[FFmpeg-cvslog] rtmpproto: Check APP_MAX_LENGTH
Michael Niedermayer
git at videolan.org
Sun Mar 3 12:11:02 CET 2013
ffmpeg | branch: release/1.1 | Michael Niedermayer <michaelni at gmx.at> | Sat Feb 23 16:58:01 2013 +0100| [7327505883b11d6cf6e16576b04cc0cfa3ec9335] | committer: Michael Niedermayer
rtmpproto: Check APP_MAX_LENGTH
Fixes Ticket2292
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 02ac3398eb52679301028c2fd3ebad1b6261b4da)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7327505883b11d6cf6e16576b04cc0cfa3ec9335
---
libavformat/rtmpproto.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index 6f03dd9..fa661ee 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -2367,16 +2367,20 @@ reconnect:
fname = strchr(p + 1, '/');
if (!fname || (c && c < fname)) {
fname = p + 1;
- av_strlcpy(rt->app, path + 1, p - path);
+ av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
} else {
fname++;
- av_strlcpy(rt->app, path + 1, fname - path - 1);
+ av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
}
}
}
if (old_app) {
// The name of application has been defined by the user, override it.
+ if (strlen(old_app) >= APP_MAX_LENGTH) {
+ ret = AVERROR(EINVAL);
+ goto fail;
+ }
av_free(rt->app);
rt->app = old_app;
}
More information about the ffmpeg-cvslog
mailing list