Skip to content

V
vlc-2-2
Commit e14f2110 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files
Options

Fix a bunch of format string injection in the Real RTSP access 

...or why is asprintf() not the same as strdup().
Signed-off-by: default avatarRémi Denis-Courmont <rem@videolan.org>
parent 17291ac5
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 24 deletions
modules/demux/real.c
View file @ e14f2110
...@@ -817,10 +817,9 @@ static int HeaderRead( demux_t *p_demux ) ...@@ -817,10 +817,9 @@ static int HeaderRead( demux_t *p_demux )
stream_Read( p_demux->s, psz, i_len ); stream_Read( p_demux->s, psz, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - title=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_title, psz ); msg_Dbg( p_demux, " - title=`%s'", psz );
free( psz ); p_sys->psz_title = psz;
i_skip -= i_len; i_skip -= i_len;
} }
i_skip -= 2; i_skip -= 2;
...@@ -832,10 +831,9 @@ static int HeaderRead( demux_t *p_demux ) ...@@ -832,10 +831,9 @@ static int HeaderRead( demux_t *p_demux )
stream_Read( p_demux->s, psz, i_len ); stream_Read( p_demux->s, psz, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - author=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_artist, psz ); msg_Dbg( p_demux, " - author=`%s'", psz );
free( psz ); p_sys->psz_artist = psz;
i_skip -= i_len; i_skip -= i_len;
} }
i_skip -= 2; i_skip -= 2;
...@@ -847,10 +845,9 @@ static int HeaderRead( demux_t *p_demux ) ...@@ -847,10 +845,9 @@ static int HeaderRead( demux_t *p_demux )
stream_Read( p_demux->s, psz, i_len ); stream_Read( p_demux->s, psz, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - copyright=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_copyright, psz ); msg_Dbg( p_demux, " - copyright=`%s'", psz );
free( psz ); p_sys->psz_copyright = psz;
i_skip -= i_len; i_skip -= i_len;
} }
i_skip -= 2; i_skip -= 2;
...@@ -862,10 +859,9 @@ static int HeaderRead( demux_t *p_demux ) ...@@ -862,10 +859,9 @@ static int HeaderRead( demux_t *p_demux )
stream_Read( p_demux->s, psz, i_len ); stream_Read( p_demux->s, psz, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - comment=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_description, psz ); msg_Dbg( p_demux, " - comment=`%s'", psz );
free( psz ); p_sys->psz_description = psz;
i_skip -= i_len; i_skip -= i_len;
} }
i_skip -= 2; i_skip -= 2;
...@@ -1048,10 +1044,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num ) ...@@ -1048,10 +1044,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num )
memcpy( psz, p_peek, i_len ); memcpy( psz, p_peek, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - title=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_title, psz ); msg_Dbg( p_demux, " - title=`%s'", psz );
free( psz ); p_sys->psz_title = psz;
} }
p_peek += i_len; p_peek += i_len;
...@@ -1063,10 +1058,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num ) ...@@ -1063,10 +1058,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num )
memcpy( psz, p_peek, i_len ); memcpy( psz, p_peek, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - artist=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_artist, psz ); msg_Dbg( p_demux, " - artist=`%s'", psz );
free( psz ); p_sys->psz_artist = psz;
} }
p_peek += i_len; p_peek += i_len;
...@@ -1078,10 +1072,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num ) ...@@ -1078,10 +1072,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num )
memcpy( psz, p_peek, i_len ); memcpy( psz, p_peek, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - Copyright=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_copyright, psz ); msg_Dbg( p_demux, " - Copyright=`%s'", psz );
free( psz ); p_sys->psz_copyright = psz;
} }
p_peek += i_len; p_peek += i_len;
...@@ -1093,10 +1086,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num ) ...@@ -1093,10 +1086,9 @@ static int ReadCodecSpecificData( demux_t *p_demux, int i_len, int i_num )
memcpy( psz, p_peek, i_len ); memcpy( psz, p_peek, i_len );
psz[i_len] = '\0'; psz[i_len] = '\0';
msg_Dbg( p_demux, " - Comment=`%s'", psz );
EnsureUTF8( psz ); EnsureUTF8( psz );
asprintf( &p_sys->psz_description, psz ); msg_Dbg( p_demux, " - Comment=`%s'", psz );
free( psz ); p_sys->psz_description = psz;
} }
/* This might be unusefull */ /* This might be unusefull */
p_peek += i_len; p_peek += i_len;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment