Skip to content

V
vlc-gpu
Commit ac824333 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files
Options

Thread-safe random numbers for session IDs

parent 8d00d8b7
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 5 deletions
modules/misc/rtsp.c
View file @ ac824333
...@@ -42,6 +42,7 @@ ...@@ -42,6 +42,7 @@
#include <vlc_network.h> #include <vlc_network.h>
#include <vlc_charset.h> #include <vlc_charset.h>
#include <vlc_strings.h> #include <vlc_strings.h>
#include <vlc_rand.h>
#ifndef WIN32 #ifndef WIN32
# include <locale.h> # include <locale.h>
...@@ -1019,7 +1020,8 @@ static int RtspCallback( httpd_callback_sys_t *p_args, httpd_client_t *cl, ...@@ -1019,7 +1020,8 @@ static int RtspCallback( httpd_callback_sys_t *p_args, httpd_client_t *cl,
answer->p_body = NULL; answer->p_body = NULL;
break; break;
} }
if( asprintf( &psz_new, "%d", rand() ) < 0 ) #warning Should use secure randomness here! (spoofing risk)
if( asprintf( &psz_new, "%lu", vlc_mrand48() ) < 0 )
return VLC_ENOMEM; return VLC_ENOMEM;
psz_session = psz_new; psz_session = psz_new;
...@@ -1358,7 +1360,8 @@ static int RtspCallbackES( httpd_callback_sys_t *p_args, httpd_client_t *cl, ...@@ -1358,7 +1360,8 @@ static int RtspCallbackES( httpd_callback_sys_t *p_args, httpd_client_t *cl,
answer->p_body = NULL; answer->p_body = NULL;
break; break;
} }
if( asprintf( &psz_new, "%d", rand() ) < 0 ) #warning Session ID should be securely random (spoofing risk)
if( asprintf( &psz_new, "%lu", vlc_mrand48() ) < 0 )
return VLC_ENOMEM; return VLC_ENOMEM;
psz_session = psz_new; psz_session = psz_new;
......
modules/stream_out/rtsp.c
View file @ ac824333
...@@ -538,8 +538,8 @@ static int RtspHandler( rtsp_stream_t *rtsp, rtsp_stream_id_t *id, ...@@ -538,8 +538,8 @@ static int RtspHandler( rtsp_stream_t *rtsp, rtsp_stream_id_t *id,
if( psz_session == NULL ) if( psz_session == NULL )
{ {
/* Create a dummy session ID */ /* Create a dummy session ID */
snprintf( psz_sesbuf, sizeof( psz_sesbuf ), "%d", snprintf( psz_sesbuf, sizeof( psz_sesbuf ), "%lu",
rand() ); vlc_mrand48() );
psz_session = psz_sesbuf; psz_session = psz_sesbuf;
} }
answer->i_status = 200; answer->i_status = 200;
......
src/network/httpd.c
View file @ ac824333
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#include <vlc_tls.h> #include <vlc_tls.h>
#include <vlc_acl.h> #include <vlc_acl.h>
#include <vlc_strings.h> #include <vlc_strings.h>
#include <vlc_rand.h>
#include "../libvlc.h" #include "../libvlc.h"
#include <string.h> #include <string.h>
...@@ -825,7 +826,8 @@ static int httpd_StreamCallBack( httpd_callback_sys_t *p_sys, ...@@ -825,7 +826,8 @@ static int httpd_StreamCallBack( httpd_callback_sys_t *p_sys,
"application/octet-stream" ); "application/octet-stream" );
httpd_MsgAdd( answer, "Server", "Cougar 4.1.0.3921" ); httpd_MsgAdd( answer, "Server", "Cougar 4.1.0.3921" );
httpd_MsgAdd( answer, "Pragma", "no-cache" ); httpd_MsgAdd( answer, "Pragma", "no-cache" );
httpd_MsgAdd( answer, "Pragma", "client-id=%d", rand()&0x7fff ); httpd_MsgAdd( answer, "Pragma", "client-id=%lu",
vlc_mrand48()&0x7fff );
httpd_MsgAdd( answer, "Pragma", "features=\"broadcast\"" ); httpd_MsgAdd( answer, "Pragma", "features=\"broadcast\"" );
/* Check if there is a xPlayStrm=1 */ /* Check if there is a xPlayStrm=1 */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment