client: decrease security issues with AnyPortEnable

When AnyPortEnable is true, store the port of the first incoming packet and check that following packets use the same port
2025-09-27 19:42:11 +08:00 · 2023-01-07 11:05:25 +01:00
parent 7137d8534a
commit bf12e12afd
2 changed files with 27 additions and 15 deletions
--- a/client.go
+++ b/client.go
@@ -1247,14 +1247,16 @@ func (c *Client) doSetup(
 			}
 		}

-		cm.udpRTPListener.readIP = func() net.IP {
-			if thRes.Source != nil {
-				return *thRes.Source
-			}
-			return c.nconn.RemoteAddr().(*net.TCPAddr).IP
-		}()
+		if thRes.Source != nil {
+			cm.udpRTPListener.readIP = *thRes.Source
+		} else {
+			cm.udpRTPListener.readIP = c.nconn.RemoteAddr().(*net.TCPAddr).IP
+		}
+
 		if thRes.ServerPorts != nil {
-			cm.udpRTPListener.readPort = thRes.ServerPorts[0]
+			if !c.AnyPortEnable {
+				cm.udpRTPListener.readPort = thRes.ServerPorts[0]
+			}
 			cm.udpRTPListener.writeAddr = &net.UDPAddr{
 				IP:   c.nconn.RemoteAddr().(*net.TCPAddr).IP,
 				Zone: c.nconn.RemoteAddr().(*net.TCPAddr).Zone,
@@ -1262,14 +1264,16 @@ func (c *Client) doSetup(
 			}
 		}

-		cm.udpRTCPListener.readIP = func() net.IP {
-			if thRes.Source != nil {
-				return *thRes.Source
-			}
-			return c.nconn.RemoteAddr().(*net.TCPAddr).IP
-		}()
+		if thRes.Source != nil {
+			cm.udpRTCPListener.readIP = *thRes.Source
+		} else {
+			cm.udpRTCPListener.readIP = c.nconn.RemoteAddr().(*net.TCPAddr).IP
+		}
+
 		if thRes.ServerPorts != nil {
-			cm.udpRTCPListener.readPort = thRes.ServerPorts[1]
+			if !c.AnyPortEnable {
+				cm.udpRTCPListener.readPort = thRes.ServerPorts[1]
+			}
 			cm.udpRTCPListener.writeAddr = &net.UDPAddr{
 				IP:   c.nconn.RemoteAddr().(*net.TCPAddr).IP,
 				Zone: c.nconn.RemoteAddr().(*net.TCPAddr).Zone,