admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Disable SCTP asconf and auth extensions.

Browse Source 
WebRTC doesn't use these features, so disable them to reduce the
potential attack surface.

Bug: webrtc:11694
Change-Id: I093aa824c6da592852270534ae7415ceb19fca47
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/177360
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#31540}
This commit is contained in:
Taylor Brandstetter 2020-06-16 16:39:51 -07:00 committed by Commit Bot
parent 5086e9668e
commit 976faae028
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
media/sctp/sctp_transport.cc
View File

@ -269,6 +269,11 @@ class SctpTransport::UsrSctpWrapper {
// TODO(ldixon): Consider turning this on/off.
usrsctp_sysctl_set_sctp_ecn_enable(0);
// WebRTC doesn't use these features, so disable them to reduce the
// potential attack surface.
usrsctp_sysctl_set_sctp_asconf_enable(0);
usrsctp_sysctl_set_sctp_auth_enable(0);
// This is harmless, but we should find out when the library default
// changes.
int send_size = usrsctp_sysctl_get_sctp_sendspace();