[FFmpeg-devel] Correctly fill the SSRC field in RTP packets
Luca Abeni
lucabe72
Wed Mar 26 08:23:10 CET 2008
Hi Michael,
Michael Niedermayer wrote:
[...]
>>> @@ -60,7 +60,7 @@
>>> s->base_timestamp = 0; /* FIXME: was random(), what should this be? */
>>> s->timestamp = s->base_timestamp;
>>> s->cur_timestamp = 0;
>>> - s->ssrc = 0; /* FIXME: was random(), what should this be? */
>>> + s->ssrc = (int)s;
>> NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!
>> insanity ...
>> you are leaking information VERY usefull for an exploit.
>> and no whatever_random_number_generator(seed=(int)s) is equally bad for the
>> exact same reason.
>
> To explain why exactly this is bad, think of grsec which amongth other things
> randomizes the location of the heap...
[...]
Ok, thanks for the explanation. I feared that this was a security leak, but
I could not see where the problem was. I obviously withdraw the patch (Reimar
already convinced me that it is not a good idea).
If it will turn out that setting SSRC to 0 causes some real problems, I'll
try a different approach.
Thanks,
Luca
More information about the ffmpeg-devel
mailing list