Limit to the number of getUserMedia() requests tracked by webrtc-internals

Tracked requests are normally removed when the corresponding renderer
process dies.
However, it has been reported that this mechanism could be used to launch
a DoS attack against the browser process, resulting in "leaks".

This CL sets a limit of 1000 tracked gUM requests, which is a number
probably beyond what is practical for the webrtc-internals UI anyway.

Bug: 804440
Change-Id: I578fbb4ab6feee17f035beca2dbec86381376b6c
Reviewed-on: https://chromium-review.googlesource.com/926366
Commit-Queue: Guido Urdaneta <guidou@chromium.org>
Reviewed-by: Tommi <tommi@chromium.org>
Reviewed-by: Erik Chen <erikchen@chromium.org>
Reviewed-by: Harald Alvestrand <hta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#537850}

content/browser/webrtc/webrtc_internals.cc

@@ -41,6 +41,10 @@ namespace content {
 
 namespace {
 
+// This is intended to limit DoS attacks against the browser process consisting
+// of many getUserMedia() calls. See https://crbug.com/804440.
+const size_t kMaxGetUserMediaEntries = 1000;
+
 // Makes sure that |dict| has a ListValue under path "log".
 base::ListValue* EnsureLogList(base::DictionaryValue* dict) {
   base::ListValue* log = nullptr;
@@ -244,6 +248,12 @@ void WebRTCInternals::OnGetUserMedia(int rid,
                                      const std::string& video_constraints) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
+  if (get_user_media_requests_.GetList().size() >= kMaxGetUserMediaEntries) {
+    LOG(WARNING) << "Maximum number of tracked getUserMedia() requests reached "
+                    "in webrtc-internals.";
+    return;
+  }
+
   auto dict = std::make_unique<base::DictionaryValue>();
   dict->SetInteger("rid", rid);
   dict->SetInteger("pid", static_cast<int>(pid));