Diff
Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (273245 => 273246)
--- branches/safari-611-branch/Source/WebCore/ChangeLog 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog 2021-02-22 17:54:12 UTC (rev 273246)
@@ -1,3 +1,68 @@
+2021-02-17 Ruben Turcios <[email protected]>
+
+ Cherry-pick r272504. rdar://problem/74409474
+
+ NetworkRTCSocketCocoa extractDataMessages should not read too much data
+ https://bugs.webkit.org/show_bug.cgi?id=221544
+
+ Reviewed by Eric Carlson.
+
+ Source/WebCore:
+
+ Move STUN/TURN message parsing to its own file routine so that we can add API test.
+ Code is taken from Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm.
+ Fix the test verifying we can actually read a message given its expected length.
+
+ Covered by API test.
+
+ * Headers.cmake:
+ * Modules/mediastream/STUNMessageParsing.cpp: Added.
+ (WebCore::isStunMessage):
+ (WebCore::getSTUNOrTURNMessageLengths):
+ (WebCore::extractSTUNOrTURNMessages):
+ (WebCore::extractDataMessages):
+ (WebCore::extractMessages):
+ * Modules/mediastream/STUNMessageParsing.h: Added.
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+
+ Source/WebKit:
+
+ * NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm:
+ Make use of WebCore method.
+
+ Tools:
+
+ * TestWebKitAPI/Tests/WebCore/STUNMessageParsingTest.cpp: Added.
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@272504 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-02-08 Youenn Fablet <[email protected]>
+
+ NetworkRTCSocketCocoa extractDataMessages should not read too much data
+ https://bugs.webkit.org/show_bug.cgi?id=221544
+
+ Reviewed by Eric Carlson.
+
+ Move STUN/TURN message parsing to its own file routine so that we can add API test.
+ Code is taken from Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm.
+ Fix the test verifying we can actually read a message given its expected length.
+
+ Covered by API test.
+
+ * Headers.cmake:
+ * Modules/mediastream/STUNMessageParsing.cpp: Added.
+ (WebCore::isStunMessage):
+ (WebCore::getSTUNOrTURNMessageLengths):
+ (WebCore::extractSTUNOrTURNMessages):
+ (WebCore::extractDataMessages):
+ (WebCore::extractMessages):
+ * Modules/mediastream/STUNMessageParsing.h: Added.
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+
2021-02-19 Alan Coon <[email protected]>
Cherry-pick r273069. rdar://problem/74500798
Modified: branches/safari-611-branch/Source/WebCore/Headers.cmake (273245 => 273246)
--- branches/safari-611-branch/Source/WebCore/Headers.cmake 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Source/WebCore/Headers.cmake 2021-02-22 17:54:12 UTC (rev 273246)
@@ -103,6 +103,7 @@
Modules/mediastream/MediaStreamTrack.h
Modules/mediastream/MediaTrackConstraints.h
Modules/mediastream/RTCController.h
+ Modules/mediastream/STUNMessageParsing.h
Modules/mediastream/UserMediaClient.h
Modules/mediastream/UserMediaController.h
Modules/mediastream/UserMediaRequest.h
Added: branches/safari-611-branch/Source/WebCore/Modules/mediastream/STUNMessageParsing.cpp (0 => 273246)
--- branches/safari-611-branch/Source/WebCore/Modules/mediastream/STUNMessageParsing.cpp (rev 0)
+++ branches/safari-611-branch/Source/WebCore/Modules/mediastream/STUNMessageParsing.cpp 2021-02-22 17:54:12 UTC (rev 273246)
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "STUNMessageParsing.h"
+
+#if ENABLE(WEB_RTC)
+
+#include <WebCore/LibWebRTCMacros.h>
+#include <webrtc/rtc_base/byte_order.h>
+
+namespace WebCore {
+namespace WebRTC {
+
+static inline bool isStunMessage(uint16_t messageType)
+{
+ // https://tools.ietf.org/html/rfc5389#section-6 for STUN messages.
+ // TURN messages start by the channel number which is constrained by https://tools.ietf.org/html/rfc5766#section-11.
+ return !(messageType & 0xC000);
+}
+
+Optional<STUNMessageLengths> getSTUNOrTURNMessageLengths(const uint8_t* data, size_t size)
+{
+ if (size < 4)
+ return { };
+
+ auto messageType = be16toh(*reinterpret_cast<const uint16_t*>(data));
+ auto messageLength = be16toh(*reinterpret_cast<const uint16_t*>(data + 2));
+
+ // STUN data message header is 20 bytes.
+ if (isStunMessage(messageType)) {
+ size_t length = 20 + messageLength;
+ return STUNMessageLengths { length, length };
+ }
+
+ // TURN data message header is 4 bytes plus padding bytes to get 4 bytes alignment as needed.
+ size_t length = 4 + messageLength;
+ size_t roundedLength = length % 4 ? (length + 4 - (length % 4)) : length;
+ return STUNMessageLengths { length, roundedLength };
+}
+
+static inline Vector<uint8_t> extractSTUNOrTURNMessages(Vector<uint8_t>&& buffered, const Function<void(const uint8_t* data, size_t size)>& processMessage)
+{
+ auto* data = ""
+ size_t size = buffered.size();
+
+ while (true) {
+ auto lengths = getSTUNOrTURNMessageLengths(data, size);
+
+ if (!lengths || lengths->messageLengthWithPadding > size) {
+ if (!size)
+ return { };
+
+ std::memcpy(buffered.data(), data, size);
+ buffered.resize(size);
+ return WTFMove(buffered);
+ }
+
+ processMessage(data, lengths->messageLength);
+
+ data += lengths->messageLengthWithPadding;
+ size -= lengths->messageLengthWithPadding;
+ }
+}
+
+static inline Vector<uint8_t> extractDataMessages(Vector<uint8_t>&& buffered, const Function<void(const uint8_t* data, size_t size)>& processMessage)
+{
+ constexpr size_t lengthFieldSize = 2; // number of bytes read by be16toh.
+
+ auto* data = ""
+ size_t size = buffered.size();
+
+ while (true) {
+ bool canReadLength = size >= lengthFieldSize;
+ size_t length = canReadLength ? be16toh(*reinterpret_cast<const uint16_t*>(data)) : 0;
+ if (!canReadLength || length > size - lengthFieldSize) {
+ if (!size)
+ return { };
+
+ std::memcpy(buffered.data(), data, size);
+ buffered.resize(size);
+ return WTFMove(buffered);
+ }
+
+ data += lengthFieldSize;
+ size -= lengthFieldSize;
+
+ processMessage(data, length);
+
+ data += length;
+ size -= length;
+ }
+}
+
+Vector<uint8_t> extractMessages(Vector<uint8_t>&& buffer, MessageType type, const Function<void(const uint8_t* data, size_t size)>& processMessage)
+{
+ return type == MessageType::STUN ? extractSTUNOrTURNMessages(WTFMove(buffer), processMessage) : extractDataMessages(WTFMove(buffer), processMessage);
+}
+
+} // namespace WebRTC
+} // namespace WebCore
+
+#endif // ENABLE(WEB_RTC)
Added: branches/safari-611-branch/Source/WebCore/Modules/mediastream/STUNMessageParsing.h (0 => 273246)
--- branches/safari-611-branch/Source/WebCore/Modules/mediastream/STUNMessageParsing.h (rev 0)
+++ branches/safari-611-branch/Source/WebCore/Modules/mediastream/STUNMessageParsing.h 2021-02-22 17:54:12 UTC (rev 273246)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <wtf/Function.h>
+#include <wtf/Vector.h>
+
+#if ENABLE(WEB_RTC)
+
+namespace WebCore {
+namespace WebRTC {
+
+struct STUNMessageLengths {
+ size_t messageLength { 0 };
+ size_t messageLengthWithPadding { 0 };
+};
+
+WEBCORE_EXPORT Optional<STUNMessageLengths> getSTUNOrTURNMessageLengths(const uint8_t*, size_t);
+
+enum class MessageType { STUN, Data };
