[Backport] CVE-2023-0698: Out of bounds read in WebRTC (1/2)

Cherry-pick of patch originallt reviewed on https://webrtc-review.googlesource.com/c/src/+/291709: Handle the case of missing certificates. M108 merge issues: No conflict but needed to reset the author of this commit to be able to upload it. Original author: Henrik Boström <hbos@webrtc.org> Certificates being missing is a sign of a bug (e.g. webrtc:14844, to be fixed separately) which is why we have a DCHECK. But this DCHECK does not protect against accessing the invalid iterator if it is a release build. This CL makes that safe. No-Try: True Bug: chromium:1408392 Change-Id: I97a82786028e41c58ef8ef15002c3f959bbec7f1 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291109 Commit-Queue: Henrik Boström <hbos@webrtc.org> Cr-Original-Commit-Position: refs/heads/main@{#39159} Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291709 Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Henrik Boström <hbos@webrtc.org> Reviewed-by: Evan Shrubsole <eshr@webrtc.org> Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/branch-heads/5359@{#6} Cr-Branched-From: fb3bd4a01d7c840dfe7b3efa144c0fbcb6a97fef-refs/heads/main@{#38387} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/461065 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
author: Roger Zanoni <rzanoni@google.com> 2023-02-01 13:21:45 +0000
committer: Michael Brüning <michael.bruning@qt.io> 2023-02-20 15:05:55 +0000
commit: ee1e0605f5807e9cd1bddf0b903053d408ea687d (patch)
tree: d571784c8e9b827e5784940244c1babf9814190f
parent: 7d935223a0494cb43b143e850298b6a04d324607 (diff)
download: qtwebengine-chromium-ee1e0605f5807e9cd1bddf0b903053d408ea687d.tar.gz
1 files changed, 10 insertions, 9 deletions
diff --git a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc
index ff7e334169d..c16e9ac7eaa 100644
--- a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc
+++ b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc
@@ -2197,16 +2197,17 @@ void RTCStatsCollector::ProduceTransportStats_n(
     // exist.
     const auto& certificate_stats_it =
         transport_cert_stats.find(transport_name);
+    std::string local_certificate_id, remote_certificate_id;
     RTC_DCHECK(certificate_stats_it != transport_cert_stats.cend());
-    std::string local_certificate_id;
-    if (certificate_stats_it->second.local) {
-      local_certificate_id = RTCCertificateIDFromFingerprint(
-          certificate_stats_it->second.local->fingerprint);
-    }
-    std::string remote_certificate_id;
-    if (certificate_stats_it->second.remote) {
-      remote_certificate_id = RTCCertificateIDFromFingerprint(
-          certificate_stats_it->second.remote->fingerprint);
+    if (certificate_stats_it != transport_cert_stats.cend()) {
+      if (certificate_stats_it->second.local) {
+        local_certificate_id = RTCCertificateIDFromFingerprint(
+            certificate_stats_it->second.local->fingerprint);
+      }
+      if (certificate_stats_it->second.remote) {
+        remote_certificate_id = RTCCertificateIDFromFingerprint(
+            certificate_stats_it->second.remote->fingerprint);
+      }
     }
 
     // There is one transport stats for each channel.
author	Roger Zanoni <rzanoni@google.com>	2023-02-01 13:21:45 +0000
committer	Michael Brüning <michael.bruning@qt.io>	2023-02-20 15:05:55 +0000
commit	ee1e0605f5807e9cd1bddf0b903053d408ea687d (patch)
tree	d571784c8e9b827e5784940244c1babf9814190f
parent	7d935223a0494cb43b143e850298b6a04d324607 (diff)
download	qtwebengine-chromium-ee1e0605f5807e9cd1bddf0b903053d408ea687d.tar.gz