Commit 306d471a authored by Johan Sternerup's avatar Johan Sternerup Committed by Olivier Crête

conncheck: Only valid stun messages used for Keepalive

Previously, a STUN response for which there was no associated request
would be considered valid media input and as such could keep a dead
connection alive. If peer A was communicating with peer B and peer B got
disconnected, the keepalive mechanism in peer A should detect this.
However, a misbehaving STUN server could keep sending STUN responses to
peer A which would then be considered a valid communication between A
and B and thereby prevent the keepalive mechanism from shutting down the
connection.

Situation above refers to a stun message validated as
STUN_VALIDATION_UNMATCHED_RESPONSE. With this change only messages
validated as STUN_VALIDATION_SUCCESS may keep the connection alive.
parent 303f0179
Pipeline #216168 passed with stages
in 3 minutes and 44 seconds
......@@ -4341,7 +4341,6 @@ agent_recv_message_unlocked (
nice_debug ("%s: Valid STUN packet received.", G_STRFUNC);
retval = RECV_OOB;
g_free (big_buf);
agent->media_after_tick = TRUE;
goto done;
}
}
......
......@@ -4693,6 +4693,7 @@ gboolean conn_check_handle_inbound_stun (NiceAgent *agent, NiceStream *stream,
return FALSE;
}
agent->media_after_tick = TRUE;
if (stun_message_get_class (&req) == STUN_REQUEST) {
if ( agent->compatibility == NICE_COMPATIBILITY_MSN
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment