[Freeswitch-dev] bug of switch_stun_random_string

Fanzhou Zhao fanzhou at gmail.com
Tue Aug 22 06:52:55 EDT 2006


in the function switch_stun_random_string, there are two bugs.
1. the 2nd parameter len is uint16_t type, while the local varible x is
uint8_t type. If sometimes len is larger than 0xFF, the for loop will
be infinite loop.
2. anyway, after this function, there would be no "a" in the buf.
Please see the changes as followed.

Index: freeswitch/src/switch_stun.c
===================================================================
--- freeswitch/src/switch_stun.c (revision 0)
+++ freeswitch/src/switch_stun.c (working copy)
@@ -91,18 +91,18 @@
 {
  char chars[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  int max;
- uint8_t x;
+ uint16_t x;

  if (!set) {
   set = chars;
  }

- max = (int)strlen(set) - 1;
+ max = (int)strlen(set);

  srand((unsigned int)apr_time_now());

  for(x = 0; x < len; x++) {
-  int j = 1+(int)(max*1.0*rand()/(RAND_MAX+1.0));
+  int j = (int)(max*1.0*rand()/(RAND_MAX+1.0));
   buf[x] = set[j];
  }
 }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20060822/231625d3/attachment.html 


More information about the Freeswitch-dev mailing list