generic-library/webrtc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add range checks in a variety of places where the values will subsequently be

Browse Source 
expected to be 0-127.

BUG=none
TEST=none
R=juberti@webrtc.org
TBR=henrika

Review URL: https://webrtc-codereview.appspot.com/37759004

Cr-Commit-Position: refs/heads/master@{#8399}
git-svn-id: http://webrtc.googlecode.com/svn/trunk@8399 4adac7df-926f-26a2-2b94-8c16560cd09d
This commit is contained in:
pkasting@chromium.org 2015-02-17 20:36:28 +00:00
parent 27669f320b
commit e9facf8bb3
6 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
talk/app/webrtc/webrtcsdp.cc
View File

@ -39,6 +39,7 @@
#include "talk/media/base/codec.h"
#include "talk/media/base/constants.h"
#include "talk/media/base/cryptoparams.h"
#include "talk/media/base/rtputils.h"
#include "talk/media/sctp/sctpdataengine.h"
#include "webrtc/p2p/base/candidate.h"
#include "webrtc/p2p/base/constants.h"
@ -587,6 +588,14 @@ static bool GetValueFromString(const std::string& line,
return true;
}
static bool GetPayloadTypeFromString(const std::string& line,
const std::string& s,
int* payload_type,
SdpParseError* error) {
return GetValueFromString(line, s, payload_type, error) &&
cricket::IsValidRtpPayloadType(*payload_type);
}
void CreateTracksFromSsrcInfos(const SsrcInfoVec& ssrc_infos,
StreamParamsVec* tracks) {
ASSERT(tracks != NULL);
@ -2206,7 +2215,7 @@ bool ParseMediaDescription(const std::string& message,
}
int pl = 0;
if (!GetValueFromString(line, fields[j], &pl, error)) {
if (!GetPayloadTypeFromString(line, fields[j], &pl, error)) {
return false;
}
codec_preference.push_back(pl);
@ -2923,7 +2932,8 @@ bool ParseRtpmapAttribute(const std::string& line,
return false;
}
int payload_type = 0;
if (!GetValueFromString(line, payload_type_value, &payload_type, error)) {
if (!GetPayloadTypeFromString(line, payload_type_value, &payload_type,
error)) {
return false;
}
@ -3061,7 +3071,7 @@ bool ParseFmtpAttributes(const std::string& line, const MediaType media_type,
}
int int_payload_type = 0;
if (!GetValueFromString(line, payload_type, &int_payload_type, error)) {
if (!GetPayloadTypeFromString(line, payload_type, &int_payload_type, error)) {
return false;
}
if (media_type == cricket::MEDIA_TYPE_AUDIO) {
@ -3093,7 +3103,8 @@ bool ParseRtcpFbAttribute(const std::string& line, const MediaType media_type,
}
int payload_type = kWildcardPayloadType;
if (payload_type_string != "*") {
if (!GetValueFromString(line, payload_type_string, &payload_type, error)) {
if (!GetPayloadTypeFromString(line, payload_type_string, &payload_type,
error)) {
return false;
}
}

7
talk/media/base/rtputils.cc
View File

@ -176,7 +176,8 @@ bool SetRtpSsrc(void* data, size_t len, uint32 value) {
// Assumes version 2, no padding, no extensions, no csrcs.
bool SetRtpHeader(void* data, size_t len, const RtpHeader& header) {
if (header.payload_type >= 0x7F) {
if (!IsValidRtpPayloadType(header.payload_type) ||
header.seq_num < 0 || header.seq_num > UINT16_MAX) {
return false;
}
return (SetUint8(data, kRtpFlagsOffset, kRtpVersion << 6) &&
@ -194,4 +195,8 @@ bool IsRtpPacket(const void* data, size_t len) {
return (static_cast<const uint8*>(data)[0] >> 6) == kRtpVersion;
}
bool IsValidRtpPayloadType(int payload_type) {
return payload_type >= 0 && payload_type <= 127;
}
} // namespace cricket

4
talk/media/base/rtputils.h
View File

@ -67,6 +67,10 @@ bool SetRtpSsrc(void* data, size_t len, uint32 value);
bool SetRtpHeader(void* data, size_t len, const RtpHeader& header);
bool IsRtpPacket(const void* data, size_t len);
// True if |payload type| is 0-127.
bool IsValidRtpPayloadType(int payload_type);
} // namespace cricket
#endif // TALK_MEDIA_BASE_RTPUTILS_H_

4
talk/media/webrtc/webrtcvideoengine.cc
View File

@ -1772,6 +1772,8 @@ bool WebRtcVideoMediaChannel::SetRecvCodecs(
receive_codecs_.push_back(wcodec);
int apt;
if (iter->GetParam(cricket::kCodecParamAssociatedPayloadType, &apt)) {
if (!IsValidRtpPayloadType(apt))
return false;
associated_payload_types_[wcodec.plType] = apt;
}
}
@ -1808,6 +1810,8 @@ bool WebRtcVideoMediaChannel::SetSendCodecs(
int rtx_type = iter->id;
int rtx_primary_type = -1;
if (iter->GetParam(kCodecParamAssociatedPayloadType, &rtx_primary_type)) {
if (!IsValidRtpPayloadType(rtx_primary_type))
return false;
primary_rtx_pt_mapping[rtx_primary_type] = rtx_type;
}
} else if (engine()->CanSendCodec(*iter, dummy_current, &checked_codec)) {

8
talk/media/webrtc/webrtcvideoengine2.cc
View File

@ -2105,9 +2105,11 @@ WebRtcVideoChannel2::MapCodecs(const std::vector<VideoCodec>& codecs) {
case VideoCodec::CODEC_RTX: {
int associated_payload_type;
if (!in_codec.GetParam(kCodecParamAssociatedPayloadType,
&associated_payload_type)) {
LOG(LS_ERROR) << "RTX codec without associated payload type: "
<< in_codec.ToString();
&associated_payload_type) ||
!IsValidRtpPayloadType(associated_payload_type)) {
LOG(LS_ERROR)
<< "RTX codec with invalid or no associated payload type: "
<< in_codec.ToString();
return std::vector<VideoCodecSettings>();
}
rtx_mapping[associated_payload_type] = in_codec.id;

4
webrtc/voice_engine/test/win_test/WinTestDlg.cc
View File

@ -927,7 +927,7 @@ void CTelephonyEvent::OnBnClickedButtonSetRxTelephonePt()
{
BOOL ret;
int pt = GetDlgItemInt(IDC_EDIT_EVENT_RX_PT, &ret);
if (ret == FALSE)
if (ret == FALSE || pt < 0 || pt > 127)
return;
CodecInst codec;
strcpy_s(codec.plname, 32, "telephone-event");
@ -940,7 +940,7 @@ void CTelephonyEvent::OnBnClickedButtonSetTxTelephonePt()
{
BOOL ret;
int pt = GetDlgItemInt(IDC_EDIT_EVENT_TX_PT, &ret);
if (ret == FALSE)
if (ret == FALSE || pt < 0 || pt > 127)
return;
TEST2(_veDTMFPtr->SetSendTelephoneEventPayloadType(_channel, pt) == 0,
_T("SetSendTelephoneEventPayloadType(channel=%d, type=%u)"), _channel, pt);