1. 06 May, 2020 1 commit
  2. 04 May, 2020 1 commit
  3. 13 Feb, 2020 1 commit
    • Fabrice Bellet's avatar
      conncheck: display priorities in debug by spliting their values · bbcf82b3
      Fabrice Bellet authored
      We display 32-bit candidate priorities in hexadecimal to identify each
      8-bit-aligned field more easily: type preference, local preference, and
      component id. We display 64-bit pair priority by splitting their local
      and remote part. See RFC-8445, section 5.1.2.1.  "Recommended Formula",
      and section 6.1.2.3. "Computing Pair Priority and Ordering Pairs".
      bbcf82b3
  4. 04 Jul, 2019 4 commits
    • Fabrice Bellet's avatar
      component: don't detach the socket source twice · 13378275
      Fabrice Bellet authored
      The source is also detached in socket_source_free()
      13378275
    • Fabrice Bellet's avatar
      component: remove socket also from remote candidates · 6303ed6f
      Fabrice Bellet authored
      A socket to be removed may also come from a peer-reflexive remote
      candidate, and some cleanup also needs to be done in this case. This
      reference in a remote peer-reflexive tcp-active candidate caused a
      heap-use-after-free asan error in some custom debugging dump of the list
      of sockets of a component, after a read error in component_io_cb():
      
      agent_recv_message_unlocked returned -1, errno (25) :
      Inappropriate ioctl for device
      6303ed6f
    • Fabrice Bellet's avatar
      component: Fix use-after-free and resolve regression · 71a8a9e2
      Fabrice Bellet authored
      conn_check_prune_socket() on nsocket must be called before removing the
      candidate with this socket inside the loop, to prevent the
      use-after-free reported initially in issue #73.
      
      But commit 541801d4 introduced a regression during discovery when an udp
      turn over tcp socket is immediately closed by a HUP condition for
      example. In this case, discovery_prune_socket() is never called, because
      we don't have a candidate with this socket inside the loop. So the
      nsocket is freed by the final nice_component_detach_socket() but is
      still used by the discovery timer callback.
      
      This commit moves the discovery_prune_socket() and
      conn_check_prune_socket() actions before the loop instead of after, or
      inside.
      
      Closes #73
      71a8a9e2
    • Fabrice Bellet's avatar
      discovery: fix an use-after-free in SFB user credentials · 8e5809b7
      Fabrice Bellet authored
      The base64 decoded username and password strings given to
      stun_usage_turn_create() should not freed immediately, since they remain
      used when handling the following related inbound stun replies.
      8e5809b7
  5. 02 Jul, 2019 1 commit
    • Olivier Crête's avatar
      agent: add nice_agent_get_sockets API · 875a23a7
      Olivier Crête authored
      This API makes it possible to get an array of all of the sockets used
      by a specific component, this is useful to set options on the socket.
      
      Also bump GLib requirement to 2.54, which is the version in RHEL 7
      875a23a7
  6. 09 May, 2019 2 commits
  7. 11 Mar, 2019 1 commit
    • Jakub Adam's avatar
      component: Fix use-after-free · 541801d4
      Jakub Adam authored
      conn_check_prune_socket() was trying to access deleted NiceCandidate
      instance. Prune the socket before removing the candidate.
      
      Closes #73
      541801d4
  8. 27 Dec, 2018 1 commit
  9. 28 Oct, 2018 3 commits
  10. 21 Oct, 2018 1 commit
  11. 12 Jun, 2018 1 commit
  12. 21 Jun, 2017 2 commits
  13. 12 Apr, 2017 1 commit
    • Fabrice Bellet's avatar
      agent: do not create a GSource for UDP TURN socket · 0a2cb0a9
      Fabrice Bellet authored
      With this patch, we don't create a new GSource for udp-turn socket,
      because it would duplicate the packets already received on the base UDP
      socket, as the underlying GSocket is the same. This is a race condition,
      because an UDP packet arriving on the base socket, may randomly be
      handled by the GSource callback created for the base socket (udp-bsd) of
      the callback created for the udp-turn socket. Moreover this callback
      already knows how to parse UDP datagrams received from a known turn
      server.
      
      This patch also prevents a subtle bug, when a STUN request is received
      directly from a peer, is handled by the udp turn socket. If the agent
      already has a valid permission for this remote candidate, established
      for another pair, it will happily send the STUN reply through the turn
      relay. This generates a source address mismatch on the peer agent, when
      it'll receive the STUN response from the turn relay instead of the
      initial address the request has been sent to.
      
      Differential Revision: https://phabricator.freedesktop.org/D932
      0a2cb0a9
  14. 11 Apr, 2017 1 commit
  15. 04 Apr, 2017 1 commit
  16. 03 Apr, 2017 1 commit
  17. 02 Jun, 2016 1 commit
  18. 30 May, 2016 1 commit
  19. 27 May, 2016 1 commit
  20. 01 Mar, 2016 1 commit
  21. 01 Oct, 2015 3 commits
  22. 14 Nov, 2014 1 commit
  23. 30 Oct, 2014 1 commit
  24. 09 Oct, 2014 2 commits
  25. 25 Sep, 2014 2 commits
  26. 23 Sep, 2014 3 commits
  27. 22 Sep, 2014 1 commit
    • Philip Withnall's avatar
      agent: Remove dangling pointers on NiceSocket destruction · f6337b53
      Philip Withnall authored
      If a NiceSocket is destroyed, various pointers are currently left
      dangling to it in the conncheck state. These can cause crashes if (for
      example) a CandidateCheckPair with such a dangling pointer is then used;
      the GSocket methods will fail.
      
      Fix this by explicitly removing the socket and all NiceCandidates which
      wrap it from various areas of the state.
      f6337b53