[Freeswitch-dev] bug of switch_stun_random_string

Anthony Minessale anthmct at yahoo.com
Tue Aug 22 10:49:13 EDT 2006

Wow, I'm impressed you must have been really reading the code =D
That function never is called on anything bigger than a 32 character string so 
we may have never noticed that....
Thank you I added it to trunk.

Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/

AIM: anthm
MSN:anthony_minessale at hotmail.com
JABBER:anthony.minessale at gmail.com

FreeSWITCH Developer Conference
sip:888 at
iax:guest at
googletalk:freeswitch at gmail.com

----- Original Message ----
From: Fanzhou Zhao <fanzhou at gmail.com>
To: Freeswitch-dev at lists.freeswitch.org
Sent: Tuesday, August 22, 2006 5:52:55 AM
Subject: [Freeswitch-dev] bug of switch_stun_random_string

in the function switch_stun_random_string, there are two bugs.
1. the 2nd parameter len is uint16_t type, while the local varible x is uint8_t type. If sometimes len is larger than 0xFF, the for loop will be infinite loop.
2. anyway, after this function, there would be no "a" in the buf.
Please see the changes as followed.
Index: freeswitch/src/switch_stun.c
--- freeswitch/src/switch_stun.c (revision 0)
+++ freeswitch/src/switch_stun.c (working copy)
@@ -91,18 +91,18 @@ 
  char chars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  int max;
- uint8_t x;
+ uint16_t x;
  if (!set) {
   set = chars;
- max = (int)strlen(set) - 1; 
+ max = (int)strlen(set);
  srand((unsigned int)apr_time_now());
  for(x = 0; x < len; x++) {
-  int j = 1+(int)(max*1.0*rand()/(RAND_MAX+1.0));
+  int j = (int)(max*1.0*rand()/(RAND_MAX+1.0)); 
   buf[x] = set[j];
Freeswitch-dev mailing list
Freeswitch-dev at lists.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20060822/c1b465ed/attachment.html 

More information about the Freeswitch-dev mailing list