Dispatcher, while destroying the Hashtable - - memset(ILibMemory_RawPtr(data), 0, ILibMemory_RawSize(data)); return(0); } duk_ret_t ILibDuktape_EventEmitter_emitReturnValue(duk_context *ctx) diff --git a/microstack/ILibMulticastSocket.c b/microstack/ILibMulticastSocket.c index 9f6f504..a2ac0b6 100644 --- a/microstack/ILibMulticastSocket.c +++ b/microstack/ILibMulticastSocket.c @@ -309,7 +309,7 @@ struct ILibMulticastSocket_StateModule *ILibMulticastSocket_Create(void *Chain, if (MulticastAddr != NULL) { // Setup the IPv4 multicast address - memcpy(&(module->MulticastAddr), MulticastAddr, sizeof(struct sockaddr_in)); + memcpy_s(&(module->MulticastAddr), sizeof(struct sockaddr_in), MulticastAddr, sizeof(struct sockaddr_in)); if (module->MulticastAddr.sin_port == 0) module->MulticastAddr.sin_port = htons(LocalPort); // Setup incoming IPv4 socket @@ -337,7 +337,7 @@ struct ILibMulticastSocket_StateModule *ILibMulticastSocket_Create(void *Chain, ILibChain_Link_SetMetadata(module->UDPServer6, "ILibMulticastSocketListener_v6"); // Setup the IPv6 multicast address - memcpy(&(module->MulticastAddr6), MulticastAddr6, sizeof(struct sockaddr_in6)); + memcpy_s(&(module->MulticastAddr6), sizeof(struct sockaddr_in6), MulticastAddr6, sizeof(struct sockaddr_in6)); if (module->MulticastAddr6.sin6_port == 0) module->MulticastAddr6.sin6_port = htons(LocalPort); // Set TTL, IPv6, Loop and Reuse flags assumed to already be set @@ -385,7 +385,7 @@ void ILibMulticastSocket_WakeOnLan(void *module, char* mac) // Create the magic packet memset(ILibScratchPad, 0xFF, 6); - for (i = 1; i < 17; i++) memcpy(ILibScratchPad + (6 * i), mac, 6); + for (i = 1; i < 17; i++) memcpy_s(ILibScratchPad + (6 * i), sizeof(ILibScratchPad) - (6*i), mac, 6); // Send it for (i = 0; i < 2; i++) diff --git a/microstack/ILibParsers.h b/microstack/ILibParsers.h index c43302f..2b65ae5 100644 --- a/microstack/ILibParsers.h +++ b/microstack/ILibParsers.h @@ -264,7 +264,7 @@ long ILibGetTimeStamp(); // Polyfills #ifndef memcpy_s int ILibMemory_Copy_s(void *destination, size_t destinationSize, void *source, size_t sourceLength); - #define memcpy_s(dest, destSize, source, sourceLen) ILibMemory_Copy_s(dest, destSize, source, sourceLen) + #define memcpy_s(dest, destSize, source, sourceLen) ILibMemory_Copy_s(dest, destSize, (void*)source, sourceLen) #endif #ifndef memmove_s diff --git a/microstack/ILibWebRTC.c b/microstack/ILibWebRTC.c index 13cfa3d..fcb5b16 100644 --- a/microstack/ILibWebRTC.c +++ b/microstack/ILibWebRTC.c @@ -1141,7 +1141,7 @@ void ILibStun_OnDestroy(void *object) ILibLinkedList_Destroy(obj->StunUsers); if (obj->turnUsername != NULL) { free(obj->turnUsername); obj->turnUsername = NULL; } - if (obj->turnPassword != NULL) { free(obj->turnPassword); obj->turnPassword = NULL; } + if (obj->turnPassword != NULL) { memset(obj->turnPassword, 0, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; } ILibLifeTime_Remove(obj->Timer, ILibWebRTC_STUN_TO_PERIODIC_CHECK_TIMER(obj)); if (extraClean == 0) return; @@ -3005,6 +3005,7 @@ void ILibORTC_SetRemoteParameters(void* stunModule, char *username, int username ILibRemoteLogging_printf(ILibChainGetLogger(obj->ChainLink.ParentChain), ILibRemoteLogging_Modules_WebRTC_STUN_ICE, ILibRemoteLogging_Flags_VerbosityLevel_1, "ILibORTC_SetRemoteParameters -> ILibStun_SetIceOffer2"); ILibStun_SetIceOffer2(stunModule, offer, offerLen, localUserName, localUserNameLen, localPassword, localPasswordLen, &answer); free(answer); + localPassword = NULL; } void ILibORTC_AddRemoteCandidate(void *stunModule, char* localUsername, struct sockaddr_in6 *candidate) @@ -6277,7 +6278,7 @@ void ILibWebRTC_SetTurnServer(void* stunModule, struct sockaddr_in6* turnServer, } if (stun->turnPassword != NULL) { - free(stun->turnPassword); + memset(stun->turnPassword, 0, stun->turnPasswordLength); free(stun->turnPassword); stun->turnPassword = NULL; } if (passwordLength > 0 && password != NULL) diff --git a/microstack/ILibWrapperWebRTC.c b/microstack/ILibWrapperWebRTC.c index e23c3b2..27db15a 100644 --- a/microstack/ILibWrapperWebRTC.c +++ b/microstack/ILibWrapperWebRTC.c @@ -309,6 +309,7 @@ char* ILibWrapper_SdpToBlock(char* sdp, int sdpLen, int *isActive, char **userna ILibDestructParserResults(pr); free(lines); if(dtlshash!=NULL) {free(dtlshash);} + password = NULL; return(retVal); } @@ -417,6 +418,7 @@ int ILibWrapper_BlockToSDPEx(char* block, int blockLen, char** username, char** x += sprintf_s(*sdp+x, sdpLen-x, sdpTemplateRelay, i, c, 2128609535-i, relayAddressString, relayAddressPort, (unsigned char)candidates[0], (unsigned char)candidates[1], (unsigned char)candidates[2], (unsigned char)candidates[3]); } } + password = NULL; return(x); }