Disable SCTP asconf and auth extensions.

WebRTC doesn't use these features, so disable them to reduce the potential attack surface. Bug: webrtc:11694 Change-Id: I093aa824c6da592852270534ae7415ceb19fca47 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/177360 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Taylor <deadbeef@webrtc.org> Cr-Commit-Position: refs/heads/master@{#31540}
author: Taylor Brandstetter <deadbeef@webrtc.org> 2020-06-16 16:39:51 -0700
committer: Commit Bot <commit-bot@chromium.org> 2020-06-18 02:16:51 +0000
commit: 976faae028c100ad66dbe865c954960b6d38c2f8 (patch)
tree: 2c6369da746696cfab56905309f2a0f3b095de71 /media
parent: 5086e9668e1a6d7d3cc1921418ace7ede84bbe4e (diff)
download: webrtc-976faae028c100ad66dbe865c954960b6d38c2f8.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/media/sctp/sctp_transport.cc b/media/sctp/sctp_transport.cc
index 6be9461e91..35824b7f25 100644
--- a/media/sctp/sctp_transport.cc
+++ b/media/sctp/sctp_transport.cc
@@ -269,6 +269,11 @@ class SctpTransport::UsrSctpWrapper {
     // TODO(ldixon): Consider turning this on/off.
     usrsctp_sysctl_set_sctp_ecn_enable(0);
 
+    // WebRTC doesn't use these features, so disable them to reduce the
+    // potential attack surface.
+    usrsctp_sysctl_set_sctp_asconf_enable(0);
+    usrsctp_sysctl_set_sctp_auth_enable(0);
+
     // This is harmless, but we should find out when the library default
     // changes.
     int send_size = usrsctp_sysctl_get_sctp_sendspace();
author	Taylor Brandstetter <deadbeef@webrtc.org>	2020-06-16 16:39:51 -0700
committer	Commit Bot <commit-bot@chromium.org>	2020-06-18 02:16:51 +0000
commit	976faae028c100ad66dbe865c954960b6d38c2f8 (patch)
tree	2c6369da746696cfab56905309f2a0f3b095de71 /media
parent	5086e9668e1a6d7d3cc1921418ace7ede84bbe4e (diff)
download	webrtc-976faae028c100ad66dbe865c954960b6d38c2f8.tar.gz