diff --git a/ser_stun.c b/ser_stun.c index 6957a88..c737f20 100644 --- a/ser_stun.c +++ b/ser_stun.c @@ -64,9 +64,7 @@ int stun_add_address_attr(struct stun_msg* res, int do_xor); int add_unknown_attr(struct stun_msg* res, struct stun_unknown_att* unknown); int add_error_code(struct stun_msg* res, USHORT_T error_code); -int add_fingerprint(struct stun_buffer* msg); int copy_str_to_buffer(struct stun_msg* res, const char* data, UINT_T pad); -int validate_fingerprint(struct stun_msg* req, USHORT_T* error_code); int reallock_buffer(struct stun_buffer* buffer, UINT_T len); int buf_copy(struct stun_buffer* msg, void* source, UINT_T len); void clean_memory(struct stun_msg* req, @@ -231,11 +229,9 @@ int stun_parse_body( struct stun_unknown_att* tmp_unknown; struct stun_unknown_att* body; char* buf; - int fp_present; attr_size = sizeof(struct stun_attr); buf = &req->msg.buf.s[sizeof(struct stun_hdr)]; - fp_present = 0; /* * Mark the body lenght as unparsed. @@ -286,7 +282,6 @@ int stun_parse_body( case MAPPED_ADDRESS_ATTR: case XOR_MAPPED_ADDRESS_ATTR: case ALTERNATE_SERVER_ATTR: - case REFRESH_INTERVAL_ATTR: case RESPONSE_ADDRESS_ATTR: case SOURCE_ADDRESS_ATTR: case REFLECTED_FROM_ATTR: @@ -300,7 +295,6 @@ int stun_parse_body( /* following attributes must be padded to 4 bytes */ case USERNAME_ATTR: - case PASSWORD_ATTR: case ERROR_CODE_ATTR: case UNKNOWN_ATTRIBUTES_ATTR: case SERVER_ATTR: @@ -322,25 +316,8 @@ int stun_parse_body( #ifdef EXTRA_DEBUG LOG(L_DBG, "DEBUG: stun_parse_body: fingerprint attribute found\n"); #endif - fp_present = 1; - if (ntohs(attr.len) != SHA_DIGEST_LENGTH) { - LOG(L_WARN, - "WARNING: STUN: Incorrect fingerprint of request.\n"); - *error_code = BAD_REQUEST_ERR; - continue; - } - - memcpy(req->fp, buf, SHA_DIGEST_LENGTH); - if(stun_allow_fp) { - if (validate_fingerprint(req, error_code) != 0) { - LOG(L_WARN, - "WARNING: STUN: Incorrect fingerprint of request.\n"); - *error_code = BAD_REQUEST_ERR; - continue; - } - } - padded_len = SHA_DIGEST_LENGTH; + if (not_parsed > SHA_DIGEST_LENGTH) { #ifdef EXTRA_DEBUG LOG(L_DBG, "DEBUG: stun_parse_body: fingerprint is not the last attribute\n"); @@ -396,14 +373,6 @@ int stun_parse_body( *error_code = UNKNOWN_ATTRIBUTE_ERR; } - if (fp_present == 0 && req->old == 0) { -#ifdef EXTRA_DEBUG - LOG(L_DBG, "DEBUG: stun_parse_body: fingerprint is missing is this new request\n"); -#endif - /* missing mandatory attribute fingerprint */ - *error_code = BAD_REQUEST_ERR; - } - return 0; } @@ -431,7 +400,6 @@ int stun_create_response( struct stun_unknown_att* unknown, UINT_T error_code) { - UINT_T msg_len; /* * Alloc some space for response. * Optimalization? - maybe it would be better to use biggish static array. @@ -480,14 +448,6 @@ int stun_create_response( #endif return FATAL_ERROR; } - - if (stun_add_common_integer_attr(res, REFRESH_INTERVAL_ATTR, - stun_refresh_interval) != 0) { -#ifdef EXTRA_DEBUG - LOG(L_DBG, "DEBUG: stun_create_response: failed to common attributes\n"); -#endif - return FATAL_ERROR; - } } else { if (stun_add_address_attr(res, ri->src_ip.af, ri->src_port, @@ -543,28 +503,9 @@ int stun_create_response( } } - if (req->old == 0 && stun_allow_fp) { - /* count length of body except header and fingerprint - * and copy message length at the beginning of buffer - */ - msg_len = res->msg.buf.len - sizeof(struct stun_hdr); - msg_len += SHA_DIGEST_LENGTH + sizeof(struct stun_attr); - res->hdr.len = htons(msg_len); - memcpy(&res->msg.buf.s[sizeof(USHORT_T)], (void *) &res->hdr.len, - sizeof(USHORT_T)); - - if (add_fingerprint(&res->msg) != 0) { -#ifdef EXTRA_DEBUG - LOG(L_DBG, "DEBUG: stun_create_response: failed to add fingerprint\n"); -#endif - return FATAL_ERROR; - } - } - else { - res->hdr.len = htons(res->msg.buf.len - sizeof(struct stun_hdr)); - memcpy(&res->msg.buf.s[sizeof(USHORT_T)], (void *) &res->hdr.len, - sizeof(USHORT_T)); - } + res->hdr.len = htons(res->msg.buf.len - sizeof(struct stun_hdr)); + memcpy(&res->msg.buf.s[sizeof(USHORT_T)], (void *) &res->hdr.len, + sizeof(USHORT_T)); return 