mollyim/webrtc
1
0
Fork 0
mirror of https://github.com/mollyim/webrtc.git synced 2025-05-15 06:40:43 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
webrtc/net/dcsctp/packet/chunk
History
Victor Boivie 584b4df92d dcsctp: Don't deliver skipped messages 
If a FORWARD-TSN contains an ordered skipped stream with a large TSN
but with a too small SSN, it can result in messages being assembled
that should've been skipped. Typically:

Receive DATA, ordered, complete, TSN=10, SID=1, SSN=0
  - will be delivered.
Receive DATA, ordered, complete, TSN=43, SID=1, SSN=7
  - will stay in queue, due to missing SSN=1,2,3,4,5,6.
Receive FORWARD-TSN, TSN=44, SSN=6
  - is invalid, as the SSN should've been 7 or higher.

However, as the TSN isn't used for removing messages in ordered streams,
but just the SSN, the SSN=7 isn't removed but instead will be delivered
as it's the next following SSN after 6. This will trigger internal
consistency checks as a chunk with TSN=43 will be delivered when the
current cumulative TSN is set to 44, which is greater.

This was found when fuzzing, and can only be provoked by a client that
is intentionally misbehaving. Before this fix, there was no harm done,
but it failed consistency checks which fuzzers have enabled. When
bug 13799 was fixed (in a previous commit), this allowed the fuzzers to
find it faster.

Bug: webrtc:13799
Change-Id: I830ef189476e227e1dbe08157d34f96ad6453e30
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254240
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#36157}
2022-03-09 11:22:15 +00:00
..
abort_chunk.cc
abort_chunk.h
abort_chunk_test.cc
chunk.cc
chunk.h
cookie_ack_chunk.cc
cookie_ack_chunk.h
cookie_ack_chunk_test.cc
cookie_echo_chunk.cc
cookie_echo_chunk.h
cookie_echo_chunk_test.cc
data_chunk.cc Revert "dcsctp: Use rtc::CopyOnWriteBuffer" 2021-12-02 12:33:46 +00:00
data_chunk.h Revert "dcsctp: Use rtc::CopyOnWriteBuffer" 2021-12-02 12:33:46 +00:00
data_chunk_test.cc Revert "dcsctp: Use rtc::CopyOnWriteBuffer" 2021-12-02 12:33:46 +00:00
data_common.h Revert "dcsctp: Use rtc::CopyOnWriteBuffer" 2021-12-02 12:33:46 +00:00
error_chunk.cc
error_chunk.h
error_chunk_test.cc
forward_tsn_chunk.cc dcsctp: Don't deliver skipped messages 2022-03-09 11:22:15 +00:00
forward_tsn_chunk.h
forward_tsn_chunk_test.cc dcsctp: Don't deliver skipped messages 2022-03-09 11:22:15 +00:00
forward_tsn_common.h
heartbeat_ack_chunk.cc
heartbeat_ack_chunk.h
heartbeat_ack_chunk_test.cc
heartbeat_request_chunk.cc
heartbeat_request_chunk.h
heartbeat_request_chunk_test.cc
idata_chunk.cc Revert "dcsctp: Use rtc::CopyOnWriteBuffer" 2021-12-02 12:33:46 +00:00
idata_chunk.h Revert "dcsctp: Use rtc::CopyOnWriteBuffer" 2021-12-02 12:33:46 +00:00
idata_chunk_test.cc Revert "dcsctp: Use rtc::CopyOnWriteBuffer" 2021-12-02 12:33:46 +00:00
iforward_tsn_chunk.cc
iforward_tsn_chunk.h
iforward_tsn_chunk_test.cc
init_ack_chunk.cc dcsctp: Log integers as unsigned 2021-04-20 14:04:50 +00:00
init_ack_chunk.h
init_ack_chunk_test.cc
init_chunk.cc dcsctp: Log integers as unsigned 2021-04-20 14:04:50 +00:00
init_chunk.h
init_chunk_test.cc
reconfig_chunk.cc
reconfig_chunk.h
reconfig_chunk_test.cc
sack_chunk.cc dcsctp: Report duplicate TSNs 2021-05-19 12:57:03 +00:00
sack_chunk.h dcsctp: Report duplicate TSNs 2021-05-19 12:57:03 +00:00
sack_chunk_test.cc
shutdown_ack_chunk.cc
shutdown_ack_chunk.h
shutdown_ack_chunk_test.cc
shutdown_chunk.cc
shutdown_chunk.h
shutdown_chunk_test.cc
shutdown_complete_chunk.cc
shutdown_complete_chunk.h
shutdown_complete_chunk_test.cc