dcsctp: Avoid integer overflow in HEARTBEAT-ACK v2
This is a follow-up to change 232904 that also validates that the
timestamp from the heartbeat ack isn't negative (which the fuzzer
managed to set it to).
Bug: chromium:1252515
Change-Id: Idaac570589dbdaaee67b7785f6232b60226e88e1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/234582
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#35168}
diff --git a/net/dcsctp/socket/heartbeat_handler.cc b/net/dcsctp/socket/heartbeat_handler.cc
index 8f41b9d..9588b85 100644
--- a/net/dcsctp/socket/heartbeat_handler.cc
+++ b/net/dcsctp/socket/heartbeat_handler.cc
@@ -154,7 +154,7 @@
}
TimeMs now = ctx_->callbacks().TimeMillis();
- if (info->created_at() <= now) {
+ if (info->created_at() > TimeMs(0) && info->created_at() <= now) {
ctx_->ObserveRTT(now - info->created_at());
}