[libav-stable] rtmpproto: Check the buffer sizes when copying app/playpath strings

Martin Storsjö git at libav.org
Thu May 8 18:02:58 CEST 2014


Module: libav
Branch: master
Commit: 0bacfa8d37710b904897e7cbeb8d6f96fbf75e2e

Author:    Martin Storsjö <martin at martin.st>
Committer: Martin Storsjö <martin at martin.st>
Date:      Thu May  8 15:12:23 2014 +0300

rtmpproto: Check the buffer sizes when copying app/playpath strings

As pointed out by Reimar Döffinger.

CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>

---

 libavformat/rtmpproto.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index 2962737..0cc702a 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -2484,12 +2484,13 @@ reconnect:
     if (qmark && strstr(qmark, "slist=")) {
         char* amp;
         // After slist we have the playpath, before the params, the app
-        av_strlcpy(rt->app, path + 1, qmark - path);
+        av_strlcpy(rt->app, path + 1, FFMIN(qmark - path, APP_MAX_LENGTH));
         fname = strstr(path, "slist=") + 6;
         // Strip any further query parameters from fname
         amp = strchr(fname, '&');
         if (amp) {
-            av_strlcpy(fname_buffer, fname, amp - fname + 1);
+            av_strlcpy(fname_buffer, fname, FFMIN(amp - fname + 1,
+                                                  sizeof(fname_buffer)));
             fname = fname_buffer;
         }
     } else if (!strncmp(path, "/ondemand/", 10)) {
@@ -2507,10 +2508,10 @@ reconnect:
             fname = strchr(p + 1, '/');
             if (!fname || (c && c < fname)) {
                 fname = p + 1;
-                av_strlcpy(rt->app, path + 1, p - path);
+                av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
             } else {
                 fname++;
-                av_strlcpy(rt->app, path + 1, fname - path - 1);
+                av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
             }
         }
     }



More information about the libav-stable mailing list