--- stream/librtsp/rtsp_rtp.c.orig 2007-03-02 11:07:01.000000000 -0500 +++ stream/librtsp/rtsp_rtp.c 2007-03-02 13:54:25.000000000 -0500 @@ -91,7 +91,7 @@ rtcp_send_rr (rtsp_t *s, struct rtp_rtsp if (st->count == RTCP_SEND_FREQUENCY) { char rtcp_content[RTCP_RR_SIZE]; - strcpy (rtcp_content, RTCP_RR); + strlcpy (rtcp_content, RTCP_RR, sizeof(rtcp_content)); send (st->rtcp_socket, rtcp_content, RTCP_RR_SIZE, 0); /* ping RTSP server to keep connection alive. @@ -216,8 +216,8 @@ parse_destination (const char *line) len = strlen (parse1) - strlen (parse2) - strlen (RTSP_SETUP_DESTINATION) + 1; - dest = (char *) malloc (len + 1); - snprintf (dest, len, parse1 + strlen (RTSP_SETUP_DESTINATION)); + dest = malloc (len + 1); + snprintf (dest, len + 1, parse1 + strlen (RTSP_SETUP_DESTINATION)); free (line_copy); return dest; @@ -476,11 +476,11 @@ rtp_setup_and_play (rtsp_t *rtsp_session /* 5. set the Normal Play Time parameter * use range provided by server in SDP or start now if empty */ - sprintf (npt, RTSP_RANGE); + strlcpy (npt, RTSP_RANGE, sizeof(npt)); if (fsdp_get_range (dsc)) - strcat (npt, fsdp_get_range (dsc)); + strlcat (npt, fsdp_get_range (dsc), sizeof(npt)); else - strcat (npt, RTSP_NPT_NOW); + strlcat (npt, RTSP_NPT_NOW, sizeof(npt)); /* 5. check for a valid media stream */ med_dsc = fsdp_get_media (dsc, 0); @@ -604,7 +604,6 @@ rtp_setup_and_play (rtsp_t *rtsp_session } /* 9. create the payload for RTSP SETUP request */ - memset (temp_buf, '\0', MAX_LENGTH); snprintf (temp_buf, MAX_LENGTH, RTSP_TRANSPORT_REQUEST, is_multicast ? RTSP_TRANSPORT_MULTICAST : RTSP_TRANSPORT_UNICAST, --- stream/librtsp/rtsp.c.orig 2007-03-02 11:36:07.000000000 -0500 +++ stream/librtsp/rtsp.c 2007-03-02 13:52:59.000000000 -0500 @@ -272,10 +272,11 @@ static void rtsp_send_request(rtsp_t *s, char **payload=s->scheduled; char *buf; + size_t len = strlen(type)+strlen(what)+strlen(RTSP_PROTOCOL_VERSION)+3; - buf = malloc(strlen(type)+strlen(what)+strlen(RTSP_PROTOCOL_VERSION)+3); + buf = malloc(len); - sprintf(buf,"%s %s %s",type, what, RTSP_PROTOCOL_VERSION); + snprintf(buf,len,"%s %s %s",type, what, RTSP_PROTOCOL_VERSION); rtsp_put(s,buf); free(buf); if (payload) @@ -295,13 +296,14 @@ static void rtsp_schedule_standard(rtsp_ char tmp[17]; - snprintf(tmp, 17, "CSeq: %u", s->cseq); + snprintf(tmp, sizeof(tmp), "CSeq: %u", s->cseq); rtsp_schedule_field(s, tmp); if (s->session) { char *buf; - buf = malloc(strlen(s->session)+15); - sprintf(buf, "Session: %s", s->session); + size_t len = strlen(s->session)+15; + buf = malloc(len); + snprintf(buf, len, "Session: %s", s->session); rtsp_schedule_field(s, buf); free(buf); } @@ -386,7 +388,7 @@ int rtsp_send_ok(rtsp_t *s) { char cseq[16]; rtsp_put(s, "RTSP/1.0 200 OK"); - sprintf(cseq,"CSeq: %u", s->cseq); + snprintf(cseq, sizeof(cseq), "CSeq: %u", s->cseq); rtsp_put(s, cseq); rtsp_put(s, ""); return 0; @@ -400,13 +402,15 @@ int