+WEBCORE_EXPORT Vector<uint8_t> extractMessages(Vector<uint8_t>&&, MessageType, const Function<void(const uint8_t* data, size_t size)>&);
+
+} // namespace WebRTC
+} // namespace WebCore
+
+#endif
Modified: branches/safari-611-branch/Source/WebCore/Sources.txt (273245 => 273246)
--- branches/safari-611-branch/Source/WebCore/Sources.txt 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Source/WebCore/Sources.txt 2021-02-22 17:54:12 UTC (rev 273246)
@@ -179,6 +179,7 @@
Modules/mediastream/RTCSessionDescription.cpp
Modules/mediastream/RTCTrackEvent.cpp
Modules/mediastream/SFrameUtils.cpp
+Modules/mediastream/STUNMessageParsing.cpp
Modules/mediastream/UserMediaController.cpp
Modules/mediastream/UserMediaRequest.cpp
Modules/mediastream/libwebrtc/LibWebRTCCertificateGenerator.cpp
Modified: branches/safari-611-branch/Source/WebCore/WebCore.xcodeproj/project.pbxproj (273245 => 273246)
--- branches/safari-611-branch/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2021-02-22 17:54:12 UTC (rev 273246)
@@ -1152,6 +1152,7 @@
41DEFCB61E56C1BD000D9E5F /* JSDOMMapLike.h in Headers */ = {isa = PBXBuildFile; fileRef = 41DEFCB41E56C1B9000D9E5F /* JSDOMMapLike.h */; };
41E12E9F24FE74E20093FFB4 /* WebSocketIdentifier.h in Headers */ = {isa = PBXBuildFile; fileRef = 41E12E9D24FE74E20093FFB4 /* WebSocketIdentifier.h */; settings = {ATTRIBUTES = (Private, ); }; };
41E1B1D10FF5986900576B3B /* AbstractWorker.h in Headers */ = {isa = PBXBuildFile; fileRef = 41E1B1CB0FF5986900576B3B /* AbstractWorker.h */; };
+ 41E67A8325D16847007B0A4C /* STUNMessageParsing.h in Headers */ = {isa = PBXBuildFile; fileRef = 41E67A8125D16847007B0A4C /* STUNMessageParsing.h */; settings = {ATTRIBUTES = (Private, ); }; };
41E9DCE7231974BF00F35949 /* BlobLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 41E9DCE4231973FE00F35949 /* BlobLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
41E9DCE92319CA7600F35949 /* NetworkSendQueue.h in Headers */ = {isa = PBXBuildFile; fileRef = 41E9DCE82319CA7500F35949 /* NetworkSendQueue.h */; settings = {ATTRIBUTES = (Private, ); }; };
41F062140F5F192600A07EAC /* InspectorDatabaseResource.h in Headers */ = {isa = PBXBuildFile; fileRef = 41F062120F5F192600A07EAC /* InspectorDatabaseResource.h */; };
@@ -7929,6 +7930,8 @@
41E593FF214865AA00D3CB61 /* RTCRtpEncodingParameters.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = RTCRtpEncodingParameters.idl; sourceTree = "<group>"; };
41E59400214865AA00D3CB61 /* RTCRtpHeaderExtensionParameters.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = RTCRtpHeaderExtensionParameters.idl; sourceTree = "<group>"; };
41E59401214865AB00D3CB61 /* RTCRtpFecParameters.idl */ = {isa = PBXFileReference; lastKnownFileType = text; path = RTCRtpFecParameters.idl; sourceTree = "<group>"; };
+ 41E67A7F25D16846007B0A4C /* STUNMessageParsing.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = STUNMessageParsing.cpp; sourceTree = "<group>"; };
+ 41E67A8125D16847007B0A4C /* STUNMessageParsing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = STUNMessageParsing.h; sourceTree = "<group>"; };
41E9DCE4231973FE00F35949 /* BlobLoader.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BlobLoader.h; sourceTree = "<group>"; };
41E9DCE62319742300F35949 /* EndingType.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = EndingType.idl; sourceTree = "<group>"; };
41E9DCE82319CA7500F35949 /* NetworkSendQueue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkSendQueue.h; sourceTree = "<group>"; };
