sdp: limit mid length to 16 bytes

which is the maxium length allowed by one-byte header extensions BUG=webrtc:12517 Change-Id: I003105d3566a34b5b7affb84ffe69b7705973ee3 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/237400 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Philipp Hancke <philipp.hancke@googlemail.com> Cr-Commit-Position: refs/heads/main@{#35333}
2021-11-08 09:58:15 +01:00
parent fbd52c021d
commit 187e9d4927
2 changed files with 45 additions and 0 deletions
--- a/pc/peer_connection_signaling_unittest.cc
+++ b/pc/peer_connection_signaling_unittest.cc
@ -1031,6 +1031,43 @@ TEST_P(PeerConnectionSignalingTest, ReceiveFlexFecReoffer) {
  }
 }

+TEST_P(PeerConnectionSignalingTest, MidAttributeMaxLength) {
+  auto caller = CreatePeerConnection();
+
+  std::string sdp =
+      "v=0\r\n"
+      "o=- 8403615332048243445 2 IN IP4 127.0.0.1\r\n"
+      "s=-\r\n"
+      "t=0 0\r\n"
+      "m=video 9 UDP/TLS/RTP/SAVPF 102\r\n"
+      "c=IN IP4 0.0.0.0\r\n"
+      "a=rtcp:9 IN IP4 0.0.0.0\r\n"
+      "a=ice-ufrag:IZeV\r\n"
+      "a=ice-pwd:uaZhQD4rYM/Tta2qWBT1Bbt4\r\n"
+      "a=ice-options:trickle\r\n"
+      "a=fingerprint:sha-256 "
+      "D8:6C:3D:FA:23:E2:2C:63:11:2D:D0:86:BE:C4:D0:65:F9:42:F7:1C:06:04:27:E6:"
+      "1C:2C:74:01:8D:50:67:23\r\n"
+      "a=setup:actpass\r\n"
+      // Too long mid attribute.
+      "a=mid:01234567890123456\r\n"
+      "a=sendrecv\r\n"
+      "a=msid:stream track\r\n"
+      "a=rtcp-mux\r\n"
+      "a=rtcp-rsize\r\n"
+      "a=rtpmap:102 VP8/90000\r\n"
+      "a=rtcp-fb:102 goog-remb\r\n"
+      "a=rtcp-fb:102 transport-cc\r\n"
+      "a=rtcp-fb:102 ccm fir\r\n"
+      "a=rtcp-fb:102 nack\r\n"
+      "a=rtcp-fb:102 nack pli\r\n"
+      "a=ssrc:1224551896 cname:/exJcmhSLpyu9FgV\r\n";
+  std::unique_ptr<webrtc::SessionDescriptionInterface> remote_description =
+      webrtc::CreateSessionDescription(SdpType::kOffer, sdp, nullptr);
+
+  EXPECT_FALSE(caller->SetRemoteDescription(std::move(remote_description)));
+}
+
 INSTANTIATE_TEST_SUITE_P(PeerConnectionSignalingTest,
                         PeerConnectionSignalingTest,
                         Values(SdpSemantics::kPlanB,
--- a/pc/sdp_offer_answer.cc
+++ b/pc/sdp_offer_answer.cc
@ -123,6 +123,9 @@ const char kSimulcastDisabled[] = "WebRTC.PeerConnection.Simulcast.Disabled";
 // The length of RTCP CNAMEs.
 static const int kRtcpCnameLength = 16;

+// The maximum length of the MID attribute.
+static constexpr size_t kMidMaxSize = 16;
+
 const char kDefaultStreamId[] = "default";
 // NOTE: Duplicated in peer_connection.cc:
 static const char kDefaultAudioSenderId[] = "defaulta0";
@ -448,6 +451,11 @@ RTCError ValidateMids(const cricket::SessionDescription& description) {
      LOG_AND_RETURN_ERROR(RTCErrorType::INVALID_PARAMETER,
                           "A media section is missing a MID attribute.");
    }
+    if (content.name.size() > kMidMaxSize) {
+      LOG_AND_RETURN_ERROR(RTCErrorType::INVALID_PARAMETER,
+                           "The MID attribute exceeds the maximum supported "
+                           "length of 16 characters.");
+    }
    if (!mids.insert(content.name).second) {
      LOG_AND_RETURN_ERROR(RTCErrorType::INVALID_PARAMETER,
                           "Duplicate a=mid value '" + content.name + "'.");