admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix out of bound reads in ParseIceServerUrl() for various input.

Browse Source 
BUG=webrtc:6835

Review-Url: https://codereview.webrtc.org/2556783002
Cr-Commit-Position: refs/heads/master@{#15544}
This commit is contained in:
hnsl 2016-12-12 03:14:30 -08:00 committed by Commit bot
parent b010b8fe68
commit bd44bb0184
2 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
webrtc/api/peerconnection.cc
View File

@ -231,21 +231,22 @@ bool ParseIceServerUrl(const PeerConnectionInterface::IceServer& server,
std::vector<std::string> tokens;
cricket::ProtocolType turn_transport_type = cricket::PROTO_UDP;
RTC_DCHECK(!url.empty());
rtc::tokenize(url, '?', &tokens);
rtc::tokenize_with_empty_tokens(url, '?', &tokens);
std::string uri_without_transport = tokens[0];
// Let's look into transport= param, if it exists.
if (tokens.size() == kTurnTransportTokensNum) { // ?transport= is present.
std::string uri_transport_param = tokens[1];
rtc::tokenize(uri_transport_param, '=', &tokens);
if (tokens[0] == kTransport) {
// As per above grammar transport param will be consist of lower case
// letters.
if (!cricket::StringToProto(tokens[1].c_str(), &turn_transport_type) ||
(turn_transport_type != cricket::PROTO_UDP &&
turn_transport_type != cricket::PROTO_TCP)) {
LOG(LS_WARNING) << "Transport param should always be udp or tcp.";
return false;
}
rtc::tokenize_with_empty_tokens(uri_transport_param, '=', &tokens);
if (tokens[0] != kTransport) {
LOG(LS_WARNING) << "Invalid transport parameter key.";
return false;
}
if (tokens.size() < 2 ||
!cricket::StringToProto(tokens[1].c_str(), &turn_transport_type) ||
(turn_transport_type != cricket::PROTO_UDP &&
turn_transport_type != cricket::PROTO_TCP)) {
LOG(LS_WARNING) << "Transport param should always be udp or tcp.";
return false;
}
}

3
webrtc/api/peerconnection_unittest.cc
View File

@ -2749,6 +2749,9 @@ TEST_F(IceServerParsingTest, ParseTransport) {
turn_servers_.clear();
EXPECT_FALSE(ParseUrl("turn:hostname?transport=invalid"));
EXPECT_FALSE(ParseUrl("turn:hostname?transport="));
EXPECT_FALSE(ParseUrl("turn:hostname?="));
EXPECT_FALSE(ParseUrl("?"));
}
// Test parsing ICE username contained in URL.