SRTP - uninitialized variable causes multicast to fail

HAAS Christian Christian.HAAS at frequentis.com
Fri Jan 17 02:05:16 PST 2025 

Hi all,

When upgrading to v2024.11.28, multicast streams with SRTP sometimes fail due to an uninitialized variable; Clients are not able to decode SRTP and discard all packets.

Short: SRTPCryptographicContext constructor does not initialize fSendingROC.

Long:
PassiveServerMediaSubsession::sdpLines() is called from ServerMediaSession::generateSDPDescription() twice.
The first time (to determine existence), the cryptographic context of the sink of PassiveServerMediaSubsession is NULL, so the RTPSink::srtpROC() returns 0; However, PassiveServerMediaSubsession::sdpLines() then performs a fRTPSink.setupForSRTP(), which initializes the cryptographic context. At this point, the fSendingROC member is uninitialized.
ServerMediaSession::generateSDPDescription() then calls PassiveServerMediaSubsession::sdpLines() a second time (to actually fill SDP), and then references this cryptographic context. Uninitialized memory is returned, letting PassiveServerMediaSubsession::sdpLines() to re-create SDPLines with a bogus ROC.

Only later, when RTP is to be sent, SRTPCryptographicContext::processOutgoingSRTPPacket() initializes fSendingROC for the first call.

Proposed solutions:
a) SRTPCryptographicContext::sendingROC() should return fMIKEYState.initialROC() if nothing was sent yet (simpler, but introduces duplication)
b) constructor should initialize fSendingROC with fMIKEYState.initialROC() - which would also allow for the removal of the initialization in processOutgoingSRTPPacket().

Note: The IDE  (CLion) also warns about further, uninitialized members in SRTPCryptographicContext - though I haven't followed up on their implications.

Thank you,
Christian

Christian Haas
OneATM - Tower Solutions R&D - Software Engineer

FREQUENTIS AG

Innovationsstrasse 1
1100 Vienna, Austria
Mobile: +43-664-60 850 - 3471
Fax: +43-1-811 50 - 77 - 3471
Web: www.frequentis.com<http://www.frequentis.com/>
E-mail: christian.haas at frequentis.com<mailto:christian.haas at frequentis.com>

Handelsgericht Wien (Vienna Commercial Court): FN 72115b
ATU 14715600

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20250117/e577c014/attachment.htm>

More information about the live-devel mailing list