diff options
author | Roger Zanoni <rzanoni@google.com> | 2023-01-24 10:23:52 +0000 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2023-02-15 14:00:24 +0000 |
commit | fa31beb730714ca3180b211967e429299488b5c0 (patch) | |
tree | 2c264741031f59c23a7e83ded22d6a01da45d099 | |
parent | 8a664ad9a062fad50f300eadd0f519590a9f708b (diff) | |
download | qtwebengine-chromium-fa31beb730714ca3180b211967e429299488b5c0.tar.gz |
[Backport] CVE-2023-0698: Out of bounds read in WebRTC (1/2)
Cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/291109:
Handle the case of missing certificates.
M102 merge issues:
No conflict but needed to reset the author of this commit to be able
to upload it. Original author: Henrik Boström <hbos@webrtc.org>
Certificates being missing is a sign of a bug (e.g. webrtc:14844, to be
fixed separately) which is why we have a DCHECK. But this DCHECK does
not protect against accessing the invalid iterator if it is a release
build. This CL makes that safe.
Bug: chromium:1408392
Change-Id: I97a82786028e41c58ef8ef15002c3f959bbec7f1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291109
Commit-Queue: Henrik Boström <hbos@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#39159}
(cherry picked from commit 124d7c3fe5bdc79a355c9df02d07f25331631a68)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/460493
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/webrtc/pc/rtc_stats_collector.cc | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc index 79e6ad27b4b..81ba52a1193 100644 --- a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc +++ b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc @@ -2087,16 +2087,17 @@ void RTCStatsCollector::ProduceTransportStats_n( // exist. const auto& certificate_stats_it = transport_cert_stats.find(transport_name); + std::string local_certificate_id, remote_certificate_id; RTC_DCHECK(certificate_stats_it != transport_cert_stats.cend()); - std::string local_certificate_id; - if (certificate_stats_it->second.local) { - local_certificate_id = RTCCertificateIDFromFingerprint( - certificate_stats_it->second.local->fingerprint); - } - std::string remote_certificate_id; - if (certificate_stats_it->second.remote) { - remote_certificate_id = RTCCertificateIDFromFingerprint( - certificate_stats_it->second.remote->fingerprint); + if (certificate_stats_it != transport_cert_stats.cend()) { + if (certificate_stats_it->second.local) { + local_certificate_id = RTCCertificateIDFromFingerprint( + certificate_stats_it->second.local->fingerprint); + } + if (certificate_stats_it->second.remote) { + remote_certificate_id = RTCCertificateIDFromFingerprint( + certificate_stats_it->second.remote->fingerprint); + } } // There is one transport stats for each channel. |