diff options
author | Fabrice Bellet <fabrice@bellet.info> | 2017-12-11 08:50:33 +0100 |
---|---|---|
committer | Olivier CrĂȘte <olivier.crete@collabora.com> | 2018-03-23 13:56:21 -0400 |
commit | 5a644f459dc75c80dfb19c7772f74e37a0258771 (patch) | |
tree | bdb64a98a2f29b607795459c1cc613a2a163f624 /ChangeLog | |
parent | a9ac0487b0d1708d780d7c0b7a2206c71a8c7163 (diff) | |
download | libnice-5a644f459dc75c80dfb19c7772f74e37a0258771.tar.gz |
agent: make candidate username and password immutable
With this patch we prevent the username and the password of a candidate
to be modified during a session, as required by the RFC, sect 9.1.2.
This is also needed from a memory management point of view, because the
password string pointer may be recorded in the components stun agent
sent_ids[] struct key member, and freeing these values there may cause
an use-after-free condition, when an inbound stun is received from this
candidate. This behavior has been observed with pidgin, xmpp, and
farstream when a same remote candidates are "updated" several times,
even if the credentials don't change in this case.
Reviewed-by: Olivier CrĂȘte <olivier.crete@collabora.com>
Differential Revision: https://phabricator.freedesktop.org/D1917
Diffstat (limited to 'ChangeLog')
0 files changed, 0 insertions, 0 deletions