OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/p2p/socket_host.h" | 5 #include "content/browser/renderer_host/p2p/socket_host.h" |
6 | 6 |
7 #include "base/sys_byteorder.h" | 7 #include "base/sys_byteorder.h" |
8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" | 8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" |
9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" | 9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h" |
10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" | 10 #include "content/browser/renderer_host/p2p/socket_host_udp.h" |
(...skipping 15 matching lines...) Expand all Loading... | |
26 const int kAbsSendTimeExtnLen = 3; | 26 const int kAbsSendTimeExtnLen = 3; |
27 const int kOneByteHdrLen = 1; | 27 const int kOneByteHdrLen = 1; |
28 | 28 |
29 // Fake auth tag written by the render process if external authentication is | 29 // Fake auth tag written by the render process if external authentication is |
30 // enabled. HMAC in packet will be compared against this value before updating | 30 // enabled. HMAC in packet will be compared against this value before updating |
31 // packet with actual HMAC value. | 31 // packet with actual HMAC value. |
32 static const unsigned char kFakeAuthTag[10] = { | 32 static const unsigned char kFakeAuthTag[10] = { |
33 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd | 33 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd |
34 }; | 34 }; |
35 | 35 |
36 bool IsTurnChannelData(const char* data) { | 36 bool IsTurnChannelData(const char* data, int len) { |
palmer
2014/09/22 19:34:46
size_t, or explicitly-sized unsigned type.
http:/
jiayl
2014/09/22 21:39:02
Done.
| |
37 return ((*data & 0xC0) == 0x40); | 37 return len >= 1 && ((*data & 0xC0) == 0x40); |
palmer
2014/09/22 19:34:46
Is there a maximum sane size we should check for,
jiayl
2014/09/22 21:39:03
I don't think there is a maximum.
juberti2
2014/09/22 22:43:56
We have a max packet size of 2048 that we use else
jiayl
2014/09/22 23:04:13
Done.
| |
38 } | 38 } |
39 | 39 |
40 bool IsDtlsPacket(const char* data, int len) { | 40 bool IsDtlsPacket(const char* data, int len) { |
41 const uint8* u = reinterpret_cast<const uint8*>(data); | 41 const uint8* u = reinterpret_cast<const uint8*>(data); |
42 return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64)); | 42 return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64)); |
43 } | 43 } |
44 | 44 |
45 bool IsRtcpPacket(const char* data) { | 45 bool IsRtcpPacket(const char* data) { |
46 int type = (static_cast<uint8>(data[1]) & 0x7F); | 46 int type = (static_cast<uint8>(data[1]) & 0x7F); |
47 return (type >= 64 && type < 96); | 47 return (type >= 64 && type < 96); |
48 } | 48 } |
49 | 49 |
50 bool IsTurnSendIndicationPacket(const char* data) { | 50 bool IsTurnSendIndicationPacket(const char* data, int len) { |
51 if (len < 2) | |
palmer
2014/09/22 19:34:46
I'd suggest using kMinimumWhateverLength and kMaxi
jiayl
2014/09/22 21:39:03
Used the minimum header length for these methods.
| |
52 return false; | |
53 | |
51 uint16 type = rtc::GetBE16(data); | 54 uint16 type = rtc::GetBE16(data); |
52 return (type == cricket::TURN_SEND_INDICATION); | 55 return (type == cricket::TURN_SEND_INDICATION); |
53 } | 56 } |
54 | 57 |
55 bool IsRtpPacket(const char* data, int len) { | 58 bool IsRtpPacket(const char* data, int len) { |
56 return ((*data & 0xC0) == 0x80); | 59 return ((*data & 0xC0) == 0x80); |
57 } | 60 } |
58 | 61 |
59 // Verifies rtp header and message length. | 62 // Verifies rtp header and message length. |
60 bool ValidateRtpHeader(const char* rtp, int length, size_t* header_length) { | 63 bool ValidateRtpHeader(const char* rtp, int length, size_t* header_length) { |
(...skipping 10 matching lines...) Expand all Loading... | |
71 // length is verified above. | 74 // length is verified above. |
72 if (!(rtp[0] & 0x10)) { | 75 if (!(rtp[0] & 0x10)) { |
73 if (header_length) | 76 if (header_length) |
74 *header_length = rtp_hdr_len_without_extn; | 77 *header_length = rtp_hdr_len_without_extn; |
75 | 78 |
76 return true; | 79 return true; |
77 } | 80 } |
78 | 81 |
79 rtp += rtp_hdr_len_without_extn; | 82 rtp += rtp_hdr_len_without_extn; |
80 | 83 |
84 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen > length) { | |
palmer
2014/09/22 19:34:46
Integer overflow potential? Consider using checked
jiayl
2014/09/22 21:39:02
The max of the sum is 12 + 4 * 31 + 4 * UINT16_MAX
| |
85 return false; | |
86 } | |
87 | |
81 // Getting extension profile length. | 88 // Getting extension profile length. |
82 // Length is in 32 bit words. | 89 // Length is in 32 bit words. |
83 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; | 90 uint16 extn_length = rtc::GetBE16(rtp + 2) * 4; |
aedla
2014/09/22 20:06:47
Would be nice to fix the integer overflow here.
