feat: add check if Fingerprint is valid

vacp2p · Apr 30, 2024 · 735cde8 · 735cde8
1 parent 559c857
commit 735cde8
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/webrtc/stun/stun_connection.nim b/webrtc/stun/stun_connection.nim
@@ -111,6 +111,24 @@ proc checkForError*(msg: StunMessage): Option[StunMessage] =
 
   return none(StunMessage)
 
+proc isFingerprintValid*(msg: StunMessage): bool =
+  # Returns true if Fingerprint is missing or if it's valid.
+  # Returns false otherwise.
+  let fingerprint = msg.getAttribute(AttrFingerprint)
+  if fingerprint.isNone():
+    return true
+  if msg.attributes[^1] != fingerprint.get():
+    # Fingerprint should always be the last attribute.
+    return false
+  let
+    copyWithoutFingerprint = StunMessage(
+      msgType: msg.msgType,
+      transactionId: msg.transactionId,
+      attributes: msg.attributes[0 ..< ^1]
+    )
+    encodedCopy = copyWithoutFingerprint.encode(none(RawStunAttribute))
+  return fingerprint == StunMessage.decode(encodedCopy).getAttribute(AttrFingerprint)
+
 # - Stun Messages Handler -
 
 proc stunMessageHandler(self: StunConn) {.async: (raises: [CancelledError]).} =
@@ -120,6 +138,11 @@ proc stunMessageHandler(self: StunConn) {.async: (raises: [CancelledError]).} =
     let message = await self.stunMsgs.popFirst()
     try:
       let decoded = StunMessage.decode(await self.stunMsgs.popFirst())
+      if not decoded.isFingerprintValid():
+        # Fingerprint is invalid, the StunMessage received might be a false positive.
+        # Move this message to the `dataRecv` queue
+        await self.dataRecv.addLast(message)
+        continue
       if decoded.msgType == StunBindingErrorResponse:
         trace "Received a STUN error", decoded, remote = self.raddr
         continue