Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-2-2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-2-2
Commits
6af8bf05
Commit
6af8bf05
authored
Mar 28, 2010
by
Rémi Duraffort
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
growl: fix a buffer overflow.
parent
5ef889a4
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
18 deletions
+20
-18
modules/misc/notify/growl_udp.c
modules/misc/notify/growl_udp.c
+20
-18
No files found.
modules/misc/notify/growl_udp.c
View file @
6af8bf05
...
@@ -48,7 +48,7 @@ static int ItemChange( vlc_object_t *, const char *,
...
@@ -48,7 +48,7 @@ static int ItemChange( vlc_object_t *, const char *,
static
int
RegisterToGrowl
(
vlc_object_t
*
p_this
);
static
int
RegisterToGrowl
(
vlc_object_t
*
p_this
);
static
int
NotifyToGrowl
(
vlc_object_t
*
p_this
,
const
char
*
psz_desc
);
static
int
NotifyToGrowl
(
vlc_object_t
*
p_this
,
const
char
*
psz_desc
);
static
int
CheckAndSend
(
vlc_object_t
*
p_this
,
uint8_t
*
p_data
,
int
i_offset
);
static
int
CheckAndSend
(
vlc_object_t
*
p_this
,
uint8_t
*
p_data
,
int
i_offset
,
size_t
is_ze
);
#define GROWL_MAX_LENGTH 256
#define GROWL_MAX_LENGTH 256
/*****************************************************************************
/*****************************************************************************
...
@@ -211,7 +211,7 @@ static int RegisterToGrowl( vlc_object_t *p_this )
...
@@ -211,7 +211,7 @@ static int RegisterToGrowl( vlc_object_t *p_this )
}
}
psz_encoded
[
5
]
=
i_defaults
;
psz_encoded
[
5
]
=
i_defaults
;
CheckAndSend
(
p_this
,
psz_encoded
,
i
);
CheckAndSend
(
p_this
,
psz_encoded
,
i
,
100
);
free
(
psz_encoded
);
free
(
psz_encoded
);
return
VLC_SUCCESS
;
return
VLC_SUCCESS
;
}
}
...
@@ -243,36 +243,35 @@ static int NotifyToGrowl( vlc_object_t *p_this, const char *psz_desc )
...
@@ -243,36 +243,35 @@ static int NotifyToGrowl( vlc_object_t *p_this, const char *psz_desc )
strcpy
(
(
char
*
)(
psz_encoded
+
i
),
APPLICATION_NAME
);
strcpy
(
(
char
*
)(
psz_encoded
+
i
),
APPLICATION_NAME
);
i
+=
strlen
(
APPLICATION_NAME
);
i
+=
strlen
(
APPLICATION_NAME
);
CheckAndSend
(
p_this
,
psz_encoded
,
i
);
CheckAndSend
(
p_this
,
psz_encoded
,
i
,
GROWL_MAX_LENGTH
+
42
);
free
(
psz_encoded
);
free
(
psz_encoded
);
return
VLC_SUCCESS
;
return
VLC_SUCCESS
;
}
}
static
int
CheckAndSend
(
vlc_object_t
*
p_this
,
uint8_t
*
p_data
,
int
i_offset
)
static
int
CheckAndSend
(
vlc_object_t
*
p_this
,
uint8_t
*
p_data
,
int
i_offset
,
size_t
i_size
)
{
{
int
i
,
i
_handle
;
int
i_handle
;
struct
md5_s
md5
;
struct
md5_s
md5
;
char
*
psz_password
=
var_InheritString
(
p_this
,
"growl-password"
);
char
*
psz_password
=
var_InheritString
(
p_this
,
"growl-password"
);
char
*
psz_server
=
var_InheritString
(
p_this
,
"growl-server"
);
char
*
psz_server
=
var_InheritString
(
p_this
,
"growl-server"
);
int
i_port
=
var_InheritInteger
(
p_this
,
"growl-port"
);
int
i_port
=
var_InheritInteger
(
p_this
,
"growl-port"
);
if
(
!
psz_password
||
!
psz_server
)
if
(
!
psz_password
||
!
psz_server
)
{
goto
error
;
free
(
psz_password
);
free
(
psz_server
);
int
i_password_length
=
strlen
(
psz_password
);
return
VLC_EGENERIC
;
// Check that the buffer is larger enought for the string and the md5
}
if
(
i_offset
+
i_password_length
+
4
*
4
>=
i_size
)
goto
error
;
strcpy
(
(
char
*
)(
p_data
+
i_offset
),
psz_password
);
strcpy
(
(
char
*
)(
p_data
+
i_offset
),
psz_password
);
i
=
i_offset
+
strlen
(
psz_password
);
InitMD5
(
&
md5
);
InitMD5
(
&
md5
);
AddMD5
(
&
md5
,
p_data
,
i
);
AddMD5
(
&
md5
,
p_data
,
i
_offset
+
i_password_length
);
EndMD5
(
&
md5
);
EndMD5
(
&
md5
);
for
(
i
=
0
;
i
<
4
;
i
++
)
for
(
i
nt
i
=
0
;
i
<
4
;
i
++
)
{
{
md5
.
p_digest
[
i
]
=
md5
.
p_digest
[
i
];
p_data
[
i_offset
++
]
=
md5
.
p_digest
[
i
]
&
0xFF
;
p_data
[
i_offset
++
]
=
md5
.
p_digest
[
i
]
&
0xFF
;
p_data
[
i_offset
++
]
=
(
md5
.
p_digest
[
i
]
>>
8
)
&
0xFF
;
p_data
[
i_offset
++
]
=
(
md5
.
p_digest
[
i
]
>>
8
)
&
0xFF
;
p_data
[
i_offset
++
]
=
(
md5
.
p_digest
[
i
]
>>
16
)
&
0xFF
;
p_data
[
i_offset
++
]
=
(
md5
.
p_digest
[
i
]
>>
16
)
&
0xFF
;
...
@@ -283,9 +282,7 @@ static int CheckAndSend( vlc_object_t *p_this, uint8_t* p_data, int i_offset )
...
@@ -283,9 +282,7 @@ static int CheckAndSend( vlc_object_t *p_this, uint8_t* p_data, int i_offset )
if
(
i_handle
==
-
1
)
if
(
i_handle
==
-
1
)
{
{
msg_Err
(
p_this
,
"failed to open a connection (udp)"
);
msg_Err
(
p_this
,
"failed to open a connection (udp)"
);
free
(
psz_password
);
goto
error
;
free
(
psz_server
);
return
VLC_EGENERIC
;
}
}
shutdown
(
i_handle
,
SHUT_RD
);
shutdown
(
i_handle
,
SHUT_RD
);
...
@@ -298,6 +295,11 @@ static int CheckAndSend( vlc_object_t *p_this, uint8_t* p_data, int i_offset )
...
@@ -298,6 +295,11 @@ static int CheckAndSend( vlc_object_t *p_this, uint8_t* p_data, int i_offset )
free
(
psz_password
);
free
(
psz_password
);
free
(
psz_server
);
free
(
psz_server
);
return
VLC_SUCCESS
;
return
VLC_SUCCESS
;
error:
free
(
psz_password
);
free
(
psz_server
);
return
VLC_EGENERIC
;
}
}
#undef GROWL_PROTOCOL_VERSION
#undef GROWL_PROTOCOL_VERSION
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment