[FFmpeg-devel] [PATCH][GSoC] lavf/http: Parse and set HTTP method when listening on HTTP(S)
Nicolas George
george at nsup.org
Fri May 29 19:10:45 CEST 2015
Le decadi 10 prairial, an CCXXIII, Stephan Holljes a écrit :
> From 33a479200b9a941d0783d941c6ea68f8b85cc4de Mon Sep 17 00:00:00 2001
> From: Stephan Holljes <klaxa1337 at googlemail.com>
> Date: Fri, 29 May 2015 16:47:11 +0200
> Subject: [PATCH] lavf/http: Parse and set HTTP method when listening on
> HTTP(S)
>
> Signed-off-by: Stephan Holljes <klaxa1337 at googlemail.com>
> ---
> libavformat/http.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/libavformat/http.c b/libavformat/http.c
> index 4f6716a..c73734f 100644
> --- a/libavformat/http.c
> +++ b/libavformat/http.c
> @@ -556,6 +556,12 @@ static int process_line(URLContext *h, char *line, int line_count,
>
> p = line;
> if (line_count == 0) {
> + if (s->listen) {
> + while (!av_isspace(*p))
> + p++;
> + if (!(s->method = av_strndup(line, p - line)))
> + return AVERROR(ENOMEM);
If method is already set, it overwrites it and therefore the old value
leaks.
> + }
> while (!av_isspace(*p) && *p != '\0')
> p++;
> while (av_isspace(*p))
It looks like there is client code after the if clause, it should probably
not be executed for the server side. A malicious request could even get
check_http_code() to return an error.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150529/17423e22/attachment.asc>
More information about the ffmpeg-devel
mailing list