@@ -17304,6 +17307,8 @@
5E2C43661BCEE3720001E2BC /* RTCTrackEvent.idl */,
41209E26257A2FBB00120ACA /* SFrameUtils.cpp */,
41209E24257A2FBB00120ACA /* SFrameUtils.h */,
+ 41E67A7F25D16846007B0A4C /* STUNMessageParsing.cpp */,
+ 41E67A8125D16847007B0A4C /* STUNMessageParsing.h */,
07221B8D17CEC32700848E51 /* UserMediaClient.h */,
07221B8E17CEC32700848E51 /* UserMediaController.cpp */,
07221B8F17CEC32700848E51 /* UserMediaController.h */,
@@ -34721,6 +34726,7 @@
9B6C41531344949000085B62 /* StringWithDirection.h in Headers */,
849F77760EFEC6200090849D /* StrokeStyleApplier.h in Headers */,
414B82051D6DF0E50077EBE3 /* StructuredClone.h in Headers */,
+ 41E67A8325D16847007B0A4C /* STUNMessageParsing.h in Headers */,
713922BE2518AB77005DB3C2 /* Styleable.h in Headers */,
E45BA6B6237622A3004DFC07 /* StyleAdjuster.h in Headers */,
BC5EB6A30E81DC4F00B25965 /* StyleBackgroundData.h in Headers */,
Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (273245 => 273246)
--- branches/safari-611-branch/Source/WebKit/ChangeLog 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog 2021-02-22 17:54:12 UTC (rev 273246)
@@ -1,3 +1,54 @@
+2021-02-17 Ruben Turcios <[email protected]>
+
+ Cherry-pick r272504. rdar://problem/74409474
+
+ NetworkRTCSocketCocoa extractDataMessages should not read too much data
+ https://bugs.webkit.org/show_bug.cgi?id=221544
+
+ Reviewed by Eric Carlson.
+
+ Source/WebCore:
+
+ Move STUN/TURN message parsing to its own file routine so that we can add API test.
+ Code is taken from Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm.
+ Fix the test verifying we can actually read a message given its expected length.
+
+ Covered by API test.
+
+ * Headers.cmake:
+ * Modules/mediastream/STUNMessageParsing.cpp: Added.
+ (WebCore::isStunMessage):
+ (WebCore::getSTUNOrTURNMessageLengths):
+ (WebCore::extractSTUNOrTURNMessages):
+ (WebCore::extractDataMessages):
+ (WebCore::extractMessages):
+ * Modules/mediastream/STUNMessageParsing.h: Added.
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+
+ Source/WebKit:
+
+ * NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm:
+ Make use of WebCore method.
+
+ Tools:
+
+ * TestWebKitAPI/Tests/WebCore/STUNMessageParsingTest.cpp: Added.
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@272504 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-02-08 Youenn Fablet <[email protected]>
+
+ NetworkRTCSocketCocoa extractDataMessages should not read too much data
+ https://bugs.webkit.org/show_bug.cgi?id=221544
+
+ Reviewed by Eric Carlson.
+
+ * NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm:
+ Make use of WebCore method.
+
2021-02-19 Alan Coon <[email protected]>
Cherry-pick r272990. rdar://problem/74500669
Modified: branches/safari-611-branch/Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm (273245 => 273246)
--- branches/safari-611-branch/Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm 2021-02-22 17:54:12 UTC (rev 273246)
@@ -30,6 +30,7 @@
#include "DataReference.h"
#include "LibWebRTCNetworkMessages.h"
+#include <WebCore/STUNMessageParsing.h>
#include <dispatch/dispatch.h>
#include <wtf/BlockPtr.h>
@@ -55,94 +56,6 @@
return makeUnique<NetworkRTCSocketCocoa>(identifier, rtcProvider, remoteAddress, tcpOptions, WTFMove(connection));
}
-static inline bool isStunMessage(uint16_t messageType)
-{
- // https://tools.ietf.org/html/rfc5389#section-6 for STUN messages.
