Commit 15a60625 authored by Kai Vehmanen's avatar Kai Vehmanen

Fixed STUN integrity check handling for binding responses, and STUN NAT type...

Fixed STUN integrity check handling for binding responses, and STUN NAT type testing, on systems with OpenSSL disabled.

darcs-hash:20060607184247-77cd4-675e89f8045257090ada4e8e5a36ed163af5d555.gz
parent 729251bd
......@@ -493,10 +493,11 @@ int stun_encode_type_len(stun_attr_t *attr, uint16_t len) {
return 0;
}
/** validate message integrity based on pwd
* received content is in msg->enc_buf
/**
* Validate the message integrity based on given
* STUN password 'pwd'. The received content should be
* in msg->enc_buf.
*/
#if defined(HAVE_OPENSSL)
int stun_validate_message_integrity(stun_msg_t *msg, stun_buffer_t *pwd)
{
......@@ -505,9 +506,15 @@ int stun_validate_message_integrity(stun_msg_t *msg, stun_buffer_t *pwd)
unsigned char dig[20]; /* received sha1 digest */
unsigned char *padded_text;
/* password NULL so shared-secret not established and
messege integrity checks can be skipped */
if (pwd->data == NULL)
return 0;
/* otherwise the check must match */
#if defined(HAVE_OPENSSL)
/* message integrity not received */
if (stun_get_attr(msg->stun_attr, MESSAGE_INTEGRITY) == NULL) {
SU_DEBUG_5(("%s: error: message integrity missing.\n", __func__));
......@@ -537,13 +544,10 @@ int stun_validate_message_integrity(stun_msg_t *msg, stun_buffer_t *pwd)
free(padded_text);
return 0;
}
#else
int stun_validate_message_integrity(stun_msg_t *msg, stun_buffer_t *pwd)
{
#else /* HAVE_OPENSSL */
return -1;
#endif
}
#endif /* HAVE_OPENSSL */
void debug_print(stun_buffer_t *buf) {
unsigned i;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment