Google Git
Sign in
webrtc / src.git / 584b4df92d3332eb97fb5142e9a48c77cdb7a3b5
commit584b4df92d3332eb97fb5142e9a48c77cdb7a3b5[log] [tgz]
authorVictor Boivie <boivie@webrtc.org>Tue Mar 08 22:05:10 2022
committerWebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Mar 09 11:22:15 2022
tree59872eedba1e56030b8d35e429079a77ec957723
parentd7031692e3ba9eed78ead07f8bf34a847ca1fce6 [diff]
dcsctp: Don't deliver skipped messages

If a FORWARD-TSN contains an ordered skipped stream with a large TSN
but with a too small SSN, it can result in messages being assembled
that should've been skipped. Typically:

Receive DATA, ordered, complete, TSN=10, SID=1, SSN=0
  - will be delivered.
Receive DATA, ordered, complete, TSN=43, SID=1, SSN=7
  - will stay in queue, due to missing SSN=1,2,3,4,5,6.
Receive FORWARD-TSN, TSN=44, SSN=6
  - is invalid, as the SSN should've been 7 or higher.

However, as the TSN isn't used for removing messages in ordered streams,
but just the SSN, the SSN=7 isn't removed but instead will be delivered
as it's the next following SSN after 6. This will trigger internal
consistency checks as a chunk with TSN=43 will be delivered when the
current cumulative TSN is set to 44, which is greater.

This was found when fuzzing, and can only be provoked by a client that
is intentionally misbehaving. Before this fix, there was no harm done,
but it failed consistency checks which fuzzers have enabled. When
bug 13799 was fixed (in a previous commit), this allowed the fuzzers to
find it faster.

Bug: webrtc:13799
Change-Id: I830ef189476e227e1dbe08157d34f96ad6453e30
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254240
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#36157}
4 files changed
tree: 59872eedba1e56030b8d35e429079a77ec957723
  1. api/
  2. audio/
  3. build_overrides/
  4. call/
  5. common_audio/
  6. common_video/
  7. data/
  8. docs/
  9. examples/
  10. g3doc/
  11. logging/
  12. media/
  13. modules/
  14. net/
  15. p2p/
  16. pc/
  17. resources/
  18. rtc_base/
  19. rtc_tools/
  20. sdk/
  21. stats/
  22. system_wrappers/
  23. test/
  24. tools_webrtc/
  25. video/
  26. .clang-format
  27. .git-blame-ignore-revs
  28. .gitignore
  29. .gn
  30. .mailmap
  31. .style.yapf
  32. .vpython
  33. .vpython3
  34. AUTHORS
  35. BUILD.gn
  36. CODE_OF_CONDUCT.md
  37. codereview.settings
  38. DEPS
  39. DIR_METADATA
  40. ENG_REVIEW_OWNERS
  41. g3doc.lua
  42. LICENSE
  43. license_template.txt
  44. native-api.md
  45. OWNERS
  46. PATENTS
  47. PRESUBMIT.py
  48. presubmit_test.py
  49. presubmit_test_mocks.py
  50. pylintrc
  51. README.chromium
  52. README.md
  53. WATCHLISTS
  54. webrtc.gni
  55. webrtc_lib_link_test.cc
  56. whitespace.txt
README.md

WebRTC is a free, open software project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high-quality RTC applications to be developed for the browser, mobile platforms, and IoT devices, and allow them all to communicate via a common set of protocols.

The WebRTC initiative is a project supported by Google, Mozilla and Opera, amongst others.

Development

See here for instructions on how to get started developing with the native code.

Authoritative list of directories that contain the native API header files.

More info