package/gortsplib
1
0
Fork 0
mirror of https://github.com/aler9/gortsplib synced 2025-09-28 20:12:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

client: decrease security issues with AnyPortEnable

Browse Source 
When AnyPortEnable is true, store the port of the first incoming packet
and check that following packets use the same port
This commit is contained in:
aler9
2023-01-07 11:05:25 +01:00
parent 7137d8534a
commit bf12e12afd
2 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
client.go
View File

@@ -1247,14 +1247,16 @@ func (c *Client) doSetup(
}
}
cm.udpRTPListener.readIP = func() net.IP {
if thRes.Source != nil {
return *thRes.Source
}
return c.nconn.RemoteAddr().(*net.TCPAddr).IP
}()
if thRes.Source != nil {
cm.udpRTPListener.readIP = *thRes.Source
} else {
cm.udpRTPListener.readIP = c.nconn.RemoteAddr().(*net.TCPAddr).IP
}
if thRes.ServerPorts != nil {
cm.udpRTPListener.readPort = thRes.ServerPorts[0]
if !c.AnyPortEnable {
cm.udpRTPListener.readPort = thRes.ServerPorts[0]
}
cm.udpRTPListener.writeAddr = &net.UDPAddr{
IP: c.nconn.RemoteAddr().(*net.TCPAddr).IP,
Zone: c.nconn.RemoteAddr().(*net.TCPAddr).Zone,
@@ -1262,14 +1264,16 @@ func (c *Client) doSetup(
}
}
cm.udpRTCPListener.readIP = func() net.IP {
if thRes.Source != nil {
return *thRes.Source
}
return c.nconn.RemoteAddr().(*net.TCPAddr).IP
}()
if thRes.Source != nil {
cm.udpRTCPListener.readIP = *thRes.Source
} else {
cm.udpRTCPListener.readIP = c.nconn.RemoteAddr().(*net.TCPAddr).IP
}
if thRes.ServerPorts != nil {
cm.udpRTCPListener.readPort = thRes.ServerPorts[1]
if !c.AnyPortEnable {
cm.udpRTCPListener.readPort = thRes.ServerPorts[1]
}
cm.udpRTCPListener.writeAddr = &net.UDPAddr{
IP: c.nconn.RemoteAddr().(*net.TCPAddr).IP,
Zone: c.nconn.RemoteAddr().(*net.TCPAddr).Zone,

10
clientudpl.go
View File

@@ -186,7 +186,15 @@ func (u *clientUDPListener) runReader(forPlay bool) {
uaddr := addr.(*net.UDPAddr)
if !u.readIP.Equal(uaddr.IP) || (!u.anyPortEnable && u.readPort != uaddr.Port) {
if !u.readIP.Equal(uaddr.IP) {
continue
}
// in case of anyPortEnable, store the port of the first packet we receive.
// this reduces security issues
if u.anyPortEnable && u.readPort == 0 {
u.readPort = uaddr.Port
} else if u.readPort != uaddr.Port {
continue
}