-
With this patch we prevent the username and the password of a candidate to be modified during a session, as required by the RFC, sect 9.1.2. This is also needed from a memory management point of view, because the password string pointer may be recorded in the components stun agent sent_ids[] struct key member, and freeing these values there may cause an use-after-free condition, when an inbound stun is received from this candidate. This behavior has been observed with pidgin, xmpp, and farstream when a same remote candidates are "updated" several times, even if the credentials don't change in this case. Reviewed-by:
Olivier Crête <olivier.crete@collabora.com>
Differential Revision: https://phabricator.freedesktop.org/D19175a644f45
