Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(655)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/p2p/base/stun.cc

Issue 2040953003: Before validating a STUN packet, check it's big enough for a header. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
125 const StunUInt16ListAttribute* StunMessage::GetUnknownAttributes() const { 125 const StunUInt16ListAttribute* StunMessage::GetUnknownAttributes() const {
126 return static_cast<const StunUInt16ListAttribute*>( 126 return static_cast<const StunUInt16ListAttribute*>(
127 GetAttribute(STUN_ATTR_UNKNOWN_ATTRIBUTES)); 127 GetAttribute(STUN_ATTR_UNKNOWN_ATTRIBUTES));
128 } 128 }
129 129
130 // Verifies a STUN message has a valid MESSAGE-INTEGRITY attribute, using the 130 // Verifies a STUN message has a valid MESSAGE-INTEGRITY attribute, using the
131 // procedure outlined in RFC 5389, section 15.4. 131 // procedure outlined in RFC 5389, section 15.4.
132 bool StunMessage::ValidateMessageIntegrity(const char* data, size_t size, 132 bool StunMessage::ValidateMessageIntegrity(const char* data, size_t size,
133 const std::string& password) { 133 const std::string& password) {
134 // Verifying the size of the message. 134 // Verifying the size of the message.
135 if ((size % 4) != 0) { 135 if ((size % 4) != 0 || size < kStunHeaderSize) {
136 return false; 136 return false;
137 } 137 }
138 138
139 // Getting the message length from the STUN header. 139 // Getting the message length from the STUN header.
140 uint16_t msg_length = rtc::GetBE16(&data[2]); 140 uint16_t msg_length = rtc::GetBE16(&data[2]);
141 if (size != (msg_length + kStunHeaderSize)) { 141 if (size != (msg_length + kStunHeaderSize)) {
142 return false; 142 return false;
143 } 143 }
144 144
145 // Finding Message Integrity attribute in stun message. 145 // Finding Message Integrity attribute in stun message.
(...skipping 765 matching lines...) Expand 10 before | Expand all | Expand 10 after
911 digest, sizeof(digest)); 911 digest, sizeof(digest));
912 if (size == 0) { 912 if (size == 0) {
913 return false; 913 return false;
914 } 914 }
915 915
916 *hash = std::string(digest, size); 916 *hash = std::string(digest, size);
917 return true; 917 return true;
918 } 918 }
919 919
920 } // namespace cricket 920 } // namespace cricket
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698