fix: Add Checks For Payload Type And Header Length

Author: Icebluewolf

discord/sinks/core.py

@@ -107,11 +107,22 @@ def __init__(self, data, client):
         self.data = bytearray(data)
         self.client = client
 
-        self.header = data[:12]
-        self.data = self.data[12:]
-
         unpacker = struct.Struct(">xxHII")
-        self.sequence, self.timestamp, self.ssrc = unpacker.unpack_from(self.header)
+        self.sequence, self.timestamp, self.ssrc = unpacker.unpack_from(self.data[:12])
+
+        # RFC3550 5.1: RTP Fixed Header Fields
+        if self.client.mode.endswith("_rtpsize"):
+            # If It Has CSRC Chunks
+            cutoff = 12 + (data[0] & 0b00_0_0_1111) * 4
+            # If It Has A Extension
+            if data[0] & 0b00_0_1_0000:
+                cutoff += 4
+        else:
+            cutoff = 12
+
+        self.header = data[:cutoff]
+        self.data = self.data[cutoff:]
+
         self.decrypted_data = getattr(self.client, f"_decrypt_{self.client.mode}")(
             self.header, self.data
         )

discord/voice_client.py

@@ -639,6 +639,8 @@ def _decrypt_aead_xchacha20_poly1305_rtpsize(self, header, data):
         nonce = bytearray(24)
         nonce[:4] = data[-4:]
         data = data[:-4]
+        print(bytes(data))
+        print(bytes(header))
 
         return self.strip_header_ext(
             box.decrypt(bytes(data), bytes(header), bytes(nonce))
@@ -762,11 +764,12 @@ def unpack_audio(self, data):
         data: :class:`bytes`
             Bytes received by Discord via the UDP connection used for sending and receiving voice data.
         """
-        if 200 <= data[1] <= 204:
-            # RTCP received.
-            # RTCP provides information about the connection
-            # as opposed to actual audio data, so it's not
-            # important at the moment.
+        if data[1] != 0x78:
+            # We Should Ignore Any Payload Types We Do Not Understand
+            # Ref RFC 3550 5.1 payload type
+            # At Some Point We Noted That We Should Ignore Only Types 200 - 204 inclusive.
+            # They Were Marked As RTCP: Provides Information About The Connection
+            # This Was Too Broad Of A Whitelist, It Is Unclear If This Is Too Narrow Of A Whitelist
             return
         if self.paused:
             return