0; } @@ -824,14 +765,14 @@ int stun_add_address_attr(struct stun_msg* res, ip_struct_len = 0; attr.type = htons(type); - res->ip_addr.port = (do_xor) ? htons(port) ^ MAGIC_COOKIE_2B : htons(port); + res->ip_addr.port = htons((do_xor) ? (port ^ MAGIC_COOKIE_2B) : port); switch(af) { case AF_INET: ip_struct_len = sizeof(struct stun_ip_addr) - 3*sizeof(UINT_T); res->ip_addr.family = htons(IPV4_FAMILY); memcpy(res->ip_addr.ip, ip_addr, IPV4_LEN); res->ip_addr.ip[0] = (do_xor) ? - res->ip_addr.ip[0] ^ MAGIC_COOKIE : res->ip_addr.ip[0]; + res->ip_addr.ip[0] ^ htonl(MAGIC_COOKIE) : res->ip_addr.ip[0]; break; #ifdef USE_IPV6 case AF_INET6: @@ -865,48 +806,6 @@ int stun_add_address_attr(struct stun_msg* res, } /* - * add_fingerprint() - * - msg: response buffer - * - * The function add_fingerprint ensures adding fingerprint attribute into - * response buffer. - * - * Return value: 0 if there is no environment error - * -1 if there is some enviroment error such as insufficiency - * of memory - */ -int add_fingerprint(struct stun_buffer* msg) -{ - struct stun_attr attr; - USHORT_T attr_type_size; - - attr_type_size = sizeof(struct stun_attr); - attr.type = htons(FINGERPRINT_ATTR); - attr.len = htons(SHA_DIGEST_LENGTH); - - if (msg->empty < (SHA_DIGEST_LENGTH + attr_type_size)) { - if (reallock_buffer(msg, SHA_DIGEST_LENGTH + attr_type_size) != 0) { - return FATAL_ERROR; - } - } - - memcpy(&msg->buf.s[msg->buf.len], (void *) &attr, attr_type_size); - msg->buf.len += attr_type_size; - msg->empty -= attr_type_size; - - if (SHA1((UCHAR_T *)msg->buf.s, msg->buf.len-attr_type_size, - (UCHAR_T *) &msg->buf.s[msg->buf.len]) == 0) { - LOG(L_ERR, "ERROR: STUN: SHA-1 algorithm failed.\n"); - return FATAL_ERROR; - } - - msg->buf.len += SHA_DIGEST_LENGTH; - msg->empty -= SHA_DIGEST_LENGTH; - - return 0; -} - -/* * stun_alloc_unknown_attr() * - type: type of unknown attribute * @@ -958,38 +857,6 @@ void stun_delete_unknown_attrs(struct stun_unknown_att* unknown) } /* - * validate_fingerprint() - * - req: structure representing request message - * - error_code: indication of any protocol error - * - * The function validate_fingerprint ensures validation of FINGERPRINT - * attribute. - * - * Return value: 0 if there is no environment error - * -1 if there is some enviroment error such as insufficiency - * of memory - */ -int validate_fingerprint(struct stun_msg* req, USHORT_T* error_code) -{ - UCHAR_T msg_digest[SHA_DIGEST_LENGTH]; - UINT_T buf_len; - - buf_len = req->hdr.len + sizeof(struct stun_hdr); - buf_len -= SHA_DIGEST_LENGTH + sizeof(struct stun_attr); - - if (SHA1((UCHAR_T *) req->msg.buf.s, buf_len, msg_digest) == 0) { - LOG(L_ERR, "ERROR: STUN: SHA-1 algorithm failed.\n"); - return FATAL_ERROR; - } - - if (memcmp((void *)req->fp, (void *)&msg_digest, SHA_DIGEST_LENGTH) != 0) { - *error_code = BAD_REQUEST_ERR; - } - - return 0; -} - -/* * buf_copy() * - msg: buffer where the data will be copy to * - source: source data buffer diff --git a/ser_stun.h b/ser_stun.h index 1e6051b..2fbe3d4 100644 --- a/ser_stun.h +++ b/ser_stun.h @@ -56,7 +56,6 @@ typedef unsigned long ULONG_T; /* common STUN attributes */ #define MAPPED_ADDRESS_ATTR 0x0001 #define USERNAME_ATTR 0x0006 -#define PASSWORD_ATTR 0x0007 #define MESSAGE_INTEGRITY_ATTR 0x0008 #define ERROR_CODE_ATTR 0x0009 #define UNKNOWN_ATTRIBUTES_ATTR 0x000A @@ -65,10 +64,9 @@ typedef unsigned long ULONG_T; #define REALM_ATTR 0x0014 #define NONCE_ATTR 0x0015 #define XOR_MAPPED_ADDRESS_ATTR 0x0020 -#define FINGERPRINT_ATTR 0x0023 +#define FINGERPRINT_ATTR 0x8028 #define SERVER_ATTR 0x8022 #define ALTERNATE_SERVER_ATTR 0x8023 -#define REFRESH_INTERVAL_ATTR 0x8024 /* STUN attributes defined by rfc3489 */ #define RESPONSE_ADDRESS_ATTR 0x0002 @@ -167,7 +165,6 @@ struct stun_msg { struct stun_hdr hdr; struct stun_ip_addr ip_addr; /* XOR values for rfc3489bis, normal values for rfc3489 */ - char fp[SHA_DIGEST_LENGTH]; /* fingerprint value */ struct stun_buffer msg; UCHAR_T old; /* true: the format of message is in accordance with rfc3489 */