From f82f788f43e385391db2827cde151830fc91bc14 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Tue, 4 Jul 2023 21:59:24 -0500 Subject: Ignore non-DTLS data before handshake is complete https://datatracker.ietf.org/doc/html/rfc9147#name-demul https://datatracker.ietf.org/doc/html/rfc5764#section-5.1.2 If data is received before handshake is complete, discard it rather than forwarding it blindly to GnuTLS which can get confused. --- plugins/ice/src/dtls_srtp.vala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/ice/src/dtls_srtp.vala b/plugins/ice/src/dtls_srtp.vala index 298c0061..6987a0d2 100644 --- a/plugins/ice/src/dtls_srtp.vala +++ b/plugins/ice/src/dtls_srtp.vala @@ -46,7 +46,7 @@ public class Handler { return srtp_session.decrypt_rtp(data); } if (component_id == 2) return srtp_session.decrypt_rtcp(data); - } else if (component_id == 1) { + } else if (component_id == 1 && (data[0] >= 20 && data[0] <= 63)) { on_data_rec(data); } return null; -- cgit v1.2.3-70-g09d2