diff options
| author | Roger Zanoni <rzanoni@google.com> | 2023-01-24 10:23:52 +0000 |
|---|---|---|
| committer | Michael Brüning <michael.bruning@qt.io> | 2023-02-20 16:43:47 +0000 |
| commit | f7860adb852a797ad68ce9f5f0d1622633775a2f (patch) | |
| tree | eeef93150e4afb8bb0a7b94168586f457f20ba49 | |
| parent | 3a7962f70857449f48a237fe204bf187bb5a0501 (diff) | |
| download | qtwebengine-chromium-f7860adb852a797ad68ce9f5f0d1622633775a2f.tar.gz | |
[Backport] CVE-2023-0698: Out of bounds read in WebRTC
Cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/291109:
Handle the case of missing certificates.
M102 merge issues:
No conflict but needed to reset the author of this commit to be able
to upload it. Original author: Henrik Boström <hbos@webrtc.org>
Certificates being missing is a sign of a bug (e.g. webrtc:14844, to be
fixed separately) which is why we have a DCHECK. But this DCHECK does
not protect against accessing the invalid iterator if it is a release
build. This CL makes that safe.
Bug: chromium:1408392
Change-Id: I97a82786028e41c58ef8ef15002c3f959bbec7f1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291109
Commit-Queue: Henrik Boström <hbos@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#39159}
(cherry picked from commit 124d7c3fe5bdc79a355c9df02d07f25331631a68)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/461410
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| -rw-r--r-- | chromium/third_party/webrtc/pc/rtc_stats_collector.cc | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc index 13374794e5c..92c7ce4b223 100644 --- a/chromium/third_party/webrtc/pc/rtc_stats_collector.cc +++ b/chromium/third_party/webrtc/pc/rtc_stats_collector.cc @@ -1792,16 +1792,17 @@ void RTCStatsCollector::ProduceTransportStats_n( // exist. const auto& certificate_stats_it = transport_cert_stats.find(transport_name); + std::string local_certificate_id, remote_certificate_id; RTC_DCHECK(certificate_stats_it != transport_cert_stats.cend()); - std::string local_certificate_id; - if (certificate_stats_it->second.local) { - local_certificate_id = RTCCertificateIDFromFingerprint( - certificate_stats_it->second.local->fingerprint); - } - std::string remote_certificate_id; - if (certificate_stats_it->second.remote) { - remote_certificate_id = RTCCertificateIDFromFingerprint( - certificate_stats_it->second.remote->fingerprint); + if (certificate_stats_it != transport_cert_stats.cend()) { + if (certificate_stats_it->second.local) { + local_certificate_id = RTCCertificateIDFromFingerprint( + certificate_stats_it->second.local->fingerprint); + } + if (certificate_stats_it->second.remote) { + remote_certificate_id = RTCCertificateIDFromFingerprint( + certificate_stats_it->second.remote->fingerprint); + } } // There is one transport stats for each channel. |