Bug 82938 - NiceAgentRecvFunc invoked for data even when not coming from authenticated pairs
Summary: NiceAgentRecvFunc invoked for data even when not coming from authenticated pairs
Status: RESOLVED MOVED
Alias: None
Product: nice
Classification: Unclassified
Component: General (show other bugs)
Version: unspecified
Hardware: All All
: medium normal
Assignee: Olivier Crête
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-22 08:20 UTC by Lorenzo Miniero
Modified: 2015-06-26 13:53 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lorenzo Miniero 2014-08-22 08:20:33 UTC
As suggested in this thread (http://lists.freedesktop.org/archives/nice/2014-August/000944.html) I'm opening an issue about a bug I encountered.

After a successful ICE setup using libnice, apparently the NiceAgentRecvFunc callback I set is invoked for a specific component even when data is not coming from any remote candidate that was negotiated and authenticated.

To make a practical and reproduceable exampe, I tried setting up a media session and, after a successful ICE setup, I used the nc command to send data to the port my application had selected (so random source port on the nc side). Surprisingly, the callback was notified, and the data was available, while I expected the library to ignore this external data as it was not part of the "connection" established between the two parties.
Comment 1 Ilya Konstantinov 2015-03-31 17:49:35 UTC
To the best of my understanding, ICE's security is intended for the short-lived negotation, and does not extend to the session itself.

To guarantee session security, one would use something like SRTP.
Comment 2 Olivier Crête 2015-03-31 18:50:19 UTC
Yes, but we shouldn't be accepting data from un-authenticated peer. Last draft I checked, this was required by WebRTC, and is actually required by the ICE RFC.
Comment 3 Philip Withnall 2015-06-26 13:53:18 UTC
Migrated to Phabricator: http://phabricator.freedesktop.org/T104


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.