Skip to content

Avoid SRTP/SRTCP state creation before auth#373

Closed
JoTurk wants to merge 1 commit into
mainfrom
jo/avoid-srtp-state-creation
Closed

Avoid SRTP/SRTCP state creation before auth#373
JoTurk wants to merge 1 commit into
mainfrom
jo/avoid-srtp-state-creation

Conversation

@JoTurk

@JoTurk JoTurk commented Jun 8, 2026

Copy link
Copy Markdown
Member

Description

one of the many security issues reported by @sirzooro

Reported-by: sirzooro <daniel@poradnik-webmastera.com>
@JoTurk JoTurk requested review from Sean-Der and sirzooro June 8, 2026 03:09
@codecov

codecov Bot commented Jun 8, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 90.90909% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.72%. Comparing base (51804b0) to head (7c64570).

Files with missing lines Patch % Lines
session_srtp.go 70.00% 1 Missing and 2 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #373      +/-   ##
==========================================
+ Coverage   82.42%   82.72%   +0.30%     
==========================================
  Files          19       19              
  Lines        1462     1482      +20     
==========================================
+ Hits         1205     1226      +21     
  Misses        142      142              
+ Partials      115      114       -1     
Flag Coverage Δ
go 82.72% <90.90%> (+0.30%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Comment thread srtp.go
// - MKI (optional)
// - Auth Tag - used by non-AEAD profiles only. When RCC is used with AEAD profiles, the ROC is sent here.
//
//nolint:cyclop

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new nolint is unfortunate but I didn't want to add noise in a security fix, so I'll refactor this function and will remove the nolint after this is merged

@sirzooro

sirzooro commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

I think it addressed the same issue as my PR #372 ?

@JoTurk

JoTurk commented Jun 8, 2026

Copy link
Copy Markdown
Member Author

@sirzooro Sorry I was sick this weekend and i forgot that you made a PR to fix a few things including this issue, I see that the most important issues in the file you sent me are already fixed.
I'll try to review your PR tonight or tomorrow.

@JoTurk JoTurk closed this Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants