Skip to content

Rtmpclient #379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Rtmpclient #379

wants to merge 6 commits into from

Conversation

mondain
Copy link
Member

@mondain mondain commented Jul 27, 2025
edited
Loading

Fix 1 - Chunk Size Validation in RTMP

  • Constants MIN_CHUNK_SIZE=128 and MAX_CHUNK_SIZE=65536 properly defined
  • Both setReadChunkSize() and setWriteChunkSize() methods validate bounds
  • Throws IllegalArgumentException for invalid sizes

Fix 2 - Type 3 Header Validation in RTMPProtocolDecoder

  • Validates previous header exists before inheritance
  • Detects suspicious Type 3 usage for new messages
  • Proper null check for savedHeader before processing Type 3 headers
  • Removes unnecessary XOR bit manipulation
  • Reads 32-bit extended timestamps directly from the buffer
  • Error logging and null return prevents stream confusion attacks
  • Code structure matches expected security pattern

Fix 3 - Extended Timestamp Rollover in RTMPProtocolEncoder

  • calculateTimestampDelta() method handles 32-bit timestamp rollover correctly
  • RTMPUtils.diffTimestamps deprecated and calls replaced with secure implementation
  • Prevents timestamp corruption during 49.7-day rollover periods

@chushiyun2015
Copy link

chushiyun2015 commented Jul 27, 2025 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mondain @chushiyun2015