--- stream/realrtsp/real.c.orig 2007-03-02 08:24:00.000000000 -0500 +++ stream/realrtsp/real.c 2007-03-02 13:55:44.000000000 -0500 @@ -56,7 +56,8 @@ static const unsigned char xor_table[] = 0x63, 0x11, 0x03, 0x71, 0x08, 0x08, 0x70, 0x02, 0x10, 0x57, 0x05, 0x18, 0x54, 0x00, 0x00, 0x00 }; - +#define CHALLENGE_SIZE 64 +#define CHECKSUM_SIZE 34 #define BUF_SIZE 4096 #ifdef LOG @@ -87,7 +88,7 @@ static void calc_response_string (char * char zres[16]; int i; - av_md5_sum(zres, challenge, 64); + av_md5_sum(zres, challenge, CHALLENGE_SIZE); /* convert zres to ascii string */ for (i=0; i<16; i++ ) { @@ -109,11 +110,11 @@ static void real_calc_response_and_check char buf[128]; /* initialize return values */ - memset(response, 0, 64); - memset(chksum, 0, 34); + memset(response, 0, CHALLENGE_SIZE); + memset(chksum, 0, CHECKSUM_SIZE); /* initialize buffer */ - memset(buf, 0, 128); + memset(buf, 0, sizeof(buf)); ptr=buf; AV_WB32(ptr, 0xa1e9149d); ptr+=4; @@ -148,7 +149,7 @@ static void real_calc_response_and_check /* add tail */ resp_len = strlen (response); - strcpy (&response[resp_len], "01d0a8e3"); + strlcpy (response + resp_len, "01d0a8e3", CHALLENGE_SIZE - resp_len); /* calculate checksum */ for (i=0; istream[i]->stream_id); #endif - sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]); - *stream_rules = xbuffer_strcat(*stream_rules, b); + snprintf(b, sizeof(b), "stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]); + *stream_rules = xbuffer_ensure_size(*stream_rules, strlen(*stream_rules)+strlen(b)+1); + strlcat(*stream_rules, b, strlen(*stream_rules)+strlen(b)+1); } if (!desc->stream[i]->mlti_data) { @@ -443,8 +445,8 @@ rmff_header_t *real_setup_and_get_header char *session_id=NULL; rmff_header_t *h; char *challenge1; - char challenge2[64]; - char checksum[34]; + char challenge2[CHALLENGE_SIZE]; + char checksum[CHECKSUM_SIZE]; char *subscribe; char *buf = xbuffer_init(256); char *mrl=rtsp_get_mrl(rtsp_session); @@ -466,7 +468,7 @@ rmff_header_t *real_setup_and_get_header /* request stream description */ rtsp_send_describe: rtsp_schedule_field(rtsp_session, "Accept: application/sdp"); - sprintf(buf, "Bandwidth: %u", bandwidth); + snprintf(buf, 256, "Bandwidth: %u", bandwidth); rtsp_schedule_field(rtsp_session, buf); rtsp_schedule_field(rtsp_session, "GUID: 00000000-0000-0000-0000-000000000000"); rtsp_schedule_field(rtsp_session, "RegionData: 0"); @@ -501,9 +503,9 @@ rtsp_send_describe: } authlen = strlen(username) + (password ? strlen(password) : 0) + 2; authstr = malloc(authlen); - sprintf(authstr, "%s:%s", username, password ? password : ""); + snprintf(authstr, authlen, "%s:%s", username, password ? password : ""); authfield = malloc(authlen*2+22); - strcpy(authfield, "Authorization: Basic "); + strlcpy(authfield, "Authorization: Basic ", authlen*2+22); b64_authlen = base64_encode(authstr, authlen, authfield+21, authlen*2); free(authstr); if (b64_authlen < 0) { @@ -564,7 +566,7 @@ autherr: /* parse sdp (sdpplin) and create a header and a subscribe string */ subscribe = xbuffer_init(256); - strcpy(subscribe, "Subscribe: "); + strlcpy(subscribe, "Subscribe: ", 256); h=real_parse_sdp(description, &subscribe, bandwidth); if (!h) { subscribe = xbuffer_free(subscribe); --- stream/realrtsp/xbuffer.h.orig 2007-03-02 09:22:14.000000000 -0500 +++ stream/realrtsp/xbuffer.h 2007-03-02 09:22:37.000000000 -0500 @@ -21,6 +21,5 @@ void *xbuffer_init(int chunk_size); void *xbuffer_free(void *buf); void *xbuffer_copyin(void *buf, int index, const void *data, int len); void *xbuffer_ensure_size(void *buf, int size); -void *xbuffer_strcat(void *buf, char *data); #endif --- stream/realrtsp/xbuffer.c.orig 2007-03-02 09:21:30.000000000 -0500 +++ stream/realrtsp/xbuffer.c 2007-03-02 09:22:22.000000000 -0500 @@ -86,17 +86,3 @@ void *xbuffer_ensure_size(void *buf, int return buf; } - - -void *xbuffer_strcat(void *buf, char *data) { - - if (!buf || !data) { - return NULL; - } - - buf = xbuffer_ensure_size(buf, strlen(buf)+strlen(data)+1); - - strcat(buf, data); - - return