From 5cce82e782aa7eb418df940c1e300b47aaaf87b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@niif.hu>
Date: Thu, 14 Dec 2017 13:01:56 +0100
Subject: [PATCH] empty cli_password and loopback-peers not allowed

Adds a warning to allow-loopback-peers
Does not allow loopback peers and empty passwords.
Quit with an error.
---
 src/apps/relay/mainrelay.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
index bfae772..82fac29 100644
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@@ -2205,6 +2205,13 @@ int main(int argc, char **argv)
                        "Be aware that you could not mix the username/password and the shared secret based auth methohds. \n"
                        "Shared secret overrides username/password based auth method. Check your configuration!\n");
     }
+	if(turn_params.allow_loopback_peers) {
+		TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "CONFIG WARNING: allow_loopback_peers opens a possible security vulnerability. Do not use in production!!\n");
+		if(cli_password[0]==0) {
+			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: allow_loopback_peers and empty cli password cannot be used together.\n");
+			exit(-1);			
+		}
+	}
 
 	if(!use_lt_credentials && !anon_credentials) {
 		if(turn_params.default_users_db.ram_db.users_number) {