package/gortsplib
1
0
Fork 0
mirror of https://github.com/aler9/gortsplib synced 2025-10-12 18:40:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

server: do not allow a client to control a session created with a different IP

Browse Source
This commit is contained in:
aler9
2021-09-23 19:52:57 +02:00
parent 0454e5407f
commit 239b71d975
9 changed files with 42 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server.go
View File

@@ -32,7 +32,7 @@ func extractPort(address string) (int, error) {
func newSessionSecretID(sessions map[string]*ServerSession) (string, error) {
for {
b := make([]byte, 4)
_, err := rand.Read(b[:])
_, err := rand.Read(b)
if err != nil {
return "", err
}
@@ -363,6 +363,17 @@ outer:
case req := <-s.sessionRequest:
if ss, ok := s.sessions[req.id]; ok {
if !req.sc.ip().Equal(ss.ip()) ||
req.sc.zone() != ss.zone() {
req.res <- sessionRequestRes{
res: &base.Response{
StatusCode: base.StatusBadRequest,
},
err: liberrors.ErrServerCannotUseSessionCreatedByOtherIP{},
}
continue
}
ss.request <- req
} else {
if !req.create {