From 897815459f94266dd7cc16fa849dad46187a4e2e Mon Sep 17 00:00:00 2001 From: Simon Morlat Date: Wed, 21 Dec 2016 19:49:05 +0100 Subject: [PATCH] prevent adding a LinphoneAuthInfo with empty credentials. This is causing undefined behaviors in belle-sip and SAL. --- coreapi/authentication.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/coreapi/authentication.c b/coreapi/authentication.c index 9cf6a7a6d..c66ec2017 100644 --- a/coreapi/authentication.c +++ b/coreapi/authentication.c @@ -396,8 +396,10 @@ void linphone_core_add_auth_info(LinphoneCore *lc, const LinphoneAuthInfo *info) int restarted_op_count=0; bool_t updating=FALSE; - if (info->ha1==NULL && info->passwd==NULL){ - ms_warning("linphone_core_add_auth_info(): info supplied with empty password or ha1."); + if (info->tls_key == NULL && info->tls_key_path == NULL + && info->ha1==NULL && info->passwd==NULL){ + ms_error("linphone_core_add_auth_info(): info supplied with empty password, ha1 or TLS client/key"); + return; } /* find if we are attempting to modify an existing auth info */ ai=(LinphoneAuthInfo*)linphone_core_find_auth_info(lc,info->realm,info->username,info->domain);