webrtc

mollyim/webrtc

Fork 0

mirror of https://github.com/mollyim/webrtc.git synced 2025-05-15 14:50:39 +01:00

Commit graph

Author	SHA1	Message	Date
Victor Boivie	d579e6bc7b	dcsctp: Do explicit bounds checking in bounded IO The previous approach was that the caller was responsible for ensuring that any buffer passed in to the Bounded IO wrappers, and that any offset from where sub-readers were created were valid. The called would always do a validation of the data and return proper error messages if they were not. This didn't pan out. https://crbug.com/1216758 found an overflow that fooled the validation logic and the fuzzer could read out-of-bounds, although it would always crash in that particular case. There was already bounds checking, but under DCHECKs. This CL changes that so that any bounds checking is done with CHECKS, as would've been done in Rust. It's better to crash than to read arbitrary memory. Bug: chromium:1216758 Change-Id: I89b52f0758495b5fe46f926c142870a263b96314 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/221743 Commit-Queue: Victor Boivie <boivie@webrtc.org> Reviewed-by: Florent Castelli <orphis@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34303}	2021-06-16 13:02:32 +00:00
Victor Boivie	7d3c49a171	dcsctp: Add bounded byte reader and writer Packets, chunks, parameters and error causes - the SCTP entities that are sent on the wire - are buffers with fields that are stored in big endian and that generally consist of a fixed header size, and a variable sized part, that can e.g. be encoded sub-fields or serialized strings. The BoundedByteReader and BoundedByteWriter utilities make it easy to read those fields with as much aid from the compiler as possible, by having compile-time assertions that fields are not accessed outside the buffer's span. There are some byte reading functionality already in modules/rtp_rtcp, but that module would be a bit unfortunate to depend on, and doesn't have the compile time bounds checking that is the biggest feature of this abstraction of an rtc::ArrayView. Bug: webrtc:12614 Change-Id: I9fc641aff22221018dda9add4e2c44853c0f64f0 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/212967 Commit-Queue: Victor Boivie <boivie@webrtc.org> Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Tommi <tommi@webrtc.org> Cr-Commit-Position: refs/heads/master@{#33597}	2021-03-31 08:27:37 +00:00

Author

SHA1

Message

Date

Victor Boivie

d579e6bc7b

dcsctp: Do explicit bounds checking in bounded IO

The previous approach was that the caller was responsible for ensuring
that any buffer passed in to the Bounded IO wrappers, and that any
offset from where sub-readers were created were valid. The called would
always do a validation of the data and return proper error messages
if they were not.

This didn't pan out. https://crbug.com/1216758 found an overflow that
fooled the validation logic and the fuzzer could read out-of-bounds,
although it would always crash in that particular case.

There was already bounds checking, but under DCHECKs. This CL changes
that so that any bounds checking is done with CHECKS, as would've been
done in Rust. It's better to crash than to read arbitrary memory.

Bug: chromium:1216758
Change-Id: I89b52f0758495b5fe46f926c142870a263b96314
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/221743
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#34303}

2021-06-16 13:02:32 +00:00

Victor Boivie

7d3c49a171

dcsctp: Add bounded byte reader and writer

Packets, chunks, parameters and error causes - the SCTP entities
that are sent on the wire - are buffers with fields that are stored
in big endian and that generally consist of a fixed header size, and
a variable sized part, that can e.g. be encoded sub-fields or
serialized strings.

The BoundedByteReader and BoundedByteWriter utilities make it easy
to read those fields with as much aid from the compiler as possible,
by having compile-time assertions that fields are not accessed
outside the buffer's span.

There are some byte reading functionality already in modules/rtp_rtcp,
but that module would be a bit unfortunate to depend on, and doesn't
have the compile time bounds checking that is the biggest feature of
this abstraction of an rtc::ArrayView.

Bug: webrtc:12614
Change-Id: I9fc641aff22221018dda9add4e2c44853c0f64f0
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/212967
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#33597}

2021-03-31 08:27:37 +00:00

2 commits