admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix buffer overflow parsing malformed rtp packet

Browse Source 
that has one-byte length extension going past extensions block

BUG=chromium:620277
R=asapersson@webrtc.org

Review URL: https://codereview.webrtc.org/2064403002 .

Cr-Commit-Position: refs/heads/master@{#13168}
This commit is contained in:
Danil Chapovalov 2016-06-16 15:57:15 +02:00
parent 1642620a7d
commit 30a3a751a6
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
webrtc/modules/rtp_rtcp/source/rtp_utility.cc
View File

@ -323,6 +323,13 @@ void RtpHeaderParser::ParseOneByteExtensionHeader(
return;
}
if (ptrRTPDataExtensionEnd - ptr < (len + 1)) {
LOG(LS_WARNING) << "Incorrect one-byte extension len: " << (len + 1)
<< ", bytes left in buffer: "
<< (ptrRTPDataExtensionEnd - ptr);
return;
}
RTPExtensionType type;
if (ptrExtensionMap->GetType(id, &type) != 0) {
// If we encounter an unknown extension, just skip over it.