Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
ac824333
Commit
ac824333
authored
Mar 06, 2010
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Thread-safe random numbers for session IDs
parent
8d00d8b7
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
10 additions
and
5 deletions
+10
-5
modules/misc/rtsp.c
modules/misc/rtsp.c
+5
-2
modules/stream_out/rtsp.c
modules/stream_out/rtsp.c
+2
-2
src/network/httpd.c
src/network/httpd.c
+3
-1
No files found.
modules/misc/rtsp.c
View file @
ac824333
...
...
@@ -42,6 +42,7 @@
#include <vlc_network.h>
#include <vlc_charset.h>
#include <vlc_strings.h>
#include <vlc_rand.h>
#ifndef WIN32
# include <locale.h>
...
...
@@ -1019,7 +1020,8 @@ static int RtspCallback( httpd_callback_sys_t *p_args, httpd_client_t *cl,
answer
->
p_body
=
NULL
;
break
;
}
if
(
asprintf
(
&
psz_new
,
"%d"
,
rand
()
)
<
0
)
#warning Should use secure randomness here! (spoofing risk)
if
(
asprintf
(
&
psz_new
,
"%lu"
,
vlc_mrand48
()
)
<
0
)
return
VLC_ENOMEM
;
psz_session
=
psz_new
;
...
...
@@ -1358,7 +1360,8 @@ static int RtspCallbackES( httpd_callback_sys_t *p_args, httpd_client_t *cl,
answer
->
p_body
=
NULL
;
break
;
}
if
(
asprintf
(
&
psz_new
,
"%d"
,
rand
()
)
<
0
)
#warning Session ID should be securely random (spoofing risk)
if
(
asprintf
(
&
psz_new
,
"%lu"
,
vlc_mrand48
()
)
<
0
)
return
VLC_ENOMEM
;
psz_session
=
psz_new
;
...
...
modules/stream_out/rtsp.c
View file @
ac824333
...
...
@@ -538,8 +538,8 @@ static int RtspHandler( rtsp_stream_t *rtsp, rtsp_stream_id_t *id,
if
(
psz_session
==
NULL
)
{
/* Create a dummy session ID */
snprintf
(
psz_sesbuf
,
sizeof
(
psz_sesbuf
),
"%
d
"
,
rand
()
);
snprintf
(
psz_sesbuf
,
sizeof
(
psz_sesbuf
),
"%
lu
"
,
vlc_mrand48
()
);
psz_session
=
psz_sesbuf
;
}
answer
->
i_status
=
200
;
...
...
src/network/httpd.c
View file @
ac824333
...
...
@@ -36,6 +36,7 @@
#include <vlc_tls.h>
#include <vlc_acl.h>
#include <vlc_strings.h>
#include <vlc_rand.h>
#include "../libvlc.h"
#include <string.h>
...
...
@@ -825,7 +826,8 @@ static int httpd_StreamCallBack( httpd_callback_sys_t *p_sys,
"application/octet-stream"
);
httpd_MsgAdd
(
answer
,
"Server"
,
"Cougar 4.1.0.3921"
);
httpd_MsgAdd
(
answer
,
"Pragma"
,
"no-cache"
);
httpd_MsgAdd
(
answer
,
"Pragma"
,
"client-id=%d"
,
rand
()
&
0x7fff
);
httpd_MsgAdd
(
answer
,
"Pragma"
,
"client-id=%lu"
,
vlc_mrand48
()
&
0x7fff
);
httpd_MsgAdd
(
answer
,
"Pragma"
,
"features=
\"
broadcast
\"
"
);
/* Check if there is a xPlayStrm=1 */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment