[Live-devel] SRTP - uninitialized variable causes multicast to fail

Fri, 17 Jan 2025 02:16:10 -0800

--- Begin Message --- 
Hi all,

When upgrading to v2024.11.28, multicast streams with SRTP sometimes fail due 
to an uninitialized variable; Clients are not able to decode SRTP and discard 
all packets.

Short: SRTPCryptographicContext constructor does not initialize fSendingROC.

Long:
PassiveServerMediaSubsession::sdpLines() is called from 
ServerMediaSession::generateSDPDescription() twice.
The first time (to determine existence), the cryptographic context of the sink 
of PassiveServerMediaSubsession is NULL, so the RTPSink::srtpROC() returns 0; 
However, PassiveServerMediaSubsession::sdpLines() then performs a 
fRTPSink.setupForSRTP(), which initializes the cryptographic context. At this 
point, the fSendingROC member is uninitialized.
ServerMediaSession::generateSDPDescription() then calls 
PassiveServerMediaSubsession::sdpLines() a second time (to actually fill SDP), 
and then references this cryptographic context. Uninitialized memory is 
returned, letting PassiveServerMediaSubsession::sdpLines() to re-create 
SDPLines with a bogus ROC.

Only later, when RTP is to be sent, 
SRTPCryptographicContext::processOutgoingSRTPPacket() initializes fSendingROC 
for the first call.

Proposed solutions:
a) SRTPCryptographicContext::sendingROC() should return 
fMIKEYState.initialROC() if nothing was sent yet (simpler, but introduces 
duplication)
b) constructor should initialize fSendingROC with fMIKEYState.initialROC() - 
which would also allow for the removal of the initialization in 
processOutgoingSRTPPacket().

Note: The IDE  (CLion) also warns about further, uninitialized members in 
SRTPCryptographicContext - though I haven't followed up on their implications.

Thank you,
Christian

Christian Haas
OneATM - Tower Solutions R&D - Software Engineer

FREQUENTIS AG

Innovationsstrasse 1
1100 Vienna, Austria
Mobile: +43-664-60 850 - 3471
Fax: +43-1-811 50 - 77 - 3471
Web: www.frequentis.com<http://www.frequentis.com/>
E-mail: christian.h...@frequentis.com<mailto:christian.h...@frequentis.com>

Handelsgericht Wien (Vienna Commercial Court): FN 72115b
ATU 14715600

--- End Message ---
_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel

Reply via email to