summaryrefslogtreecommitdiffstats
path: root/chromium
diff options
context:
space:
mode:
authorRoger Zanoni <rzanoni@google.com>2022-07-04 11:39:45 +0000
committerMichael BrĂ¼ning <michael.bruning@qt.io>2022-07-25 16:38:49 +0000
commit26a4642061b331931a6026dc70ef37808b310bfd (patch)
tree89991f399f9fcc01ffabcc36dc459328488602c8 /chromium
parentcc0b897269b09d5bfca56ab7de5c05004916f598 (diff)
[Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (2/2)
Manual cherry-pick of patch originally reviewed on https://webrtc-review.googlesource.com/c/src/+/267640: [M96-LTS] Ignore RID that appears without an a=simulcast entry RID is defined for multiple usages in RFC 8851, but we only support usage with a=simulcast as specified in RFC 8853. Bug: chromium:1341043 Change-Id: Ie72074c5b394bdc41865938a86ec9c7629e1f5e0 Commit-Queue: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/main@{#37417} (cherry picked from commit 1c5808145e8b151800b0320b8a7316a09b706488) Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium')
-rw-r--r--chromium/third_party/webrtc/pc/webrtc_sdp.cc6
1 files changed, 5 insertions, 1 deletions
diff --git a/chromium/third_party/webrtc/pc/webrtc_sdp.cc b/chromium/third_party/webrtc/pc/webrtc_sdp.cc
index 54a646778d3..4fd8a36f816 100644
--- a/chromium/third_party/webrtc/pc/webrtc_sdp.cc
+++ b/chromium/third_party/webrtc/pc/webrtc_sdp.cc
@@ -3308,7 +3308,11 @@ bool ParseContent(const std::string& message,
media_desc->set_simulcast_description(simulcast);
} else {
- send_rids = rids;
+ // RID is specified in RFC 8851, which identifies a lot of usages.
+ // We only support RFC 8853 usage of RID, not anything else.
+ // Ignore all RID parameters when a=simulcast is missing.
+ // In particular do NOT do send_rids = rids;
+ RTC_LOG(LS_VERBOSE) << "Ignoring send_rids without simulcast";
}
media_desc->set_receive_rids(receive_rids);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 04:36:07 +0000