Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
4ec49559
Commit
4ec49559
authored
Jun 28, 2006
by
Derk-Jan Hartman
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
* Fix a potential buffer overflow,
UTF-8
'ify session name in a previous unhandled case.
parent
20acaecf
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
13 additions
and
10 deletions
+13
-10
modules/services_discovery/sap.c
modules/services_discovery/sap.c
+13
-10
No files found.
modules/services_discovery/sap.c
View file @
4ec49559
...
@@ -284,9 +284,6 @@ static int Open( vlc_object_t *p_this )
...
@@ -284,9 +284,6 @@ static int Open( vlc_object_t *p_this )
services_discovery_sys_t
*
p_sys
=
(
services_discovery_sys_t
*
)
services_discovery_sys_t
*
p_sys
=
(
services_discovery_sys_t
*
)
malloc
(
sizeof
(
services_discovery_sys_t
)
);
malloc
(
sizeof
(
services_discovery_sys_t
)
);
playlist_view_t
*
p_view
;
vlc_value_t
val
;
p_sys
->
i_timeout
=
var_CreateGetInteger
(
p_sd
,
"sap-timeout"
);
p_sys
->
i_timeout
=
var_CreateGetInteger
(
p_sd
,
"sap-timeout"
);
p_sd
->
pf_run
=
Run
;
p_sd
->
pf_run
=
Run
;
...
@@ -579,7 +576,7 @@ static int Demux( demux_t *p_demux )
...
@@ -579,7 +576,7 @@ static int Demux( demux_t *p_demux )
FIND_ANYWHERE
);
FIND_ANYWHERE
);
/* TODO FIXME !! Add at the correct place */
/* TODO FIXME !! Add at the correct place */
playlist_PlaylistAdd
(
p_playlist
,
p_sdp
->
psz_uri
,
p_sdp
->
psz_sessionname
,
playlist_PlaylistAdd
(
p_playlist
,
p_sdp
->
psz_uri
,
EnsureUTF8
(
p_sdp
->
psz_sessionname
)
,
PLAYLIST_APPEND
,
PLAYLIST_END
);
PLAYLIST_APPEND
,
PLAYLIST_END
);
vlc_object_release
(
p_playlist
);
vlc_object_release
(
p_playlist
);
...
@@ -602,6 +599,7 @@ static int ParseSAP( services_discovery_t *p_sd, uint8_t *p_buffer, int i_read )
...
@@ -602,6 +599,7 @@ static int ParseSAP( services_discovery_t *p_sd, uint8_t *p_buffer, int i_read )
{
{
int
i_version
,
i_address_type
,
i_hash
,
i
;
int
i_version
,
i_address_type
,
i_hash
,
i
;
char
*
psz_sdp
,
*
psz_foo
,
*
psz_initial_sdp
;
char
*
psz_sdp
,
*
psz_foo
,
*
psz_initial_sdp
;
uint8_t
*
p_decompressed_buffer
=
NULL
;
sdp_t
*
p_sdp
;
sdp_t
*
p_sdp
;
vlc_bool_t
b_compressed
;
vlc_bool_t
b_compressed
;
vlc_bool_t
b_need_delete
=
VLC_FALSE
;
vlc_bool_t
b_need_delete
=
VLC_FALSE
;
...
@@ -668,16 +666,20 @@ static int ParseSAP( services_discovery_t *p_sd, uint8_t *p_buffer, int i_read )
...
@@ -668,16 +666,20 @@ static int ParseSAP( services_discovery_t *p_sd, uint8_t *p_buffer, int i_read )
if
(
b_compressed
)
if
(
b_compressed
)
{
{
#ifdef HAVE_ZLIB_H
#ifdef HAVE_ZLIB_H
uint8_t
*
p_decompressed_buffer
=
NULL
;
int
i_decompressed_size
;
int
i_decompressed_size
;
i_decompressed_size
=
Decompress
(
(
uint8_t
*
)
psz_sdp
,
i_decompressed_size
=
Decompress
(
(
uint8_t
*
)
psz_sdp
,
&
p_decompressed_buffer
,
i_read
-
(
psz_sdp
-
(
char
*
)
p_buffer
)
);
&
p_decompressed_buffer
,
i_read
-
(
psz_sdp
-
(
char
*
)
p_buffer
)
);
if
(
i_decompressed_size
>
0
&&
i_decompressed_size
<
MAX_SAP_BUFFER
)
if
(
i_decompressed_size
>
0
)
{
{
memcpy
(
psz_sdp
,
p_decompressed_buffer
,
i_decompressed_size
);
psz_sdp
=
(
char
*
)
p_decompressed_buffer
;
realloc
(
p_decompressed_buffer
,
i_decompressed_size
++
);
psz_sdp
[
i_decompressed_size
]
=
'\0'
;
psz_sdp
[
i_decompressed_size
]
=
'\0'
;
free
(
p_decompressed_buffer
);
}
else
{
msg_Warn
(
p_sd
,
"decompression of sap packet failed"
);
return
VLC_EGENERIC
;
}
}
#else
#else
msg_Warn
(
p_sd
,
"ignoring compressed sap packet"
);
msg_Warn
(
p_sd
,
"ignoring compressed sap packet"
);
...
@@ -772,6 +774,7 @@ static int ParseSAP( services_discovery_t *p_sd, uint8_t *p_buffer, int i_read )
...
@@ -772,6 +774,7 @@ static int ParseSAP( services_discovery_t *p_sd, uint8_t *p_buffer, int i_read )
CreateAnnounce
(
p_sd
,
i_hash
,
p_sdp
);
CreateAnnounce
(
p_sd
,
i_hash
,
p_sdp
);
FREE
(
p_decompressed_buffer
);
return
VLC_SUCCESS
;
return
VLC_SUCCESS
;
}
}
...
@@ -879,8 +882,8 @@ static char *GetAttribute( sdp_t *p_sdp, const char *psz_search )
...
@@ -879,8 +882,8 @@ static char *GetAttribute( sdp_t *p_sdp, const char *psz_search )
/* Fill p_sdp->psz_uri */
/* Fill p_sdp->psz_uri */
static
int
ParseConnection
(
vlc_object_t
*
p_obj
,
sdp_t
*
p_sdp
)
static
int
ParseConnection
(
vlc_object_t
*
p_obj
,
sdp_t
*
p_sdp
)
{
{
char
*
psz_eof
;
char
*
psz_eof
=
NULL
;
char
*
psz_parse
;
char
*
psz_parse
=
NULL
;
char
*
psz_uri
=
NULL
;
char
*
psz_uri
=
NULL
;
char
*
psz_proto
=
NULL
;
char
*
psz_proto
=
NULL
;
char
psz_source
[
256
];
char
psz_source
[
256
];
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment