Open rustonaut opened 3 years ago
The protocol says:
drop the oldest responder that did not send a message to it
The code do decide if "that did not send a message to it" applies is:
https://github.com/saltyrtc/saltyrtc-client-java/blob/d01e553c06a05c74a532104608c0dc57cb9a23f2/src/main/java/org/saltyrtc/client/signaling/InitiatorSignaling.java#L430
Pub if we have a known trusted receivers public key then here:
https://github.com/saltyrtc/saltyrtc-client-java/blob/d01e553c06a05c74a532104608c0dc57cb9a23f2/src/main/java/org/saltyrtc/client/signaling/InitiatorSignaling.java#L403
We set the state to TOKEN_RECEIVED for every new responder before they send us any message.
Hence as long as I didn't overlook anything we won't ever drop any old responders as we assume we got valid token message from all of them.
Agree that there is an issue introduced by the state skipping even though the responder is still inactive.
Security impact: Minor, DoS with prior knowledge required.
The protocol says:
The code do decide if "that did not send a message to it" applies is:
https://github.com/saltyrtc/saltyrtc-client-java/blob/d01e553c06a05c74a532104608c0dc57cb9a23f2/src/main/java/org/saltyrtc/client/signaling/InitiatorSignaling.java#L430
Pub if we have a known trusted receivers public key then here:
https://github.com/saltyrtc/saltyrtc-client-java/blob/d01e553c06a05c74a532104608c0dc57cb9a23f2/src/main/java/org/saltyrtc/client/signaling/InitiatorSignaling.java#L403
We set the state to TOKEN_RECEIVED for every new responder before they send us any message.
Hence as long as I didn't overlook anything we won't ever drop any old responders as we assume we got valid token message from all of them.