Commit b98b98ad authored by Philip Withnall's avatar Philip Withnall
Browse files

agent: Drop valid but unmatched STUN packets

Rather than passing them through to the application. Invalid STUN
packets are still passed through, but it causes unnecessary noise and
corruption for higher-level applications to receive STUN packets they
weren’t expecting.

This is permitted by RFC 5389, §7.3.0:
    If any errors are detected, the message is silently discarded.
    In the case when STUN is being multiplexed with another protocol,
    an error may indicate that this is not really a STUN message; in
    this case, the agent should try to parse the message as a different
where I interpret ‘error’ to mean ‘validation error’ rather than (e.g.)
‘unrecognised attribute’ or ‘unmatched response’ where the STUN packet
is otherwise perfectly formed.
parent f6337b53
......@@ -3487,16 +3487,29 @@ agent_recv_message_unlocked (
* into a single monolithic one and parse the packet properly. */
guint8 *big_buf;
gsize big_buf_len;
int validated_len;
big_buf = compact_input_message (message, &big_buf_len);
if (stun_message_validate_buffer_length (big_buf, big_buf_len,
validated_len = stun_message_validate_buffer_length (big_buf, big_buf_len,
(agent->compatibility != NICE_COMPATIBILITY_OC2007 &&
agent->compatibility != NICE_COMPATIBILITY_OC2007R2)) == (gint) big_buf_len &&
agent->compatibility != NICE_COMPATIBILITY_OC2007R2));
if (validated_len == (gint) big_buf_len) {
gboolean handled;
handled =
conn_check_handle_inbound_stun (agent, stream, component, nicesock,
message->from, (gchar *) big_buf, big_buf_len)) {
/* Handled STUN message. */
nice_debug ("%s: Valid STUN packet received.", G_STRFUNC);
message->from, (gchar *) big_buf, big_buf_len);
if (handled) {
/* Handled STUN message. */
nice_debug ("%s: Valid STUN packet received.", G_STRFUNC);
} else {
/* Valid but unhandled STUN message (e.g. does not match a previously
* sent request due to being a duplicate response). */
nice_debug ("%s: Valid but unhandled STUN packet received.", G_STRFUNC);
retval = RECV_OOB;
g_free (big_buf);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment