Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(484)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: talk/app/webrtc/webrtcsdp.cc

Issue 1196403004: Prevent JS from bypassing RTP data channel bandwidth limitation. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Making sure we only limit bandwidth for RTP (and not SCTP) Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | talk/app/webrtc/webrtcsdp_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: talk/app/webrtc/webrtcsdp.cc
diff --git a/talk/app/webrtc/webrtcsdp.cc b/talk/app/webrtc/webrtcsdp.cc
index aaf9d71940b2670f70c99db638c6d96c69c8747c..9d647955d1fa4df9c33583a25778a3994dea5a8a 100644
--- a/talk/app/webrtc/webrtcsdp.cc
+++ b/talk/app/webrtc/webrtcsdp.cc
@@ -1274,16 +1274,7 @@ void BuildMediaDescription(const ContentInfo* content_info,
// RFC 4566
// b=AS:<bandwidth>
- // We should always use the default bandwidth for RTP-based data
- // channels. Don't allow SDP to set the bandwidth, because that
- // would give JS the opportunity to "break the Internet".
- // TODO(pthatcher): But we need to temporarily allow the SDP to control
- // this for backwards-compatibility. Once we don't need that any
- // more, remove this.
- bool support_dc_sdp_bandwidth_temporarily = true;
- if (media_desc->bandwidth() >= 1000 &&
- (media_type != cricket::MEDIA_TYPE_DATA ||
- support_dc_sdp_bandwidth_temporarily)) {
+ if (media_desc->bandwidth() >= 1000) {
InitLine(kLineTypeSessionBandwidth, kApplicationSpecificMaximum, &os);
os << kSdpDelimiterColon << (media_desc->bandwidth() / 1000);
AddLine(os.str(), message);
@@ -2249,17 +2240,6 @@ bool ParseMediaDescription(const std::string& message,
if (!AddSctpDataCodec(data_desc, p))
return false;
}
-
- // We should always use the default bandwidth for RTP-based data
- // channels. Don't allow SDP to set the bandwidth, because that
- // would give JS the opportunity to "break the Internet".
- // TODO(pthatcher): But we need to temporarily allow the SDP to control
- // this for backwards-compatibility. Once we don't need that any
- // more, remove this.
- bool support_dc_sdp_bandwidth_temporarily = true;
- if (content.get() && !support_dc_sdp_bandwidth_temporarily) {
- content->set_bandwidth(cricket::kAutoBandwidth);
- }
} else {
LOG(LS_WARNING) << "Unsupported media type: " << line;
continue;
@@ -2517,6 +2497,17 @@ bool ParseContent(const std::string& message,
if (!GetValueFromString(line, bandwidth, &b, error)) {
return false;
}
+ // We should never use more than the default bandwidth for RTP-based
+ // data channels. Don't allow SDP to set the bandwidth, because
+ // that would give JS the opportunity to "break the Internet".
+ // See: https://code.google.com/p/chromium/issues/detail?id=280726
+ if (media_type == cricket::MEDIA_TYPE_DATA && IsRtp(protocol) &&
+ b > cricket::kDataMaxBandwidth / 1000) {
+ std::ostringstream description;
+ description << "RTP-based data channels may not send more than "
+ << cricket::kDataMaxBandwidth / 1000 << "kbps.";
+ return ParseFailed(line, description.str(), error);
+ }
media_desc->set_bandwidth(b * 1000);
}
}
« no previous file with comments | « no previous file | talk/app/webrtc/webrtcsdp_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698