Google Git
Sign in
webrtc/src.git/3179fb29318d99c101f1abd016e8d90461d366cb^!/./net/dcsctp/socket/heartbeat_handler.cc
commit
3179fb29318d99c101f1abd016e8d90461d366cb
[log]
author
Victor Boivie <boivie@webrtc.org>
Fri Oct 08 09:53:32 2021
committer
WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Oct 08 11:06:11 2021
tree
7f3d12bfbebf94fe07e185cb696969b74c1e5d5d
parent
2bcdb5d63a764cc4980817c91d1c8d8f4aeeff0f [diff] [blame]
dcsctp: Avoid integer overflow in HEARTBEAT-ACK v2

This is a follow-up to change 232904 that also validates that the
timestamp from the heartbeat ack isn't negative (which the fuzzer
managed to set it to).

Bug: chromium:1252515
Change-Id: Idaac570589dbdaaee67b7785f6232b60226e88e1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/234582
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#35168}

diff --git a/net/dcsctp/socket/heartbeat_handler.cc b/net/dcsctp/socket/heartbeat_handler.cc
index 8f41b9d..9588b85 100644
--- a/net/dcsctp/socket/heartbeat_handler.cc
+++ b/net/dcsctp/socket/heartbeat_handler.cc

@@ -154,7 +154,7 @@
   }
 
   TimeMs now = ctx_->callbacks().TimeMillis();
-  if (info->created_at() <= now) {
+  if (info->created_at() > TimeMs(0) && info->created_at() <= now) {
     ctx_->ObserveRTT(now - info->created_at());
   }