Commit f63666d1 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Fix remote DoS in RTSP code

parent 0edba7e0
...@@ -678,6 +678,12 @@ static int RtspCallback( httpd_callback_sys_t *p_args, httpd_client_t *cl, ...@@ -678,6 +678,12 @@ static int RtspCallback( httpd_callback_sys_t *p_args, httpd_client_t *cl,
{ {
psz_playnow = httpd_MsgGet( query, "x-playNow" ); psz_playnow = httpd_MsgGet( query, "x-playNow" );
psz_transport = httpd_MsgGet( query, "Transport" ); psz_transport = httpd_MsgGet( query, "Transport" );
if( psz_transport == NULL )
{
answer->i_status = 400;
answer->psz_status = strdup( "Bad request" );
break;
}
msg_Dbg( p_vod, "HTTPD_MSG_SETUP: transport=%s", psz_transport ); msg_Dbg( p_vod, "HTTPD_MSG_SETUP: transport=%s", psz_transport );
if( strstr( psz_transport, "unicast" ) && if( strstr( psz_transport, "unicast" ) &&
......
...@@ -1855,6 +1855,12 @@ static int RtspCallbackId( httpd_callback_sys_t *p_args, ...@@ -1855,6 +1855,12 @@ static int RtspCallbackId( httpd_callback_sys_t *p_args,
case HTTPD_MSG_SETUP: case HTTPD_MSG_SETUP:
{ {
char *psz_transport = httpd_MsgGet( query, "Transport" ); char *psz_transport = httpd_MsgGet( query, "Transport" );
if( psz_transport == NULL )
{
answer->i_status = 400;
answer->psz_status = strdup( "Bad request" );
break;
}
//fprintf( stderr, "HTTPD_MSG_SETUP: transport=%s\n", psz_transport ); //fprintf( stderr, "HTTPD_MSG_SETUP: transport=%s\n", psz_transport );
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment