return an error in case the random number generator fails

bluenviron · Jul 30, 2023 · 8b8b52e · 8b8b52e
1 parent 577d6f3
commit 8b8b52e
Show file tree

Hide file tree

Showing 24 changed files with 325 additions and 127 deletions.
diff --git a/client_format.go b/client_format.go
@@ -61,12 +61,16 @@ func (ct *clientFormat) start() {
 	if ct.cm.c.state == clientStatePlay {
 		if ct.cm.udpRTPListener != nil {
 			ct.udpReorderer = rtpreorderer.New()
-			ct.udpRTCPReceiver = rtcpreceiver.New(
+			var err error
+			ct.udpRTCPReceiver, err = rtcpreceiver.New(
 				ct.cm.c.udpReceiverReportPeriod,
 				nil,
 				ct.format.ClockRate(), func(pkt rtcp.Packet) {
 					ct.cm.writePacketRTCP(pkt)
 				})
+			if err != nil {
+				panic(err)
+			}
 		} else {
 			ct.tcpLossDetector = rtplossdetector.New()
 		}

diff --git a/client_media.go b/client_media.go
@@ -70,12 +70,13 @@ func (cm *clientMedia) allocateUDPListeners(multicast bool, rtpAddress string, r
 		return nil
 	}
 
-	cm.udpRTPListener, cm.udpRTCPListener = newClientUDPListenerPair(
+	var err error
+	cm.udpRTPListener, cm.udpRTCPListener, err = newClientUDPListenerPair(
 		cm.c.ListenPacket,
 		cm.c.AnyPortEnable,
 		cm.c.WriteTimeout,
 	)
-	return nil
+	return err
 }
 
 func (cm *clientMedia) setMedia(medi *media.Media) {

diff --git a/client_play_test.go b/client_play_test.go
@@ -1286,7 +1286,8 @@ func TestClientPlayAutomaticProtocol(t *testing.T) {
 				require.NoError(t, err)
 				require.Equal(t, base.Describe, req.Method)
 
-				nonce := auth.GenerateNonce()
+				nonce, err := auth.GenerateNonce()
+				require.NoError(t, err)
 
 				err = conn.WriteResponse(&base.Response{
 					StatusCode: base.StatusUnauthorized,
@@ -1399,7 +1400,8 @@ func TestClientPlayAutomaticProtocol(t *testing.T) {
 				require.NoError(t, err)
 				require.Equal(t, base.Setup, req.Method)
 
-				nonce := auth.GenerateNonce()
+				nonce, err := auth.GenerateNonce()
+				require.NoError(t, err)
 
 				err = conn.WriteResponse(&base.Response{
 					StatusCode: base.StatusUnauthorized,

diff --git a/client_test.go b/client_test.go
@@ -194,7 +194,8 @@ func TestClientAuth(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, base.Describe, req.Method)
 
-		nonce := auth.GenerateNonce()
+		nonce, err := auth.GenerateNonce()
+		require.NoError(t, err)
 
 		err = conn.WriteResponse(&base.Response{
 			StatusCode: base.StatusUnauthorized,

diff --git a/client_udp_listener.go b/client_udp_listener.go
@@ -15,10 +15,13 @@ func int64Ptr(v int64) *int64 {
 	return &v
 }
 
-func randInRange(max int) int {
+func randInRange(max int) (int, error) {
 	b := big.NewInt(int64(max + 1))
-	n, _ := rand.Int(rand.Reader, b)
-	return int(n.Int64())
+	n, err := rand.Int(rand.Reader, b)
+	if err != nil {
+		return 0, err
+	}
+	return int(n.Int64()), nil
 }
 
 type clientUDPListener struct {
@@ -41,11 +44,16 @@ func newClientUDPListenerPair(
 	listenPacket func(network, address string) (net.PacketConn, error),
 	anyPortEnable bool,
 	writeTimeout time.Duration,
-) (*clientUDPListener, *clientUDPListener) {
+) (*clientUDPListener, *clientUDPListener, error) {
 	// choose two consecutive ports in range 65535-10000
 	// RTP port must be even and RTCP port odd
 	for {
-		rtpPort := randInRange((65535-10000)/2)*2 + 10000
+		v, err := randInRange((65535 - 10000) / 2)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		rtpPort := v*2 + 10000
 		rtpListener, err := newClientUDPListener(
 			listenPacket,
 			anyPortEnable,
@@ -70,7 +78,7 @@ func newClientUDPListenerPair(
 			continue
 		}
 
-		return rtpListener, rtcpListener
+		return rtpListener, rtcpListener, nil
 	}
 }
 

diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go
@@ -47,7 +47,8 @@ func TestAuth(t *testing.T) {
 			}
 
 			t.Run(c1.name+"_"+conf, func(t *testing.T) {
-				nonce := GenerateNonce()
+				nonce, err := GenerateNonce()
+				require.NoError(t, err)
 
 				se, err := NewSender(
 					GenerateWWWAuthenticate(c1.methods, "IPCAM", nonce),
@@ -104,7 +105,8 @@ func TestAuthVLC(t *testing.T) {
 			"rtsp://myhost/mypath/test?testing/trackID=0",
 		},
 	} {
-		nonce := GenerateNonce()
+		nonce, err := GenerateNonce()
+		require.NoError(t, err)
 
 		se, err := NewSender(
 			GenerateWWWAuthenticate(nil, "IPCAM", nonce),

diff --git a/pkg/auth/validate.go b/pkg/auth/validate.go
@@ -11,10 +11,14 @@ import (
 )
 
 // GenerateNonce generates a nonce that can be used in Validate().
-func GenerateNonce() string {
+func GenerateNonce() (string, error) {
 	byts := make([]byte, 16)
-	rand.Read(byts)
-	return hex.EncodeToString(byts)
+	_, err := rand.Read(byts)
+	if err != nil {
+		return "", err
+	}
+
+	return hex.EncodeToString(byts), nil
 }
 
 // GenerateWWWAuthenticate generates a WWW-Authenticate header.

diff --git a/pkg/auth/validator.go b/pkg/auth/validator.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	"crypto/md5"
-	"crypto/rand"
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
@@ -65,9 +64,10 @@ func NewValidator(user string, pass string, methods []headers.AuthMethod) *Valid
 		methods = []headers.AuthMethod{headers.AuthBasic}
 	}
 
-	nonceByts := make([]byte, 16)
-	rand.Read(nonceByts)
-	nonce := hex.EncodeToString(nonceByts)
+	nonce, err := GenerateNonce()
+	if err != nil {
+		panic(err)
+	}
 
 	return &Validator{
 		user:       user,

diff --git a/pkg/formats/rtpav1/encoder.go b/pkg/formats/rtpav1/encoder.go
@@ -14,10 +14,13 @@ const (
 	rtpVersion = 2
 )
 
-func randUint32() uint32 {
+func randUint32() (uint32, error) {
 	var b [4]byte
-	rand.Read(b[:])
-	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])
+	_, err := rand.Read(b[:])
+	if err != nil {
+		return 0, err
+	}
+	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3]), nil
 }
 
 // Encoder is a RTP/AV1 encoder.
@@ -49,15 +52,25 @@ type Encoder struct {
 // Init initializes the encoder.
 func (e *Encoder) Init() error {
 	if e.SSRC == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.SSRC = &v
 	}
 	if e.InitialSequenceNumber == nil {
-		v := uint16(randUint32())
-		e.InitialSequenceNumber = &v
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
+		v2 := uint16(v)
+		e.InitialSequenceNumber = &v2
 	}
 	if e.InitialTimestamp == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.InitialTimestamp = &v
 	}
 	if e.PayloadMaxSize == 0 {

diff --git a/pkg/formats/rtph264/encoder.go b/pkg/formats/rtph264/encoder.go
@@ -15,10 +15,13 @@ const (
 	rtpVersion = 2
 )
 
-func randUint32() uint32 {
+func randUint32() (uint32, error) {
 	var b [4]byte
-	rand.Read(b[:])
-	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])
+	_, err := rand.Read(b[:])
+	if err != nil {
+		return 0, err
+	}
+	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3]), nil
 }
 
 // Encoder is a RTP/H264 encoder.
@@ -56,15 +59,25 @@ func (e *Encoder) Init() error {
 	}
 
 	if e.SSRC == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.SSRC = &v
 	}
 	if e.InitialSequenceNumber == nil {
-		v := uint16(randUint32())
-		e.InitialSequenceNumber = &v
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
+		v2 := uint16(v)
+		e.InitialSequenceNumber = &v2
 	}
 	if e.InitialTimestamp == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.InitialTimestamp = &v
 	}
 	if e.PayloadMaxSize == 0 {

diff --git a/pkg/formats/rtph265/encoder.go b/pkg/formats/rtph265/encoder.go
@@ -14,10 +14,13 @@ const (
 	rtpVersion = 2
 )
 
-func randUint32() uint32 {
+func randUint32() (uint32, error) {
 	var b [4]byte
-	rand.Read(b[:])
-	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])
+	_, err := rand.Read(b[:])
+	if err != nil {
+		return 0, err
+	}
+	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3]), nil
 }
 
 // Encoder is a RTP/H265 encoder.
@@ -56,15 +59,25 @@ func (e *Encoder) Init() error {
 	}
 
 	if e.SSRC == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.SSRC = &v
 	}
 	if e.InitialSequenceNumber == nil {
-		v := uint16(randUint32())
-		e.InitialSequenceNumber = &v
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
+		v2 := uint16(v)
+		e.InitialSequenceNumber = &v2
 	}
 	if e.InitialTimestamp == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.InitialTimestamp = &v
 	}
 	if e.PayloadMaxSize == 0 {

diff --git a/pkg/formats/rtplpcm/encoder.go b/pkg/formats/rtplpcm/encoder.go
@@ -14,10 +14,13 @@ const (
 	rtpVersion = 2
 )
 
-func randUint32() uint32 {
+func randUint32() (uint32, error) {
 	var b [4]byte
-	rand.Read(b[:])
-	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])
+	_, err := rand.Read(b[:])
+	if err != nil {
+		return 0, err
+	}
+	return uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3]), nil
 }
 
 // Encoder is a RTP/LPCM encoder.
@@ -55,15 +58,25 @@ type Encoder struct {
 // Init initializes the encoder.
 func (e *Encoder) Init() error {
 	if e.SSRC == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.SSRC = &v
 	}
 	if e.InitialSequenceNumber == nil {
-		v := uint16(randUint32())
-		e.InitialSequenceNumber = &v
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
+		v2 := uint16(v)
+		e.InitialSequenceNumber = &v2
 	}
 	if e.InitialTimestamp == nil {
-		v := randUint32()
+		v, err := randUint32()
+		if err != nil {
+			return err
+		}
 		e.InitialTimestamp = &v
 	}
 	if e.PayloadMaxSize == 0 {