fix(audit): address C2, C3, M4, M5 from 2026-05-25 audit
C2: Add EncryptingTransport wrapper — all media I/O now goes through ChaChaSession encrypt/decrypt before hitting the QUIC datagram path. cli.rs run_live/run_silence/run_file_mode accept Arc<dyn MediaTransport> and receive a wrapped transport after the handshake. C3: Wire VideoScorer::observe() into both plain and trunked forwarding loops in room.rs. Packets from participants with Abusive verdict are dropped before forwarding. last_bwe_kbps tracked from quality reports. M4: Widen FEC repair symbol index from u8 to u16 throughout (FecEncoder::generate_repair, FecDecoder::add_symbol, all call sites in call.rs, bench.rs, pipeline.rs, wzp-android). Eliminates theoretical wrapping when num_source + repair_count > 255. M5: Track last_encrypt_timestamp in ChaChaSession. debug_assert in encrypt() that timestamp is non-decreasing across calls (including post- rekey). complete_rekey() explicitly preserves last_encrypt_timestamp to prevent accidental timestamp reset regressions. 583 tests passing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -409,7 +409,7 @@ impl CallEncoder {
|
||||
fec_ratio: MediaHeader::encode_fec_ratio(self.profile.fec_ratio),
|
||||
seq: self.seq,
|
||||
timestamp: self.timestamp_ms,
|
||||
fec_block: u16::from(self.block_id) | (u16::from(sym_idx) << 8),
|
||||
fec_block: u16::from(self.block_id) | (sym_idx << 8),
|
||||
},
|
||||
payload: Bytes::from(repair_data),
|
||||
quality_report: None,
|
||||
@@ -566,7 +566,7 @@ impl CallDecoder {
|
||||
if !packet.header.codec_id.is_opus() {
|
||||
let _ = self.fec_dec.add_symbol(
|
||||
(packet.header.fec_block & 0xFF) as u8,
|
||||
(packet.header.fec_block >> 8) as u8,
|
||||
packet.header.fec_block >> 8,
|
||||
packet.header.is_repair(),
|
||||
&packet.payload,
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user