admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing invalid IPv6 address parsing stack underflow on Windows.

Browse Source 
Occurred when parsing an address with more than 7 colons. For example:
1::2:3:4:5:6:7::8

BUG=webrtc:7592

Review-Url: https://codereview.webrtc.org/2867653002
Cr-Commit-Position: refs/heads/master@{#18054}
This commit is contained in:
deadbeef 2017-05-08 11:35:56 -07:00 committed by Commit bot
parent 90bdb3d138
commit 966963ac7d
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
webrtc/base/win32.cc
View File

@ -276,6 +276,11 @@ int inet_pton_v6(const char* src, void* dst) {
++coloncounter;
}
// (coloncount + 1) is the number of shorts left in the address.
// If this number is greater than the number of available shorts, the
// address is malformed.
if (coloncount + 1 > addr_end - addr_cursor) {
return 0;
}
addr_cursor = addr_end - (coloncount + 1);
seencompressed = true;
}
@ -285,7 +290,7 @@ int inet_pton_v6(const char* src, void* dst) {
} else {
uint16_t word;
int bytesread = 0;
if (sscanf(readcursor, "%hx%n", &word, &bytesread) != 1) {
if (sscanf(readcursor, "%4hx%n", &word, &bytesread) != 1) {
return 0;
} else {
*addr_cursor = HostToNetwork16(word);

27
webrtc/base/win32_unittest.cc
View File

@ -92,4 +92,31 @@ TEST_F(Win32Test, IPv6AddressCompression) {
EXPECT_EQ("1234:5678:abcd:1234:5678:abcd:1234:5678", ipv6.ToString());
}
// Test that invalid IPv6 addresses are recognized and false is returned.
TEST_F(Win32Test, InvalidIPv6AddressParsing) {
IPAddress ipv6;
// More than 1 run of "::"s.
EXPECT_FALSE(IPFromString("1::2::3", &ipv6));
// More than 1 run of "::"s in a longer address.
// See: https://bugs.chromium.org/p/webrtc/issues/detail?id=7592
EXPECT_FALSE(IPFromString("1::2::3::4::5::6::7::8", &ipv6));
// Three ':'s in a row.
EXPECT_FALSE(IPFromString("1:::2", &ipv6));
// Non-hex character.
EXPECT_FALSE(IPFromString("test::1", &ipv6));
// More than 4 hex digits per group.
EXPECT_FALSE(IPFromString("abcde::1", &ipv6));
// More than 8 groups.
EXPECT_FALSE(IPFromString("1:2:3:4:5:6:7:8:9", &ipv6));
// Less than 8 groups.
EXPECT_FALSE(IPFromString("1:2:3:4:5:6:7", &ipv6));
}
} // namespace rtc