From 3328b10641c7a6c6e6b7cf935ec709e1ca80f97b Mon Sep 17 00:00:00 2001
From: MASM fan <masmfan@gmail.com>
Date: Tue, 23 Dec 2014 13:34:09 -0800
Subject: [PATCH] It's insecure to use unitialized memory as entropy source. See

https://www.securecoding.cert.org/confluence/display/seccode/EXP33-C.+Do+not+read+uninitialized+memory

for additional details.
---
 src/stun.cpp |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/src/stun.cpp b/src/stun.cpp
index 4bf2c94..1ab2bc7 100644
--- a/src/stun.cpp
+++ b/src/stun.cpp
@@ -28,6 +28,8 @@
  * Of course all fields are in network format.
  */
 
+#define __STDC_LIMIT_MACROS
+
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -49,6 +51,9 @@
 
 #include "ministun.h"
 
+extern int GetRandInt(int nMax);
+extern uint64_t GetRand(uint64_t nMax);
+
 /*---------------------------------------------------------------------*/
 
 struct StunSrv {
@@ -334,10 +339,15 @@ static int stun_send(int s, struct sockaddr_in *dst, struct stun_header *resp)
 }
 
 /* helper function to generate a random request id */
-static uint64_t randfiller;
+static uint64_t randfiller = GetRand(UINT64_MAX);
 static void stun_req_id(struct stun_header *req)
 {
     const uint64_t *S_block = (const uint64_t *)StunSrvList;
+    req->id.id[0] = GetRandInt(INT_MAX);
+    req->id.id[1] = GetRandInt(INT_MAX);
+    req->id.id[2] = GetRandInt(INT_MAX);
+    req->id.id[3] = GetRandInt(INT_MAX);
+
     req->id.id[0] |= 0x55555555;
     req->id.id[1] &= 0x55555555;
     req->id.id[2] |= 0x55555555;
-- 
1.7.1