From f82f788f43e385391db2827cde151830fc91bc14 Mon Sep 17 00:00:00 2001
From: Stephen Paul Weber <singpolyma@singpolyma.net>
Date: Tue, 4 Jul 2023 21:59:24 -0500
Subject: Ignore non-DTLS data before handshake is complete

https://datatracker.ietf.org/doc/html/rfc9147#name-demul
https://datatracker.ietf.org/doc/html/rfc5764#section-5.1.2

If data is received before handshake is complete, discard it rather than
forwarding it blindly to GnuTLS which can get confused.
---
 plugins/ice/src/dtls_srtp.vala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/ice/src/dtls_srtp.vala b/plugins/ice/src/dtls_srtp.vala
index 298c0061..6987a0d2 100644
--- a/plugins/ice/src/dtls_srtp.vala
+++ b/plugins/ice/src/dtls_srtp.vala
@@ -46,7 +46,7 @@ public class Handler {
                 return srtp_session.decrypt_rtp(data);
             }
             if (component_id == 2) return srtp_session.decrypt_rtcp(data);
-        } else if (component_id == 1) {
+        } else if (component_id == 1 && (data[0] >= 20 && data[0] <= 63)) {
             on_data_rec(data);
         }
         return null;
-- 
cgit v1.2.3-54-g00ecf