- // TURN messages start by the channel number which is constrained by https://tools.ietf.org/html/rfc5766#section-11.
- return !(messageType & 0xC000);
-}
-
-struct STUNMessageLengths {
- size_t messageLength { 0 };
- size_t messageLengthWithPadding { 0 };
-};
-
-static inline Optional<STUNMessageLengths> getSTUNOrTURNMessageLengths(const uint8_t* data, size_t size)
-{
- if (size < 4)
- return { };
-
- auto messageType = be16toh(*reinterpret_cast<const uint16_t*>(data));
- auto messageLength = be16toh(*reinterpret_cast<const uint16_t*>(data + 2));
-
- // STUN data message header is 20 bytes.
- if (isStunMessage(messageType)) {
- size_t length = 20 + messageLength;
- return STUNMessageLengths { length, length };
- }
-
- // TURN data message header is 4 bytes plus padding bytes to get 4 bytes alignment as needed.
- size_t length = 4 + messageLength;
- size_t roundedLength = length % 4 ? (length + 4 - (length % 4)) : length;
- return STUNMessageLengths { length, roundedLength };
-}
-
-static inline Vector<uint8_t> extractSTUNOrTURNMessages(Vector<uint8_t>&& buffered, const Function<void(const uint8_t* data, size_t size)>& processMessage)
-{
- auto* data = ""
- size_t size = buffered.size();
-
- while (true) {
- auto lengths = getSTUNOrTURNMessageLengths(data, size);
-
- if (!lengths || lengths->messageLengthWithPadding > size) {
- if (!size)
- return { };
-
- std::memcpy(buffered.data(), data, size);
- buffered.resize(size);
- return WTFMove(buffered);
- }
-
- processMessage(data, lengths->messageLength);
-
- data += lengths->messageLengthWithPadding;
- size -= lengths->messageLengthWithPadding;
- }
-}
-
-static inline Vector<uint8_t> extractDataMessages(Vector<uint8_t>&& buffered, const Function<void(const uint8_t* data, size_t size)>& processMessage)
-{
- auto* data = ""
- size_t size = buffered.size();
-
- while (true) {
- bool canReadLength = size >= 2;
- size_t length = canReadLength ? be16toh(*reinterpret_cast<const uint16_t*>(data)) : 0;
- if (!canReadLength || length > size + 2) {
- if (!size)
- return { };
-
- std::memcpy(buffered.data(), data, size);
- buffered.resize(size);
- return WTFMove(buffered);
- }
-
- data += 2;
- size -= 2;
-
- processMessage(data, length);
-
- data += length;
- size -= length;
- }
-}
-
-static inline Vector<uint8_t> extractMessages(Vector<uint8_t>&& buffer, bool isSTUN, const Function<void(const uint8_t* data, size_t size)>& processMessage)
-{
- return isSTUN ? extractSTUNOrTURNMessages(WTFMove(buffer), processMessage) : extractDataMessages(WTFMove(buffer), processMessage);
-}
-
static inline void processIncomingData(RetainPtr<nw_connection_t>&& nwConnection, Function<Vector<uint8_t>(Vector<uint8_t>&&)>&& processData, Vector<uint8_t>&& buffer = { })
{
auto nwConnectionReference = nwConnection.get();
@@ -204,7 +117,7 @@
}).get());
processIncomingData(m_nwConnection.get(), [identifier = m_identifier, connection = m_connection.copyRef(), ip = remoteAddress.ipaddr(), port = remoteAddress.port(), isSTUN = m_isSTUN](auto&& buffer) mutable {
- return extractMessages(WTFMove(buffer), isSTUN, [&](auto* message, auto size) {
+ return WebRTC::extractMessages(WTFMove(buffer), isSTUN ? WebRTC::MessageType::STUN : WebRTC::MessageType::Data, [&](auto* message, auto size) {
IPC::DataReference data(message, size);
connection->send(Messages::LibWebRTCNetwork::SignalReadPacket { identifier, data, RTCNetwork::IPAddress(ip), port, rtc::TimeMillis() * 1000 }, 0);
});
@@ -241,7 +154,7 @@
return { };
if (m_isSTUN) {
- auto messageLengths = getSTUNOrTURNMessageLengths(data, size);
+ auto messageLengths = WebRTC::getSTUNOrTURNMessageLengths(data, size);
if (!messageLengths)
return { };
Modified: branches/safari-611-branch/Tools/ChangeLog (273245 => 273246)
--- branches/safari-611-branch/Tools/ChangeLog 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Tools/ChangeLog 2021-02-22 17:54:12 UTC (rev 273246)
@@ -1,3 +1,55 @@
+2021-02-17 Ruben Turcios <[email protected]>
+
+ Cherry-pick r272504. rdar://problem/74409474
+
+ NetworkRTCSocketCocoa extractDataMessages should not read too much data
+ https://bugs.webkit.org/show_bug.cgi?id=221544
+
+ Reviewed by Eric Carlson.