jiayl
2014/09/22 21:39:03
Changed the result to size_t to avoid overflow.
| |
84 | 91 |
85 // Verify input length against total header size. | 92 // Verify input length against total header size. |
86 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > length) { | 93 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > length) { |
87 return false; | 94 return false; |
88 } | 95 } |
89 | 96 |
90 if (header_length) | 97 if (header_length) |
91 *header_length = rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length; | 98 *header_length = rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length; |
92 return true; | 99 return true; |
93 } | 100 } |
94 | 101 |
95 void UpdateAbsSendTimeExtnValue(char* extn_data, int len, | 102 void UpdateAbsSendTimeExtnValue(char* extn_data, int len, |
96 uint32 abs_send_time) { | 103 uint32 abs_send_time) { |
97 // Absolute send time in RTP streams. | 104 // Absolute send time in RTP streams. |
98 // | 105 // |
99 // The absolute send time is signaled to the receiver in-band using the | 106 // The absolute send time is signaled to the receiver in-band using the |
100 // general mechanism for RTP header extensions [RFC5285]. The payload | 107 // general mechanism for RTP header extensions [RFC5285]. The payload |
101 // of this extension (the transmitted value) is a 24-bit unsigned integer | 108 // of this extension (the transmitted value) is a 24-bit unsigned integer |
102 // containing the sender's current time in seconds as a fixed point number | 109 // containing the sender's current time in seconds as a fixed point number |
103 // with 18 bits fractional part. | 110 // with 18 bits fractional part. |
104 // | 111 // |
105 // The form of the absolute send time extension block: | 112 // The form of the absolute send time extension block: |
106 // | 113 // |
107 // 0 1 2 3 | 114 // 0 1 2 3 |
108 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 115 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
109 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 116 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
110 // | ID | len=2 | absolute send time | | 117 // | ID | len=2 | absolute send time | |
111 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 118 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
112 DCHECK_EQ(len, kAbsSendTimeExtnLen); | 119 if (len != kAbsSendTimeExtnLen) { |
120 NOTREACHED(); | |
121 return; | |
122 } | |
123 | |
113 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to | 124 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to |
114 // use it unless necessary, as it is expensive than Now(). | 125 // use it unless necessary, as it is expensive than Now(). |
115 uint32 now_second = abs_send_time; | 126 uint32 now_second = abs_send_time; |
116 if (!now_second) { | 127 if (!now_second) { |
117 uint64 now_us = | 128 uint64 now_us = |
118 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); | 129 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds(); |
119 // Convert second to 24-bit unsigned with 18 bit fractional part | 130 // Convert second to 24-bit unsigned with 18 bit fractional part |
120 now_second = | 131 now_second = |
121 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; | 132 ((now_us << 18) / base::Time::kMicrosecondsPerSecond) & 0x00FFFFFF; |
122 } | 133 } |
123 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. | 134 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle. |
124 extn_data[0] = static_cast<uint8>(now_second >> 16); | 135 extn_data[0] = static_cast<uint8>(now_second >> 16); |
125 extn_data[1] = static_cast<uint8>(now_second >> 8); | 136 extn_data[1] = static_cast<uint8>(now_second >> 8); |
126 extn_data[2] = static_cast<uint8>(now_second); | 137 extn_data[2] = static_cast<uint8>(now_second); |
127 } | 138 } |
128 | 139 |
129 // Assumes |len| is actual packet length + tag length. Updates HMAC at end of | 140 // Assumes |len| is actual packet length + tag length. Updates HMAC at end of |
130 // the RTP packet. | 141 // the RTP packet. |
131 void UpdateRtpAuthTag(char* rtp, int len, | 142 void UpdateRtpAuthTag(char* rtp, int len, |
132 const rtc::PacketOptions& options) { | 143 const rtc::PacketOptions& options) { |
133 // If there is no key, return. | 144 // If there is no key, return. |
134 if (options.packet_time_params.srtp_auth_key.empty()) | 145 if (options.packet_time_params.srtp_auth_key.empty()) |
135 return; | 146 return; |
136 | 147 |
137 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; | 148 size_t tag_length = options.packet_time_params.srtp_auth_tag_len; |
138 char* auth_tag = rtp + (len - tag_length); | 149 char* auth_tag = rtp + (len - tag_length); |
aedla
2014/09/22 20:06:47
Validate tag_length before we create a bad pointer
jiayl
2014/09/22 21:39:03
Done.
