diff options
author | Roger Zanoni <rzanoni@google.com> | 2023-02-01 13:21:45 +0000 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2023-02-20 15:05:55 +0000 |
commit | ee1e0605f5807e9cd1bddf0b903053d408ea687d (patch) | |
tree | d571784c8e9b827e5784940244c1babf9814190f | |
parent | 7d935223a0494cb43b143e850298b6a04d324607 (diff) | |
download | qtwebengine-chromium-ee1e0605f5807e9cd1bddf0b903053d408ea687d.tar.gz |
[Backport] CVE-2023-0698: Out of bounds read in WebRTC (1/2)
Cherry-pick of patch originallt reviewed on
https://webrtc-review.googlesource.com/c/src/+/291709:
Handle the case of missing certificates.
M108 merge issues:
No conflict but needed to reset the author of this commit to be able
to upload it. Original author: Henrik Boström <hbos@webrtc.org>
Certificates being missing is a sign of a bug (e.g. webrtc:14844, to be
fixed separately) which is why we have a DCHECK. But this DCHECK does
not protect against accessing the invalid iterator if it is a release
build. This CL makes that safe.
No-Try: True
Bug: chromium:1408392
Change-Id: I97a82786028e41c58ef8ef15002c3f959bbec7f1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291109
Commit-Queue: Henrik Boström <hbos@webrtc.org>
Cr-Original-Commit-Position: refs/heads/main@{#39159}
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291709
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Henrik Boström <hbos@webrtc.org>
Reviewed-by: Evan Shrubsole <eshr@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/branch-heads/5359@{#6}
Cr-Branched-From: fb3bd4a01d7c840dfe7b3efa144c0fbcb6a97fef-refs/heads/main@{#38387}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/461065
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/third_party/webrtc/pc/rtc_stats_collector.cc | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc index ff7e334169d..c16e9ac7eaa 100644 --- a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc +++ b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc @@ -2197,16 +2197,17 @@ void RTCStatsCollector::ProduceTransportStats_n( // exist. const auto& certificate_stats_it = transport_cert_stats.find(transport_name); + std::string local_certificate_id, remote_certificate_id; RTC_DCHECK(certificate_stats_it != transport_cert_stats.cend()); - std::string local_certificate_id; - if (certificate_stats_it->second.local) { - local_certificate_id = RTCCertificateIDFromFingerprint( - certificate_stats_it->second.local->fingerprint); - } - std::string remote_certificate_id; - if (certificate_stats_it->second.remote) { - remote_certificate_id = RTCCertificateIDFromFingerprint( - certificate_stats_it->second.remote->fingerprint); + if (certificate_stats_it != transport_cert_stats.cend()) { + if (certificate_stats_it->second.local) { + local_certificate_id = RTCCertificateIDFromFingerprint( + certificate_stats_it->second.local->fingerprint); + } + if (certificate_stats_it->second.remote) { + remote_certificate_id = RTCCertificateIDFromFingerprint( + certificate_stats_it->second.remote->fingerprint); + } } // There is one transport stats for each channel. |