+
+ Source/WebCore:
+
+ Move STUN/TURN message parsing to its own file routine so that we can add API test.
+ Code is taken from Source/WebKit/NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm.
+ Fix the test verifying we can actually read a message given its expected length.
+
+ Covered by API test.
+
+ * Headers.cmake:
+ * Modules/mediastream/STUNMessageParsing.cpp: Added.
+ (WebCore::isStunMessage):
+ (WebCore::getSTUNOrTURNMessageLengths):
+ (WebCore::extractSTUNOrTURNMessages):
+ (WebCore::extractDataMessages):
+ (WebCore::extractMessages):
+ * Modules/mediastream/STUNMessageParsing.h: Added.
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+
+ Source/WebKit:
+
+ * NetworkProcess/webrtc/NetworkRTCSocketCocoa.mm:
+ Make use of WebCore method.
+
+ Tools:
+
+ * TestWebKitAPI/Tests/WebCore/STUNMessageParsingTest.cpp: Added.
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@272504 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-02-08 Youenn Fablet <[email protected]>
+
+ NetworkRTCSocketCocoa extractDataMessages should not read too much data
+ https://bugs.webkit.org/show_bug.cgi?id=221544
+
+ Reviewed by Eric Carlson.
+
+ * TestWebKitAPI/Tests/WebCore/STUNMessageParsingTest.cpp: Added.
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+
2021-02-17 Alan Coon <[email protected]>
Cherry-pick r272345. rdar://problem/74195248
Modified: branches/safari-611-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (273245 => 273246)
--- branches/safari-611-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2021-02-22 17:53:04 UTC (rev 273245)
+++ branches/safari-611-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2021-02-22 17:54:12 UTC (rev 273246)
@@ -239,6 +239,7 @@
4181C62D255A891100AEB0FF /* RTCRtpSFrameTransformerTests.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4181C62C255A891100AEB0FF /* RTCRtpSFrameTransformerTests.cpp */; };
41848F4424891879000E2588 /* open-window-with-file-url-with-host.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 41848F4324891815000E2588 /* open-window-with-file-url-with-host.html */; };
41882F0321010C0D002FF288 /* ProcessPreWarming.mm in Sources */ = {isa = PBXBuildFile; fileRef = 41882F0221010A70002FF288 /* ProcessPreWarming.mm */; };
+ 41E67A8525D16E83007B0A4C /* STUNMessageParsingTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41E67A8425D16E83007B0A4C /* STUNMessageParsingTest.cpp */; };
44077BB123144B5000179E2D /* DataDetectorsTestIOS.mm in Sources */ = {isa = PBXBuildFile; fileRef = 44077BB0231449D200179E2D /* DataDetectorsTestIOS.mm */; };
4433A396208044140091ED57 /* SynchronousTimeoutTests.mm in Sources */ = {isa = PBXBuildFile; fileRef = 4433A395208044130091ED57 /* SynchronousTimeoutTests.mm */; };
448110C2253F40300097FC33 /* WebPreferencesTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 448110C1253F40240097FC33 /* WebPreferencesTest.mm */; };
@@ -1984,6 +1985,7 @@
