webrtc/api/peerconnection.cc - Issue 2556783002: Fix out of bound reads in ParseIceServerUrl() for various input.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: webrtc/api/peerconnection.cc

Issue 2556783002: Fix out of bound reads in ParseIceServerUrl() for various input. (Closed)

Patch Set: Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: webrtc/api/peerconnection.cc

diff --git a/webrtc/api/peerconnection.cc b/webrtc/api/peerconnection.cc

index 46bdec594a9c90fcd1630db748921237807902d2..707e6398158f98b725f9c01ec20dfe219348a5ef 100644

--- a/webrtc/api/peerconnection.cc

+++ b/webrtc/api/peerconnection.cc

@@ -231,21 +231,24 @@ bool ParseIceServerUrl(const PeerConnectionInterface::IceServer& server,

std::vector<std::string> tokens;

cricket::ProtocolType turn_transport_type = cricket::PROTO_UDP;

RTC_DCHECK(!url.empty());

- rtc::tokenize(url, '?', &tokens);

+ rtc::tokenize_with_empty_tokens(url, '?', &tokens);

std::string uri_without_transport = tokens[0];

// Let's look into transport= param, if it exists.

if (tokens.size() == kTurnTransportTokensNum) { // ?transport= is present.

std::string uri_transport_param = tokens[1];

- rtc::tokenize(uri_transport_param, '=', &tokens);

- if (tokens[0] == kTransport) {

- // As per above grammar transport param will be consist of lower case

- // letters.

- if (!cricket::StringToProto(tokens[1].c_str(), &turn_transport_type) ||

- (turn_transport_type != cricket::PROTO_UDP &&

- turn_transport_type != cricket::PROTO_TCP)) {

- LOG(LS_WARNING) << "Transport param should always be udp or tcp.";

- return false;

- }

+ rtc::tokenize_with_empty_tokens(uri_transport_param, '=', &tokens);

+ if (tokens[0] != kTransport) {

+ LOG(LS_WARNING) << "Invalid transport param.";

Taylor Brandstetter 2016/12/06 21:43:40 nit: Below we use "transport param" to refer to th

hnsl1 2016/12/07 09:30:54 Done.

+ return false;

+ }

+ // As per above grammar transport param will be consist of lower case

+ // letters.

+ if (tokens.size() < 2 ||

+ !cricket::StringToProto(tokens[1].c_str(), &turn_transport_type) ||

+ (turn_transport_type != cricket::PROTO_UDP &&

+ turn_transport_type != cricket::PROTO_TCP)) {

+ LOG(LS_WARNING) << "Transport param should always be udp or tcp.";

+ return false;

}

« no previous file with comments | « no previous file | webrtc/api/peerconnection_unittest.cc » ('j') | no next file with comments »