webrtc

mollyim/webrtc

Fork 0

mirror of https://github.com/mollyim/webrtc.git synced 2025-05-15 14:50:39 +01:00

Commit graph

Author	SHA1	Message	Date
Victor Boivie	584b4df92d	dcsctp: Don't deliver skipped messages If a FORWARD-TSN contains an ordered skipped stream with a large TSN but with a too small SSN, it can result in messages being assembled that should've been skipped. Typically: Receive DATA, ordered, complete, TSN=10, SID=1, SSN=0 - will be delivered. Receive DATA, ordered, complete, TSN=43, SID=1, SSN=7 - will stay in queue, due to missing SSN=1,2,3,4,5,6. Receive FORWARD-TSN, TSN=44, SSN=6 - is invalid, as the SSN should've been 7 or higher. However, as the TSN isn't used for removing messages in ordered streams, but just the SSN, the SSN=7 isn't removed but instead will be delivered as it's the next following SSN after 6. This will trigger internal consistency checks as a chunk with TSN=43 will be delivered when the current cumulative TSN is set to 44, which is greater. This was found when fuzzing, and can only be provoked by a client that is intentionally misbehaving. Before this fix, there was no harm done, but it failed consistency checks which fuzzers have enabled. When bug 13799 was fixed (in a previous commit), this allowed the fuzzers to find it faster. Bug: webrtc:13799 Change-Id: I830ef189476e227e1dbe08157d34f96ad6453e30 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254240 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Victor Boivie <boivie@webrtc.org> Cr-Commit-Position: refs/heads/main@{#36157}	2022-03-09 11:22:15 +00:00
Victor Boivie	b87746b155	dcsctp: Add parameters, error causes and chunks Quite a large commit, but mostly trivial. It adds all the (in dcSCTP) supported parameters, error causes and chunks as an object model, with serializers and deserializers. They are verified with packet captures where available, that have been captured with Wireshark against a reference implementation. This _could_ be split in parameter/ as one commit, error_cause/ in the following, and chunk/ as the third, but as each chunk/parameter is completely isolated from the other, reviewing it should be linear with the number of chunks/parameters and having them in more commits wouldn't change that, taken all those three commits into account. Bug: webrtc:12614 Change-Id: Ie83c9a22cae6e3a39e35ef26fd532837a6387a08 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/213347 Commit-Queue: Victor Boivie <boivie@webrtc.org> Reviewed-by: Tommi <tommi@webrtc.org> Cr-Commit-Position: refs/heads/master@{#33625}	2021-04-06 10:28:18 +00:00

Author

SHA1

Message

Date

Victor Boivie

584b4df92d

dcsctp: Don't deliver skipped messages

If a FORWARD-TSN contains an ordered skipped stream with a large TSN
but with a too small SSN, it can result in messages being assembled
that should've been skipped. Typically:

Receive DATA, ordered, complete, TSN=10, SID=1, SSN=0
  - will be delivered.
Receive DATA, ordered, complete, TSN=43, SID=1, SSN=7
  - will stay in queue, due to missing SSN=1,2,3,4,5,6.
Receive FORWARD-TSN, TSN=44, SSN=6
  - is invalid, as the SSN should've been 7 or higher.

However, as the TSN isn't used for removing messages in ordered streams,
but just the SSN, the SSN=7 isn't removed but instead will be delivered
as it's the next following SSN after 6. This will trigger internal
consistency checks as a chunk with TSN=43 will be delivered when the
current cumulative TSN is set to 44, which is greater.

This was found when fuzzing, and can only be provoked by a client that
is intentionally misbehaving. Before this fix, there was no harm done,
but it failed consistency checks which fuzzers have enabled. When
bug 13799 was fixed (in a previous commit), this allowed the fuzzers to
find it faster.

Bug: webrtc:13799
Change-Id: I830ef189476e227e1dbe08157d34f96ad6453e30
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254240
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#36157}

2022-03-09 11:22:15 +00:00

Victor Boivie

b87746b155

dcsctp: Add parameters, error causes and chunks

Quite a large commit, but mostly trivial. It adds all the (in dcSCTP)
supported parameters, error causes and chunks as an object model, with
serializers and deserializers. They are verified with packet captures
where available, that have been captured with Wireshark against a
reference implementation.

This _could_ be split in parameter/ as one commit, error_cause/ in the
following, and chunk/ as the third, but as each chunk/parameter is
completely isolated from the other, reviewing it should be linear with
the number of chunks/parameters and having them in more commits wouldn't
change that, taken all those three commits into account.

Bug: webrtc:12614
Change-Id: Ie83c9a22cae6e3a39e35ef26fd532837a6387a08
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/213347
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Reviewed-by: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#33625}

2021-04-06 10:28:18 +00:00

2 commits