Dropping old responder doesn't work if we have a trusted receiver public permanent key. - Githubissues

saltyrtc / saltyrtc-client-java

SaltyRTC Java implementation.

Apache License 2.0

3 stars 4 forks source link

Dropping old responder doesn't work if we have a trusted receiver public permanent key. #133

Open rustonaut opened 3 years ago

rustonaut commented 3 years ago

The protocol says:

drop the oldest responder that did not send a message to it

The code do decide if "that did not send a message to it" applies is:

https://github.com/saltyrtc/saltyrtc-client-java/blob/d01e553c06a05c74a532104608c0dc57cb9a23f2/src/main/java/org/saltyrtc/client/signaling/InitiatorSignaling.java#L430

Pub if we have a known trusted receivers public key then here:

https://github.com/saltyrtc/saltyrtc-client-java/blob/d01e553c06a05c74a532104608c0dc57cb9a23f2/src/main/java/org/saltyrtc/client/signaling/InitiatorSignaling.java#L403

We set the state to TOKEN_RECEIVED for every new responder before they send us any message.

Hence as long as I didn't overlook anything we won't ever drop any old responders as we assume we got valid token message from all of them.

lgrahl commented 3 years ago

Agree that there is an issue introduced by the state skipping even though the responder is still inactive.

Security impact: Minor, DoS with prior knowledge required.