| |
139 | 150 |
140 // We should have a fake HMAC value @ auth_tag. | 151 // We should have a fake HMAC value @ auth_tag. |
141 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); | 152 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length)); |
142 | 153 |
143 crypto::HMAC hmac(crypto::HMAC::SHA1); | 154 crypto::HMAC hmac(crypto::HMAC::SHA1); |
144 if (!hmac.Init(reinterpret_cast<const unsigned char*>( | 155 if (!hmac.Init(reinterpret_cast<const unsigned char*>( |
145 &options.packet_time_params.srtp_auth_key[0]), | 156 &options.packet_time_params.srtp_auth_key[0]), |
146 options.packet_time_params.srtp_auth_key.size())) { | 157 options.packet_time_params.srtp_auth_key.size())) { |
147 NOTREACHED(); | 158 NOTREACHED(); |
148 return; | 159 return; |
149 } | 160 } |
150 | 161 |
151 if (hmac.DigestLength() < tag_length) { | 162 const size_t kRocLength = 4; |
163 | |
164 if (tag_length > hmac.DigestLength() || tag_length < kRocLength) { | |
aedla
2014/09/22 20:06:47
That won't cut it. Say tag_length == hmac.DigestLe
jiayl
2014/09/22 21:39:03
Done.
| |
152 NOTREACHED(); | 165 NOTREACHED(); |
153 return; | 166 return; |
154 } | 167 } |
155 | 168 |
156 // Copy ROC after end of rtp packet. | 169 // Copy ROC after end of rtp packet. |
157 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, 4); | 170 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, kRocLength); |
158 // Authentication of a RTP packet will have RTP packet + ROC size. | 171 // Authentication of a RTP packet will have RTP packet + ROC size. |
159 int auth_required_length = len - tag_length + 4; | 172 int auth_required_length = len - tag_length + kRocLength; |
palmer
2014/09/22 19:34:46
Integer overflow potential?
jiayl
2014/09/22 21:39:03
tag_length is guaranteed to be >= kRocLength, so n
| |
160 | 173 |
161 unsigned char output[64]; | 174 unsigned char output[64]; |
162 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), | 175 if (!hmac.Sign(base::StringPiece(rtp, auth_required_length), |
163 output, sizeof(output))) { | 176 output, sizeof(output))) { |
164 NOTREACHED(); | 177 NOTREACHED(); |
165 return; | 178 return; |
166 } | 179 } |
167 // Copy HMAC from output to packet. This is required as auth tag length | 180 // Copy HMAC from output to packet. This is required as auth tag length |
168 // may not be equal to the actual HMAC length. | 181 // may not be equal to the actual HMAC length. |
169 memcpy(auth_tag, output, tag_length); | 182 memcpy(auth_tag, output, tag_length); |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
214 } | 227 } |
215 | 228 |
216 UpdateRtpAuthTag(start, rtp_length, options); | 229 UpdateRtpAuthTag(start, rtp_length, options); |
217 return true; | 230 return true; |
218 } | 231 } |
219 | 232 |
220 bool GetRtpPacketStartPositionAndLength(const char* packet, | 233 bool GetRtpPacketStartPositionAndLength(const char* packet, |
221 int length, | 234 int length, |
222 int* rtp_start_pos, | 235 int* rtp_start_pos, |
223 int* rtp_packet_length) { | 236 int* rtp_packet_length) { |
237 *rtp_start_pos = 0; | |
238 *rtp_packet_length = 0; | |
239 | |
224 int rtp_begin; | 240 int rtp_begin; |
225 int rtp_length = 0; | 241 int rtp_length = 0; |
226 if (IsTurnChannelData(packet)) { | 242 if (IsTurnChannelData(packet, length)) { |
227 // Turn Channel Message header format. | 243 // Turn Channel Message header format. |
228 // 0 1 2 3 | 244 // 0 1 2 3 |
229 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 245 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
230 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 246 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
231 // | Channel Number | Length | | 247 // | Channel Number | Length | |
232 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 248 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
233 // | | | 249 // | | |
234 // / Application Data / | 250 // / Application Data / |
235 // / / | 251 // / / |
236 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 252 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
237 if (length < kTurnChannelHdrLen) { | 253 if (length < kTurnChannelHdrLen) { |
