Google Git
Sign in
webrtc/src//976faae028c100ad66dbe865c954960b6d38c2f8^!/.
commit
976faae028c100ad66dbe865c954960b6d38c2f8
[log]
author
Taylor Brandstetter <deadbeef@webrtc.org>
Tue Jun 16 23:39:51 2020
committer
Commit Bot <commit-bot@chromium.org>
Thu Jun 18 02:16:51 2020
tree
2c6369da746696cfab56905309f2a0f3b095de71
parent
5086e9668e1a6d7d3cc1921418ace7ede84bbe4e [diff]
Disable SCTP asconf and auth extensions.

WebRTC doesn't use these features, so disable them to reduce the
potential attack surface.

Bug: webrtc:11694
Change-Id: I093aa824c6da592852270534ae7415ceb19fca47
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/177360
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#31540}

diff --git a/media/sctp/sctp_transport.cc b/media/sctp/sctp_transport.cc
index 6be9461..35824b7 100644
--- a/media/sctp/sctp_transport.cc
+++ b/media/sctp/sctp_transport.cc

@@ -269,6 +269,11 @@
     // TODO(ldixon): Consider turning this on/off.
     usrsctp_sysctl_set_sctp_ecn_enable(0);
 
+    // WebRTC doesn't use these features, so disable them to reduce the
+    // potential attack surface.
+    usrsctp_sysctl_set_sctp_asconf_enable(0);
+    usrsctp_sysctl_set_sctp_auth_enable(0);
+
     // This is harmless, but we should find out when the library default
     // changes.
     int send_size = usrsctp_sysctl_get_sctp_sendspace();