natelo
commented
3 years ago Hi @gerardommilan, thanks for bringing this to our attention! :) I've checked this and yeah, we already fixed it in 4ea9e70c06bb123f67709464840a0b1c012de7ff commit so I will decline this PR.
Btw, looking at the file you've edited I assume you've used master branch as your source? If that's the case, next time use 'develop' branch as that is where you will get latest changes.
gerardommilan
Fixes the userinfo length overflow hole with a few validations.
Userinfo string can be exploited by exceeding its max length, this "exploit" has been recently used to crash some servers around so this hole must be avoided.
May need some tweaking but is looking the same as rtcwPub so it should work.