From 5d38fbab053f24eed317411d98fdc7bd13b5cfc1 Mon Sep 17 00:00:00 2001 From: Scott Godin Date: Fri, 21 Oct 2022 12:47:45 -0400 Subject: [PATCH] ignore raw UDP if no_udp is enabled (#1031) Essentially, for a DTLS client (that we haven't heard from before), the code in handle_udp_packet will have created the chs/ioa_socket in the block just above my change (see dtls_server_input_handler's call to dtls_accept_client_connection that calls create_ioa_socket_from_ssl). This only happens if the first message received from a client is a DTLS handshake. Otherwise, we have received UDP data from a new endpoint that is not a DTLS handshake, so it is raw UDP and the code just below my if statement will have created a UDP_SOCKET in the create_ioa_socket_from_fd call, allowing further processing of the RAW UDP. This was tested by trying to perform a TURN allocation via UDP (not DTLS) when no-udp setting was enabled. --- src/apps/relay/dtls_listener.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/apps/relay/dtls_listener.c b/src/apps/relay/dtls_listener.c index 949458e..1485c0e 100644 --- a/src/apps/relay/dtls_listener.c +++ b/src/apps/relay/dtls_listener.c @@ -439,6 +439,10 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server, #endif if(!chs) { + // Disallow raw UDP if no_udp is enabled + if(turn_params.no_udp) { + return -1; + } chs = create_ioa_socket_from_fd(ioa_eng, s->fd, s, UDP_SOCKET, CLIENT_SOCKET, &(sm->m.sm.nd.src_addr), get_local_addr_from_ioa_socket(s));