Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(435)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/win32.cc

Issue 2867653002: Fixing invalid IPv6 address parsing stack underflow on Windows. (Closed)
Patch Set: Fixing issue caught by new test. Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | webrtc/base/win32_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after
269 // Special case - trailing ::. 269 // Special case - trailing ::.
270 addr_cursor = addr_end; 270 addr_cursor = addr_end;
271 } else { 271 } else {
272 while (*coloncounter) { 272 while (*coloncounter) {
273 if (*coloncounter == ':') { 273 if (*coloncounter == ':') {
274 ++coloncount; 274 ++coloncount;
275 } 275 }
276 ++coloncounter; 276 ++coloncounter;
277 } 277 }
278 // (coloncount + 1) is the number of shorts left in the address. 278 // (coloncount + 1) is the number of shorts left in the address.
279 // If this number is greater than the number of available shorts, the
280 // address is malformed.
281 if (coloncount + 1 > addr_end - addr_cursor) {
282 return 0;
283 }
279 addr_cursor = addr_end - (coloncount + 1); 284 addr_cursor = addr_end - (coloncount + 1);
280 seencompressed = true; 285 seencompressed = true;
281 } 286 }
282 } else { 287 } else {
283 ++readcursor; 288 ++readcursor;
284 } 289 }
285 } else { 290 } else {
286 uint16_t word; 291 uint16_t word;
287 int bytesread = 0; 292 int bytesread = 0;
288 if (sscanf(readcursor, "%hx%n", &word, &bytesread) != 1) { 293 if (sscanf(readcursor, "%4hx%n", &word, &bytesread) != 1) {
289 return 0; 294 return 0;
290 } else { 295 } else {
291 *addr_cursor = HostToNetwork16(word); 296 *addr_cursor = HostToNetwork16(word);
292 ++addr_cursor; 297 ++addr_cursor;
293 readcursor += bytesread; 298 readcursor += bytesread;
294 if (*readcursor != ':' && *readcursor != '\0') { 299 if (*readcursor != ':' && *readcursor != '\0') {
295 return 0; 300 return 0;
296 } 301 }
297 } 302 }
298 } 303 }
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after
447 *level = *GetSidSubAuthority(til->Label.Sid, count - 1); 452 *level = *GetSidSubAuthority(til->Label.Sid, count - 1);
448 ret = true; 453 ret = true;
449 } 454 }
450 } 455 }
451 CloseHandle(token); 456 CloseHandle(token);
452 } 457 }
453 return ret; 458 return ret;
454 } 459 }
455 460
456 } // namespace rtc 461 } // namespace rtc
OLDNEW
« no previous file with comments | « no previous file | webrtc/base/win32_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698