From 976faae028c100ad66dbe865c954960b6d38c2f8 Mon Sep 17 00:00:00 2001
From: Taylor Brandstetter <deadbeef@webrtc.org>
Date: Tue, 16 Jun 2020 16:39:51 -0700
Subject: [PATCH] Disable SCTP asconf and auth extensions.

WebRTC doesn't use these features, so disable them to reduce the
potential attack surface.

Bug: webrtc:11694
Change-Id: I093aa824c6da592852270534ae7415ceb19fca47
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/177360
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#31540}
---
 media/sctp/sctp_transport.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/media/sctp/sctp_transport.cc b/media/sctp/sctp_transport.cc
index 6be9461e91..35824b7f25 100644
--- a/media/sctp/sctp_transport.cc
+++ b/media/sctp/sctp_transport.cc
@@ -269,6 +269,11 @@ class SctpTransport::UsrSctpWrapper {
     // TODO(ldixon): Consider turning this on/off.
     usrsctp_sysctl_set_sctp_ecn_enable(0);
 
+    // WebRTC doesn't use these features, so disable them to reduce the
+    // potential attack surface.
+    usrsctp_sysctl_set_sctp_asconf_enable(0);
+    usrsctp_sysctl_set_sctp_auth_enable(0);
+
     // This is harmless, but we should find out when the library default
     // changes.
     int send_size = usrsctp_sysctl_get_sctp_sendspace();