41848F4324891815000E2588 /* open-window-with-file-url-with-host.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "open-window-with-file-url-with-host.html"; sourceTree = "<group>"; };
41882F0221010A70002FF288 /* ProcessPreWarming.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ProcessPreWarming.mm; sourceTree = "<group>"; };
41973B5C1AF22875006C7B36 /* SharedBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SharedBuffer.cpp; sourceTree = "<group>"; };
+ 41E67A8425D16E83007B0A4C /* STUNMessageParsingTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = STUNMessageParsingTest.cpp; sourceTree = "<group>"; };
44077BB0231449D200179E2D /* DataDetectorsTestIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DataDetectorsTestIOS.mm; sourceTree = "<group>"; };
442BBF681C91CAD90017087F /* RefLogger.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RefLogger.cpp; sourceTree = "<group>"; };
4433A395208044130091ED57 /* SynchronousTimeoutTests.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SynchronousTimeoutTests.mm; sourceTree = "<group>"; };
@@ -3582,6 +3584,7 @@
A179918A1E1CA24100A505ED /* SharedBufferTest.h */,
ECA680CD1E68CC0900731D20 /* StringUtilities.mm */,
CE4D5DE51F6743BA0072CFC6 /* StringWithDirection.cpp */,
+ 41E67A8425D16E83007B0A4C /* STUNMessageParsingTest.cpp */,
93A258981F92FF15003E510C /* TextCodec.cpp */,
CDC2C7141797089D00E627FB /* TimeRanges.cpp */,
7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */,
@@ -5534,6 +5537,7 @@
7CCE7ED11A411A7E00447C4C /* StringTruncator.mm in Sources */,
ECA680CE1E68CC0900731D20 /* StringUtilities.mm in Sources */,
CE4D5DE71F6743BA0072CFC6 /* StringWithDirection.cpp in Sources */,
+ 41E67A8525D16E83007B0A4C /* STUNMessageParsingTest.cpp in Sources */,
7CCE7ED21A411A7E00447C4C /* SubresourceErrorCrash.mm in Sources */,
51EB126724CB8753000CB030 /* SunLightApplicationGenericNES.mm in Sources */,
4433A396208044140091ED57 /* SynchronousTimeoutTests.mm in Sources */,
Added: branches/safari-611-branch/Tools/TestWebKitAPI/Tests/WebCore/STUNMessageParsingTest.cpp (0 => 273246)
--- branches/safari-611-branch/Tools/TestWebKitAPI/Tests/WebCore/STUNMessageParsingTest.cpp (rev 0)
+++ branches/safari-611-branch/Tools/TestWebKitAPI/Tests/WebCore/STUNMessageParsingTest.cpp 2021-02-22 17:54:12 UTC (rev 273246)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if ENABLE(WEB_RTC)
+
+#include <WebCore/STUNMessageParsing.h>
+#include <utility>
+
+namespace TestWebKitAPI {
+
+using namespace WebCore;
+
+// Test constructors
+TEST(STUNMessageParsing, MessageLength)
+{
+ auto buffer = Vector<uint8_t>::from(0, 1, 3, 0, 2, 4);
+ buffer = WebRTC::extractMessages(WTFMove(buffer), WebRTC::MessageType::Data, [](const uint8_t* data, size_t size) {
+ EXPECT_EQ(size, 1u);
+ EXPECT_EQ(*data, 3u);
+ });
+ EXPECT_EQ(buffer.size(), 3u);
+ EXPECT_EQ(buffer[0], 0u);
+ EXPECT_EQ(buffer[1], 2u);
+ EXPECT_EQ(buffer[2], 4u);
+}
+
+} // namespace TestWebKitAPI
+
+#endif // ENABLE(WEB_AUTHN)
