1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

SquashSRS4: Add security scan. Feed TWCC before drop PT.

This commit is contained in:
winlin 2021-03-11 16:55:05 +08:00
parent e74810230a
commit 4f1aa924e6
3 changed files with 74 additions and 20 deletions

View file

@ -552,18 +552,6 @@ fi
#####################################################################################
# srtp
#####################################################################################
# For openssl-1.1.*, we should disable SRTP ASM, because SRTP only works with openssl-1.0.*
if [[ $SRS_SRTP_ASM == YES ]]; then
echo " #include <openssl/ssl.h> " > ${SRS_OBJS}/_tmp_srtp_asm_detect.c
echo " #if OPENSSL_VERSION_NUMBER >= 0x10100000L // v1.1.x " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
echo " #error \"SRTP only works with openssl-1.0.*\" " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
echo " #endif " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
${SRS_TOOL_CC} -c ${SRS_OBJS}/_tmp_srtp_asm_detect.c -I${SRS_OBJS}/openssl/include -o /dev/null >/dev/null 2>&1
if [[ $? -ne 0 ]]; then
SRS_SRTP_ASM=NO && echo "Warning: Disable SRTP-ASM optimization, please update docker";
fi
rm -f ${SRS_OBJS}/_tmp_srtp_asm_detect.c
fi;
SRTP_CONFIG="echo SRTP without openssl(ASM) optimization" && SRTP_OPTIONS=""
# If use ASM for SRTP, we enable openssl(with ASM).
if [[ $SRS_SRTP_ASM == YES ]]; then

View file

@ -1116,14 +1116,6 @@ srs_error_t SrsRtcPublishStream::on_rtp(char* data, int nb_data)
return err;
}
// If payload type is configed to drop, ignore this packet.
if (pt_to_drop_) {
uint8_t pt = srs_rtp_fast_parse_pt(data, nb_data);
if (pt_to_drop_ == pt) {
return err;
}
}
// Decode the header first.
if (twcc_id_) {
// We must parse the TWCC from RTP header before SRTP unprotect, because:
@ -1140,6 +1132,14 @@ srs_error_t SrsRtcPublishStream::on_rtp(char* data, int nb_data)
}
}
// If payload type is configed to drop, ignore this packet.
if (pt_to_drop_) {
uint8_t pt = srs_rtp_fast_parse_pt(data, nb_data);
if (pt_to_drop_ == pt) {
return err;
}
}
// Decrypt the cipher to plaintext RTP data.
char* plaintext = data;
int nb_plaintext = nb_data;