Google Git
Sign in
webrtc / src.git / 4cc9f98e4c10741a28cd0c715e6c130cb30dbd0f^! / . / webrtc
commit4cc9f98e4c10741a28cd0c715e6c130cb30dbd0f[log] [tgz]
authorguoweis <guoweis@webrtc.org>Wed Feb 24 19:10:06 2016
committerCommit bot <commit-bot@chromium.org>Wed Feb 24 19:10:09 2016
tree6fd96a000677078977f80f8875225363ae6c97b3
parent615fabb661e0a8a3a76e0d135ba37876a7887d7a [diff]
Fix bug 574524: DtlsTransportChannel crashes after SSL closes remotely

When remote side closes, opensslstreamadapter could return SR_EOS which will not trigger upper layer to clean up what's left in the StreamInterfaceChannel. The result of this is when there are more packets coming in, the Write on the StreamInterfaceChannel will overflow the buffer.

The fix here is that when receiving the remote side close signal, we also close the underneath StreamInterfaceChannel which will clean up the queue to prevent overflow.

BUG=574524
TBR=pthatcher@webrtc.org

Review URL: https://codereview.webrtc.org/1566023002

Cr-Commit-Position: refs/heads/master@{#11751}

diff --git a/webrtc/base/bufferqueue.cc b/webrtc/base/bufferqueue.cc
index 9c2324e..6e5439d 100644
--- a/webrtc/base/bufferqueue.cc
+++ b/webrtc/base/bufferqueue.cc

@@ -34,6 +34,14 @@
   return queue_.size();
 }
 
+void BufferQueue::Clear() {
+  CritScope cs(&crit_);
+  while (!queue_.empty()) {
+    free_list_.push_back(queue_.front());
+    queue_.pop_front();
+  }
+}
+
 bool BufferQueue::ReadFront(void* buffer, size_t bytes, size_t* bytes_read) {
   CritScope cs(&crit_);
   if (queue_.empty()) {

diff --git a/webrtc/base/bufferqueue.h b/webrtc/base/bufferqueue.h
index 89ffdf0..623d85a 100644
--- a/webrtc/base/bufferqueue.h
+++ b/webrtc/base/bufferqueue.h

@@ -28,6 +28,9 @@
   // Return number of queued buffers.
   size_t size() const;
 
+  // Clear the BufferQueue by moving all Buffers from |queue_| to |free_list_|.
+  void Clear();
+
   // ReadFront will only read one buffer at a time and will truncate buffers
   // that don't fit in the passed memory.
   // Returns true unless no data could be returned.

diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 4a1dc80..30326f5 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc

@@ -636,6 +636,10 @@
       return SR_BLOCK;
     case SSL_ERROR_ZERO_RETURN:
       LOG(LS_VERBOSE) << " -- remote side closed";
+      // When we're closed at SSL layer, also close the stream level which
+      // performs necessary clean up. Otherwise, a new incoming packet after
+      // this could overflow the stream buffer.
+      this->stream()->Close();
       return SR_EOS;
       break;
     default:

diff --git a/webrtc/p2p/base/dtlstransportchannel.cc b/webrtc/p2p/base/dtlstransportchannel.cc
index 59ef2bc..2185fb3 100644
--- a/webrtc/p2p/base/dtlstransportchannel.cc
+++ b/webrtc/p2p/base/dtlstransportchannel.cc

@@ -88,6 +88,11 @@
   return ret;
 }
 
+void StreamInterfaceChannel::Close() {
+  packets_.Clear();
+  state_ = rtc::SS_CLOSED;
+}
+
 DtlsTransportChannelWrapper::DtlsTransportChannelWrapper(
     TransportChannelImpl* channel)
     : TransportChannelImpl(channel->transport_name(), channel->component()),

diff --git a/webrtc/p2p/base/dtlstransportchannel.h b/webrtc/p2p/base/dtlstransportchannel.h
index f396a57..ad30441 100644
--- a/webrtc/p2p/base/dtlstransportchannel.h
+++ b/webrtc/p2p/base/dtlstransportchannel.h

@@ -34,7 +34,7 @@
 
   // Implementations of StreamInterface
   rtc::StreamState GetState() const override { return state_; }
-  void Close() override { state_ = rtc::SS_CLOSED; }
+  void Close() override;
   rtc::StreamResult Read(void* buffer,
                          size_t buffer_len,
                          size_t* read,