Bug 1394078: reject SDP with non-ASCII chars. r?bwc
MozReview-Commit-ID: 3s5gpcDNK4W
--- a/dom/media/PeerConnection.js
+++ b/dom/media/PeerConnection.js
@@ -838,42 +838,56 @@ class RTCPeerConnection {
let request = this._win.CreateOfferRequest._create(this._win, chrome);
Services.obs.notifyObservers(request, "PeerConnection:request");
});
}
}
return this._havePermission;
}
- setLocalDescription(desc, onSucc, onErr) {
- return this._auto(onSucc, onErr, () => this._setLocalDescription(desc));
- }
-
- async _setLocalDescription({ type, sdp }) {
- this._checkClosed();
-
- this._localType = type;
-
- let action = this._actions[type];
+ _sanityCheckSdp(action, type, sdp) {
if (action === undefined) {
throw new this._win.DOMException(
"Invalid type " + type + " provided to setLocalDescription",
"InvalidParameterError");
}
if (action == Ci.IPeerConnection.kActionPRAnswer) {
throw new this._win.DOMException("pranswer not yet implemented",
"NotSupportedError");
}
if (!sdp && action != Ci.IPeerConnection.kActionRollback) {
throw new this._win.DOMException(
"Empty or null SDP provided to setLocalDescription",
"InvalidParameterError");
}
+ // The fippo butter finger filter AKA non-ASCII chars
+ // Note: SDP allows non-ASCII character in the subject (who cares?)
+ let pos = sdp.search(/[^\u0000-\u007f]/);
+ if (pos != -1) {
+ throw new this._win.DOMException(
+ "SDP contains non ASCII characters at position " + pos,
+ "InvalidParameterError");
+ }
+ }
+
+ setLocalDescription(desc, onSucc, onErr) {
+ return this._auto(onSucc, onErr, () => this._setLocalDescription(desc));
+ }
+
+ async _setLocalDescription({ type, sdp }) {
+ this._checkClosed();
+
+ this._localType = type;
+
+ let action = this._actions[type];
+
+ this._sanityCheckSdp(action, type, sdp);
+
return this._chain(async () => {
await this._getPermission();
await new Promise((resolve, reject) => {
this._onSetLocalDescriptionSuccess = resolve;
this._onSetLocalDescriptionFailure = reject;
this._impl.setLocalDescription(action, sdp);
});
});
@@ -928,31 +942,18 @@ class RTCPeerConnection {
return this._auto(onSucc, onErr, () => this._setRemoteDescription(desc));
}
async _setRemoteDescription({ type, sdp }) {
this._checkClosed();
this._remoteType = type;
let action = this._actions[type];
- if (action === undefined) {
- throw new this._win.DOMException(
- "Invalid type " + type + " provided to setRemoteDescription",
- "InvalidParameterError");
- }
- if (action == Ci.IPeerConnection.kActionPRAnswer) {
- throw new this._win.DOMException("pranswer not yet implemented",
- "NotSupportedError");
- }
- if (!sdp && type != "rollback") {
- throw new this._win.DOMException(
- "Empty or null SDP provided to setRemoteDescription",
- "InvalidParameterError");
- }
+ this._sanityCheckSdp(action, type, sdp);
// Get caller's origin before hitting the promise chain
let origin = Cu.getWebIDLCallerPrincipal().origin;
return this._chain(async () => {
let haveSetRemote = (async () => {
await this._getPermission();
await new Promise((resolve, reject) => {