[Freeswitch-dev] bug of switch_stun_random_string

Anthony Minessale anthmct at yahoo.com
Tue Aug 22 10:49:13 EDT 2006


Wow, I'm impressed you must have been really reading the code =D
 
That function never is called on anything bigger than a 32 character string so 
we may have never noticed that....
 
Thank you I added it to trunk.
 

 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/

AIM: anthm
MSN:anthony_minessale at hotmail.com
JABBER:anthony.minessale at gmail.com

FreeSWITCH Developer Conference
sip:888 at 66.250.68.194
iax:guest at 66.250.68.194/888
googletalk:freeswitch at gmail.com
pstn:712-432-7800 



----- Original Message ----
From: Fanzhou Zhao <fanzhou at gmail.com>
To: Freeswitch-dev at lists.freeswitch.org
Sent: Tuesday, August 22, 2006 5:52:55 AM
Subject: [Freeswitch-dev] bug of switch_stun_random_string


in the function switch_stun_random_string, there are two bugs.
1. the 2nd parameter len is uint16_t type, while the local varible x is uint8_t type. If sometimes len is larger than 0xFF, the for loop will be infinite loop.
2. anyway, after this function, there would be no "a" in the buf.
Please see the changes as followed.
 
Index: freeswitch/src/switch_stun.c
===================================================================
--- freeswitch/src/switch_stun.c (revision 0)
+++ freeswitch/src/switch_stun.c (working copy)
@@ -91,18 +91,18 @@ 
 {
  char chars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  int max;
- uint8_t x;
+ uint16_t x;
 
  if (!set) {
   set = chars;
  }
 
- max = (int)strlen(set) - 1; 
+ max = (int)strlen(set);
 
  srand((unsigned int)apr_time_now());
 
  for(x = 0; x < len; x++) {
-  int j = 1+(int)(max*1.0*rand()/(RAND_MAX+1.0));
+  int j = (int)(max*1.0*rand()/(RAND_MAX+1.0)); 
   buf[x] = set[j];
  }
 }
 
_______________________________________________
Freeswitch-dev mailing list
Freeswitch-dev at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20060822/c1b465ed/attachment.html 


More information about the Freeswitch-dev mailing list