Avoid SRTP/SRTCP state creation before auth#373
Conversation
Reported-by: sirzooro <daniel@poradnik-webmastera.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #373 +/- ##
==========================================
+ Coverage 82.42% 82.72% +0.30%
==========================================
Files 19 19
Lines 1462 1482 +20
==========================================
+ Hits 1205 1226 +21
Misses 142 142
+ Partials 115 114 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
| // - MKI (optional) | ||
| // - Auth Tag - used by non-AEAD profiles only. When RCC is used with AEAD profiles, the ROC is sent here. | ||
| // | ||
| //nolint:cyclop |
There was a problem hiding this comment.
This new nolint is unfortunate but I didn't want to add noise in a security fix, so I'll refactor this function and will remove the nolint after this is merged
|
I think it addressed the same issue as my PR #372 ? |
|
@sirzooro Sorry I was sick this weekend and i forgot that you made a PR to fix a few things including this issue, I see that the most important issues in the file you sent me are already fixed. |
Description
one of the many security issues reported by @sirzooro