Skip to content

V
vlc
Commit 377b93ef authored by Francois Cartegnie's avatar Francois Cartegnie
Browse files
Options

access: mmstu: check command length before parsing

parent 90ceeec6
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 1 deletion
modules/access/mms/mmstu.c
View file @ 377b93ef
...@@ -543,7 +543,7 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto ) ...@@ -543,7 +543,7 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
buffer.p_data, buffer.p_data,
buffer.i_data ); buffer.i_data );
if( mms_CommandRead( p_access, 0x01, 0 ) < 0 ) if( mms_CommandRead( p_access, 0x01, 0 ) < 0 || p_sys->i_cmd < MMS_CMD_HEADERSIZE + 48 )
{ {
var_buffer_free( &buffer ); var_buffer_free( &buffer );
MMSClose( p_access ); MMSClose( p_access );
...@@ -682,6 +682,13 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto ) ...@@ -682,6 +682,13 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
return( -1 ); return( -1 );
} }
if( p_sys->i_cmd < MMS_CMD_HEADERSIZE + 64 )
{
var_buffer_free( &buffer );
MMSClose( p_access );
return VLC_EBADVAR;
}
/* 1 for file ok, 2 for authen ok */ /* 1 for file ok, 2 for authen ok */
switch( GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE ) ) switch( GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE ) )
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment