Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(430)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/pc/webrtcsdp.cc

Issue 2675273003: Fixing SDP parsing crash due to invalid port numbers. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « webrtc/base/socketaddress.h ('k') | webrtc/pc/webrtcsdp_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2011 The WebRTC project authors. All Rights Reserved. 2 * Copyright 2011 The WebRTC project authors. All Rights Reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 1008 matching lines...) Expand 10 before | Expand all | Expand 10 after
1019 const std::string& transport = fields[2]; 1019 const std::string& transport = fields[2];
1020 uint32_t priority = 0; 1020 uint32_t priority = 0;
1021 if (!GetValueFromString(first_line, fields[3], &priority, error)) { 1021 if (!GetValueFromString(first_line, fields[3], &priority, error)) {
1022 return false; 1022 return false;
1023 } 1023 }
1024 const std::string& connection_address = fields[4]; 1024 const std::string& connection_address = fields[4];
1025 int port = 0; 1025 int port = 0;
1026 if (!GetValueFromString(first_line, fields[5], &port, error)) { 1026 if (!GetValueFromString(first_line, fields[5], &port, error)) {
1027 return false; 1027 return false;
1028 } 1028 }
1029 if (port < 0 || port > 65535) {
1030 return ParseFailed(first_line, "Invalid port number.", error);
1031 }
1029 SocketAddress address(connection_address, port); 1032 SocketAddress address(connection_address, port);
1030 1033
1031 cricket::ProtocolType protocol; 1034 cricket::ProtocolType protocol;
1032 if (!StringToProto(transport.c_str(), &protocol)) { 1035 if (!StringToProto(transport.c_str(), &protocol)) {
1033 return ParseFailed(first_line, "Unsupported transport type.", error); 1036 return ParseFailed(first_line, "Unsupported transport type.", error);
1034 } 1037 }
1035 switch (protocol) { 1038 switch (protocol) {
1036 case cricket::PROTO_UDP: 1039 case cricket::PROTO_UDP:
1037 case cricket::PROTO_TCP: 1040 case cricket::PROTO_TCP:
1038 case cricket::PROTO_SSLTCP: 1041 case cricket::PROTO_SSLTCP:
(...skipping 26 matching lines...) Expand all
1065 related_address.SetIP(fields[++current_position]); 1068 related_address.SetIP(fields[++current_position]);
1066 ++current_position; 1069 ++current_position;
1067 } 1070 }
1068 if (fields.size() >= (current_position + 2) && 1071 if (fields.size() >= (current_position + 2) &&
1069 fields[current_position] == kAttributeCandidateRport) { 1072 fields[current_position] == kAttributeCandidateRport) {
1070 int port = 0; 1073 int port = 0;
1071 if (!GetValueFromString( 1074 if (!GetValueFromString(
1072 first_line, fields[++current_position], &port, error)) { 1075 first_line, fields[++current_position], &port, error)) {
1073 return false; 1076 return false;
1074 } 1077 }
1078 if (port < 0 || port > 65535) {
pthatcher1 2017/02/10 18:13:33 Might as well make an IsValidPort() function.
Taylor Brandstetter 2017/02/10 19:25:30 Done.
1079 return ParseFailed(first_line, "Invalid port number.", error);
1080 }
1075 related_address.SetPort(port); 1081 related_address.SetPort(port);
1076 ++current_position; 1082 ++current_position;
1077 } 1083 }
1078 1084
1079 // If this is a TCP candidate, it has additional extension as defined in 1085 // If this is a TCP candidate, it has additional extension as defined in
1080 // RFC 6544. 1086 // RFC 6544.
1081 std::string tcptype; 1087 std::string tcptype;
1082 if (fields.size() >= (current_position + 2) && 1088 if (fields.size() >= (current_position + 2) &&
1083 fields[current_position] == kTcpCandidateType) { 1089 fields[current_position] == kTcpCandidateType) {
1084 tcptype = fields[++current_position]; 1090 tcptype = fields[++current_position];
(...skipping 2106 matching lines...) Expand 10 before | Expand all | Expand 10 after
3191 UpdateCodec<AudioContentDescription, cricket::AudioCodec>( 3197 UpdateCodec<AudioContentDescription, cricket::AudioCodec>(
3192 media_desc, payload_type, feedback_param); 3198 media_desc, payload_type, feedback_param);
3193 } else if (media_type == cricket::MEDIA_TYPE_VIDEO) { 3199 } else if (media_type == cricket::MEDIA_TYPE_VIDEO) {
3194 UpdateCodec<VideoContentDescription, cricket::VideoCodec>( 3200 UpdateCodec<VideoContentDescription, cricket::VideoCodec>(
3195 media_desc, payload_type, feedback_param); 3201 media_desc, payload_type, feedback_param);
3196 } 3202 }
3197 return true; 3203 return true;
3198 } 3204 }
3199 3205
3200 } // namespace webrtc 3206 } // namespace webrtc
OLDNEW
« no previous file with comments | « webrtc/base/socketaddress.h ('k') | webrtc/pc/webrtcsdp_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698