238 return false; | 254 return false; |
239 } | 255 } |
240 | 256 |
241 rtp_begin = kTurnChannelHdrLen; | 257 rtp_begin = kTurnChannelHdrLen; |
242 rtp_length = rtc::GetBE16(&packet[2]); | 258 rtp_length = rtc::GetBE16(&packet[2]); |
243 if (length < rtp_length + kTurnChannelHdrLen) { | 259 if (length < rtp_length + kTurnChannelHdrLen) { |
244 return false; | 260 return false; |
245 } | 261 } |
246 } else if (IsTurnSendIndicationPacket(packet)) { | 262 } else if (IsTurnSendIndicationPacket(packet, length)) { |
247 if (length <= P2PSocketHost::kStunHeaderSize) { | 263 if (length <= P2PSocketHost::kStunHeaderSize) { |
248 // Message must be greater than 20 bytes, if it's carrying any payload. | 264 // Message must be greater than 20 bytes, if it's carrying any payload. |
249 return false; | 265 return false; |
250 } | 266 } |
251 // Validate STUN message length. | 267 // Validate STUN message length. |
252 int stun_msg_len = rtc::GetBE16(&packet[2]); | 268 int stun_msg_len = rtc::GetBE16(&packet[2]); |
253 if (stun_msg_len + P2PSocketHost::kStunHeaderSize != length) { | 269 if (stun_msg_len + P2PSocketHost::kStunHeaderSize != length) { |
254 return false; | 270 return false; |
255 } | 271 } |
256 | 272 |
(...skipping 10 matching lines...) Expand all Loading... | |
267 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 283 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
268 // | Value (variable) .... | 284 // | Value (variable) .... |
269 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 285 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
270 // The value in the length field MUST contain the length of the Value | 286 // The value in the length field MUST contain the length of the Value |
271 // part of the attribute, prior to padding, measured in bytes. Since | 287 // part of the attribute, prior to padding, measured in bytes. Since |
272 // STUN aligns attributes on 32-bit boundaries, attributes whose content | 288 // STUN aligns attributes on 32-bit boundaries, attributes whose content |
273 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of | 289 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of |
274 // padding so that its value contains a multiple of 4 bytes. The | 290 // padding so that its value contains a multiple of 4 bytes. The |
275 // padding bits are ignored, and may be any value. | 291 // padding bits are ignored, and may be any value. |
276 uint16 attr_type, attr_length; | 292 uint16 attr_type, attr_length; |
293 const int kAttrHeaderLength = sizeof(attr_type) + sizeof(attr_length); | |
294 | |
295 if (length < rtp_begin + kAttrHeaderLength) { | |
296 return false; | |
297 } | |
298 | |
277 // Getting attribute type and length. | 299 // Getting attribute type and length. |
278 attr_type = rtc::GetBE16(&packet[rtp_begin]); | 300 attr_type = rtc::GetBE16(&packet[rtp_begin]); |
279 attr_length = rtc::GetBE16( | 301 attr_length = rtc::GetBE16( |
280 &packet[rtp_begin + sizeof(attr_type)]); | 302 &packet[rtp_begin + sizeof(attr_type)]); |
303 | |
281 // Checking for bogus attribute length. | 304 // Checking for bogus attribute length. |
282 if (length < attr_length + rtp_begin) { | 305 if (length < rtp_begin + kAttrHeaderLength + attr_length) { |
283 return false; | 306 return false; |
284 } | 307 } |
285 | 308 |
286 if (attr_type != cricket::STUN_ATTR_DATA) { | 309 if (attr_type != cricket::STUN_ATTR_DATA) { |
287 rtp_begin += sizeof(attr_type) + sizeof(attr_length) + attr_length; | 310 rtp_begin += sizeof(attr_type) + sizeof(attr_length) + attr_length; |
aedla
2014/09/22 20:06:46
Use kAttrHeaderLength here.
jiayl
2014/09/22 21:39:03
Done.
| |
288 if ((attr_length % 4) != 0) { | 311 if ((attr_length % 4) != 0) { |
289 rtp_begin += (4 - (attr_length % 4)); | 312 rtp_begin += (4 - (attr_length % 4)); |
290 } | 313 } |
291 continue; | 314 continue; |
292 } | 315 } |
293 | 316 |
294 data_attr_present = true; | 317 data_attr_present = true; |
295 rtp_begin += 4; // Skip STUN_DATA_ATTR header. | 318 rtp_begin += 4; // Skip STUN_DATA_ATTR header. |
aedla
2014/09/22 20:06:47
And here.