buf; -} --- stream/realrtsp/real.c.orig 2007-03-02 08:24:00.000000000 -0500 +++ stream/realrtsp/real.c 2007-03-02 13:55:44.000000000 -0500 @@ -56,7 +56,8 @@ static const unsigned char xor_table[] = 0x63, 0x11, 0x03, 0x71, 0x08, 0x08, 0x70, 0x02, 0x10, 0x57, 0x05, 0x18, 0x54, 0x00, 0x00, 0x00 }; - +#define CHALLENGE_SIZE 64 +#define CHECKSUM_SIZE 34 #define BUF_SIZE 4096 #ifdef LOG @@ -87,7 +88,7 @@ static void calc_response_string (char * char zres[16]; int i; - av_md5_sum(zres, challenge, 64); + av_md5_sum(zres, challenge, CHALLENGE_SIZE); /* convert zres to ascii string */ for (i=0; i<16; i++ ) { @@ -109,11 +110,11 @@ static void real_calc_response_and_check char buf[128]; /* initialize return values */ - memset(response, 0, 64); - memset(chksum, 0, 34); + memset(response, 0, CHALLENGE_SIZE); + memset(chksum, 0, CHECKSUM_SIZE); /* initialize buffer */ - memset(buf, 0, 128); + memset(buf, 0, sizeof(buf)); ptr=buf; AV_WB32(ptr, 0xa1e9149d); ptr+=4; @@ -148,7 +149,7 @@ static void real_calc_response_and_check /* add tail */ resp_len = strlen (response); - strcpy (&response[resp_len], "01d0a8e3"); + strlcpy (response + resp_len, "01d0a8e3", CHALLENGE_SIZE - resp_len); /* calculate checksum */ for (i=0; istream[i]->stream_id); #endif - sprintf(b,"stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]); - *stream_rules = xbuffer_strcat(*stream_rules, b); + snprintf(b, sizeof(b), "stream=%u;rule=%u,", desc->stream[i]->stream_id, rulematches[j]); + *stream_rules = xbuffer_ensure_size(*stream_rules, strlen(*stream_rules)+strlen(b)+1); + strlcat(*stream_rules, b, strlen(*stream_rules)+strlen(b)+1); } if (!desc->stream[i]->mlti_data) { @@ -443,8 +445,8 @@ rmff_header_t *real_setup_and_get_header char *session_id=NULL; rmff_header_t *h; char *challenge1; - char challenge2[64]; - char checksum[34]; + char challenge2[CHALLENGE_SIZE]; + char checksum[CHECKSUM_SIZE]; char *subscribe; char *buf = xbuffer_init(256); char *mrl=rtsp_get_mrl(rtsp_session); @@ -466,7 +468,7 @@ rmff_header_t *real_setup_and_get_header /* request stream description */ rtsp_send_describe: rtsp_schedule_field(rtsp_session, "Accept: application/sdp"); - sprintf(buf, "Bandwidth: %u", bandwidth); + snprintf(buf, 256, "Bandwidth: %u", bandwidth); rtsp_schedule_field(rtsp_session, buf); rtsp_schedule_field(rtsp_session, "GUID: 00000000-0000-0000-0000-000000000000"); rtsp_schedule_field(rtsp_session, "RegionData: 0"); @@ -501,9 +503,9 @@ rtsp_send_describe: } authlen = strlen(username) + (password ? strlen(password) : 0) + 2; authstr = malloc(authlen); - sprintf(authstr, "%s:%s", username, password ? password : ""); + snprintf(authstr, authlen, "%s:%s", username, password ? password : ""); authfield = malloc(authlen*2+22); - strcpy(authfield, "Authorization: Basic "); + strlcpy(authfield, "Authorization: Basic ", authlen*2+22); b64_authlen = base64_encode(authstr, authlen, authfield+21, authlen*2); free(authstr); if (b64_authlen < 0) { @@ -564,7 +566,7 @@ autherr: /* parse sdp (sdpplin) and create a header and a subscribe string */ subscribe = xbuffer_init(256); - strcpy(subscribe, "Subscribe: "); + strlcpy(subscribe, "Subscribe: ", 256); h=real_parse_sdp(description, &subscribe, bandwidth); if (!h) { subscribe = xbuffer_free(subscribe); --- stream/realrtsp/xbuffer.h.orig 2007-03-02 09:22:14.000000000 -0500 +++ stream/realrtsp/xbuffer.h 2007-03-02 09:22:37.000000000 -0500 @@ -21,6 +21,5 @@ void *xbuffer_init(int chunk_size); void *xbuffer_free(void *buf); void *xbuffer_copyin(void *buf, int index, const void *data, int len); void *xbuffer_ensure_size(void *buf, int size); -void *xbuffer_strcat(void *buf, char *data); #endif --- stream/realrtsp/xbuffer.c.orig 2007-03-02 09:21:30.000000000 -0500 +++ stream/realrtsp/xbuffer.c 2007-03-02 09:22:22.000000000 -0500 @@ -86,17 +86,3 @@ void *xbuffer_ensure_size(void *buf, int return buf; } - - -void *xbuffer_strcat(void *buf, char *data) { - - if (!buf || !data) { - return NULL; - } - - buf = xbuffer_ensure_size(buf, strlen(buf)+strlen(data)+1); - - strcat(buf, data); - - return buf; -}