rtsp_send_ok(rtsp_t *s) { int rtsp_request_options(rtsp_t *s, const char *what) { char *buf; + size_t len; if (what) { buf=strdup(what); } else { - buf=malloc(strlen(s->host)+16); - sprintf(buf,"rtsp://%s:%i", s->host, s->port); + len = strlen(s->host)+16; + buf=malloc(len); + snprintf(buf, len, "rtsp://%s:%i", s->host, s->port); } rtsp_send_request(s,RTSP_METHOD_OPTIONS,buf); free(buf); @@ -417,13 +421,15 @@ int rtsp_request_options(rtsp_t *s, cons int rtsp_request_describe(rtsp_t *s, const char *what) { char *buf; + size_t len; if (what) { buf=strdup(what); } else { - buf=malloc(strlen(s->host)+strlen(s->path)+16); - sprintf(buf,"rtsp://%s:%i/%s", s->host, s->port, s->path); + len = strlen(s->host)+strlen(s->path)+16; + buf=malloc(len); + snprintf(buf, len, "rtsp://%s:%i/%s", s->host, s->port, s->path); } rtsp_send_request(s,RTSP_METHOD_DESCRIBE,buf); free(buf); @@ -444,7 +450,7 @@ int rtsp_request_setup(rtsp_t *s, const len += strlen (control) + 1; buf = malloc (len); - sprintf (buf, "rtsp://%s:%i/%s%s%s", s->host, s->port, s->path, + snprintf (buf, len, "rtsp://%s:%i/%s%s%s", s->host, s->port, s->path, control ? "/" : "", control ? control : ""); } @@ -456,13 +462,15 @@ int rtsp_request_setup(rtsp_t *s, const int rtsp_request_setparameter(rtsp_t *s, const char *what) { char *buf; + size_t len; if (what) { buf=strdup(what); } else { - buf=malloc(strlen(s->host)+strlen(s->path)+16); - sprintf(buf,"rtsp://%s:%i/%s", s->host, s->port, s->path); + len = strlen(s->host)+strlen(s->path)+16; + buf=malloc(len); + snprintf(buf, len, "rtsp://%s:%i/%s", s->host, s->port, s->path); } rtsp_send_request(s,RTSP_METHOD_SET_PARAMETER,buf); free(buf); @@ -474,13 +482,15 @@ int rtsp_request_play(rtsp_t *s, const c char *buf; int ret; + size_t len; if (what) { buf=strdup(what); } else { - buf=malloc(strlen(s->host)+strlen(s->path)+16); - sprintf(buf,"rtsp://%s:%i/%s", s->host, s->port, s->path); + len = strlen(s->host)+strlen(s->path)+16; + buf=malloc(len); + snprintf(buf, len, "rtsp://%s:%i/%s", s->host, s->port, s->path); } rtsp_send_request(s,RTSP_METHOD_PLAY,buf); free(buf); @@ -495,14 +505,15 @@ int rtsp_request_play(rtsp_t *s, const c int rtsp_request_teardown(rtsp_t *s, const char *what) { char *buf; + size_t len; if (what) buf = strdup (what); else { - buf = - malloc (strlen (s->host) + strlen (s->path) + 16); - sprintf (buf, "rtsp://%s:%i/%s", s->host, s->port, s->path); + len = strlen (s->host) + strlen (s->path) + 16; + buf = malloc (len); + snprintf (buf, len, "rtsp://%s:%i/%s", s->host, s->port, s->path); } rtsp_send_request (s, RTSP_METHOD_TEARDOWN, buf); free (buf); @@ -549,7 +560,7 @@ int rtsp_read_data(rtsp_t *s, char *buff /* let's make the server happy */ rtsp_put(s, "RTSP/1.0 451 Parameter Not Understood"); rest=malloc(17); - sprintf(rest,"CSeq: %u", seq); + snprintf(rest, 17, "CSeq: %u", seq); rtsp_put(s, rest); free(rest); rtsp_put(s, "");