When a malformed (or malicious) client sends an SDP Answer, while the server expected an SDP Offer in the receiveVideoFrom RPC method, the server throws a NullPointerException.
This is not critical because some higher-level catch is able to handle the unexpected exception. So this it not strictly speaking a "bug" report. Still, could be interesting to look closer into it, in case it uncovers potential issues hidden in the code.
Expected behavior
The server is able to recognize that the client went out of its expected path. This allows the server to fail fast and would also allow to generate an appropriate, more helpful error message.
Wrong current behavior
The server doesn't know about what happened; it just continues working, and only happens to discover about the problem much later, when it tries to access a null variable. Luckily, a catch-all safety net seems to avoid a crash. Still, a better error handling could be done in such scenarios.
This is the stack trace that shows up in the server logs:
[INFO] 2022-06-08 14:43:36,666 [SessionHandler-6fp9ufv4gosdoh0n2mb8bccd20-e29-t0] io.openvidu.server.rpc.RpcHandler - New candidate received from participant con_RAn8Lyv84i: {connectionId: "con_RAn8Lyv84i", sdpMid: 1, sdpMLineIndex: 1, candidate: "candidate:2618592765 1 tcp 1518280447 172.19.13.2 9 typ host tcptype active generation 0 ufrag TXV6 network-id 1"}
[ERROR] 2022-06-08 14:43:36,667 [SessionHandler-8kqvbplb6s4rg90rf20mbuia1j-e27-t0] org.kurento.jsonrpc.internal.JsonRpcHandlerManager - Exception while processing request {"id":30,"method":"receiveVideoFrom","params":{"sender":"str_CAM_ZTrH_con_RAn8Lyv84i","sdpAnswer":"<An SDP message, redacted for readability>"},"jsonrpc":"2.0"}
java.lang.NullPointerException: null
at io.openvidu.server.kurento.core.KurentoParticipant.receiveMedia(KurentoParticipant.java:279)
at io.openvidu.server.kurento.core.KurentoSessionManager.subscribe(KurentoSessionManager.java:658)
at io.openvidu.server.rpc.RpcHandler.receiveVideoFrom(RpcHandler.java:393)
at io.openvidu.server.rpc.RpcHandler.handleRequest(RpcHandler.java:141)
at org.kurento.jsonrpc.internal.JsonRpcHandlerManager.handleRequest(JsonRpcHandlerManager.java:142)
at org.kurento.jsonrpc.internal.server.ProtocolManager$3.run(ProtocolManager.java:218)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Edit app.js and set OPENVIDU_SERVER_URL and OPENVIDU_SERVER_SECRET to use any available Openvidu server deployment (I tested with master).
Edit the openvidu-browser JS file that comes embedded with that tutorial.
Inside Stream.prototype.completeWebRtcPeerReceive, change the line params['sdpOffer'] = sdpString, so it now looks like this: params['sdpAnswer'] = sdpString.
Run the tutorial.
Observe the logs in the OpenVidu server and in the RPC responses.
OpenVidu deployment info
Tested with master tutorial and master OpenVidu server.
Client device info (if applicable)
Affects any implementation of the RPC, including official SDKs.
Describe the bug
When a malformed (or malicious) client sends an SDP Answer, while the server expected an SDP Offer in the
receiveVideoFromRPC method, the server throws a NullPointerException.This is not critical because some higher-level catch is able to handle the unexpected exception. So this it not strictly speaking a "bug" report. Still, could be interesting to look closer into it, in case it uncovers potential issues hidden in the code.
Expected behavior
The server is able to recognize that the client went out of its expected path. This allows the server to fail fast and would also allow to generate an appropriate, more helpful error message.
Wrong current behavior
The server doesn't know about what happened; it just continues working, and only happens to discover about the problem much later, when it tries to access a null variable. Luckily, a catch-all safety net seems to avoid a crash. Still, a better error handling could be done in such scenarios.
This is the stack trace that shows up in the server logs:
OpenVidu tutorial where to replicate the error
app.jsand setOPENVIDU_SERVER_URLandOPENVIDU_SERVER_SECRETto use any available Openvidu server deployment (I tested with master).Stream.prototype.completeWebRtcPeerReceive, change the lineparams['sdpOffer'] = sdpString, so it now looks like this:params['sdpAnswer'] = sdpString.OpenVidu deployment info
Tested with
mastertutorial andmasterOpenVidu server.Client device info (if applicable)
Affects any implementation of the RPC, including official SDKs.
Screenshots
Additional context