jiayl
2014/09/22 21:39:03
Done.
| |
296 rtp_length = attr_length; | 319 rtp_length = attr_length; |
297 // One final check of length before exiting. | 320 // One final check of length before exiting. |
298 if (length < rtp_length + rtp_begin) { | 321 if (length < rtp_length + rtp_begin) { |
aedla
2014/09/22 20:06:47
This check is now redundant.
jiayl
2014/09/22 21:39:02
Done.
| |
299 return false; | 322 return false; |
300 } | 323 } |
301 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. | 324 // We found STUN_DATA_ATTR. We can skip parsing rest of the packet. |
302 break; | 325 break; |
303 } | 326 } |
304 | 327 |
305 if (!data_attr_present) { | 328 if (!data_attr_present) { |
306 // There is no data attribute present in the message. We can't do anything | 329 // There is no data attribute present in the message. We can't do anything |
307 // with the message. | 330 // with the message. |
308 return false; | 331 return false; |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
373 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 396 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
374 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 397 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
375 // | 0xBE | 0xDE | length=3 | | 398 // | 0xBE | 0xDE | length=3 | |
376 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 399 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
377 // | ID | L=0 | data | ID | L=1 | data... | 400 // | ID | L=0 | data | ID | L=1 | data... |
378 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 401 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
379 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | | 402 // ...data | 0 (pad) | 0 (pad) | ID | L=3 | |
380 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 403 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
381 // | data | | 404 // | data | |
382 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 405 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
383 char* extn_start = rtp; | 406 const char* extn_start = rtp; |
aedla
2014/09/22 20:06:46
Having
const char* extn_end = extn_start + extn_le
jiayl
2014/09/22 21:39:03
Done.
| |
384 while (rtp - extn_start < extn_length) { | 407 while (rtp - extn_start < extn_length) { |
385 const int id = (*rtp & 0xF0) >> 4; | 408 const int id = (*rtp & 0xF0) >> 4; |
386 const int len = (*rtp & 0x0F) + 1; | 409 const int len = (*rtp & 0x0F) + 1; |
410 if (rtp + kOneByteHdrLen + len - extn_start >= extn_length) { | |
aedla
2014/09/22 20:06:48
I think this should be > extn_length. Or
if (rtp +
jiayl
2014/09/22 21:39:03
You are right. Done.
| |
411 return false; | |
412 } | |
387 // The 4-bit length is the number minus one of data bytes of this header | 413 // The 4-bit length is the number minus one of data bytes of this header |
388 // extension element following the one-byte header. | 414 // extension element following the one-byte header. |
389 if (id == extension_id) { | 415 if (id == extension_id) { |
390 UpdateAbsSendTimeExtnValue(rtp + kOneByteHdrLen, len, abs_send_time); | 416 UpdateAbsSendTimeExtnValue(rtp + kOneByteHdrLen, len, abs_send_time); |
391 found = true; | 417 found = true; |
392 break; | 418 break; |
393 } | 419 } |
394 rtp += kOneByteHdrLen + len; | 420 rtp += kOneByteHdrLen + len; |
395 // Counting padding bytes. | 421 // Counting padding bytes. |
396 while ((*rtp == 0) && (rtp - extn_start < extn_length)) { | 422 while ((rtp - extn_start < extn_length) && (*rtp == 0)) { |
397 ++rtp; | 423 ++rtp; |
398 } | 424 } |
399 } | 425 } |
400 } | 426 } |
401 return found; | 427 return found; |
402 } | 428 } |
403 | 429 |
404 } // packet_processing_helpers | 430 } // packet_processing_helpers |
405 | 431 |
406 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) | 432 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender, int socket_id) |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
577 BrowserThread::PostTask(BrowserThread::UI, | 603 BrowserThread::PostTask(BrowserThread::UI, |
578 FROM_HERE, | 604 FROM_HERE, |
579 base::Bind(packet_dump_callback_, | 605 base::Bind(packet_dump_callback_, |
580 Passed(&packet_header), | 606 Passed(&packet_header), |
581 header_length, | 607 header_length, |
582 packet_length, | 608 packet_length, |
583 incoming)); | 609 incoming)); |
584 } | 610 } |
585 | 611 |
586 } // namespace content | 612 } // namespace content |
OLD | NEW |