[FFmpeg-devel] [PATCH][GSoC] lavf/http: Parse and set HTTP method when listening on HTTP(S)

Nicolas George george at nsup.org
Fri May 29 19:10:45 CEST 2015


Le decadi 10 prairial, an CCXXIII, Stephan Holljes a écrit :
> From 33a479200b9a941d0783d941c6ea68f8b85cc4de Mon Sep 17 00:00:00 2001
> From: Stephan Holljes <klaxa1337 at googlemail.com>
> Date: Fri, 29 May 2015 16:47:11 +0200
> Subject: [PATCH] lavf/http: Parse and set HTTP method when listening on
>  HTTP(S)
> 
> Signed-off-by: Stephan Holljes <klaxa1337 at googlemail.com>
> ---
>  libavformat/http.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/libavformat/http.c b/libavformat/http.c
> index 4f6716a..c73734f 100644
> --- a/libavformat/http.c
> +++ b/libavformat/http.c
> @@ -556,6 +556,12 @@ static int process_line(URLContext *h, char *line, int line_count,
>  
>      p = line;
>      if (line_count == 0) {
> +        if (s->listen) {
> +            while (!av_isspace(*p))
> +                p++;
> +            if (!(s->method = av_strndup(line, p - line)))
> +                return AVERROR(ENOMEM);

If method is already set, it overwrites it and therefore the old value
leaks.

> +        }
>          while (!av_isspace(*p) && *p != '\0')
>              p++;
>          while (av_isspace(*p))

It looks like there is client code after the if clause, it should probably
not be executed for the server side. A malicious request could even get
check_http_code() to return an error.

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150529/17423e22/attachment.asc>


More information about the ffmpeg-devel mailing list