From 394ed2fc62449e04843a6b734e3f8c63e004b09e Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Fri, 10 Mar 2023 08:32:58 -0500
Subject: [PATCH] MT#55283 use correct password for STUN errors

We're supposed to use the remote password for sending STUN error
responses (same as for sending STUN success responses), not the local
one.

Fixes a bug from 2015.

Closes #1626

Change-Id: I975178405dcd41661bdc5e0c1208295f9db70006
---
 daemon/stun.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/daemon/stun.c b/daemon/stun.c
index 7eb7ea471..89a2c6f0e 100644
--- a/daemon/stun.c
+++ b/daemon/stun.c
@@ -417,7 +417,7 @@ static void stun_error_len(struct stream_fd *sfd, const endpoint_t *sin,
 	if (attr_cont)
 		output_add_data_wr(&mh, &aa, add_attr, attr_cont, attr_len);
 
-	integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[0]);
+	integrity(&mh, &mi, &sfd->stream->media->ice_agent->pwd[1]);
 	fingerprint(&mh, &fp);
 
 	output_finish_src(&mh);
@@ -488,7 +488,6 @@ static int check_auth(const str *msg, struct stun_attrs *attrs, struct call_medi
 	return memcmp(digest, attrs->msg_integrity.s, 20) ? -1 : 0;
 }
 
-/* XXX way too many parameters being passed around here, unify into a struct */
 static int stun_binding_success(struct stream_fd *sfd, struct header *req, struct stun_attrs *attrs,
 		const endpoint_t *sin)
 {