[FFmpeg-devel] [PATCH] avformat/hlsenc: fix CID 1405135
Rodger Combs
rodger.combs at gmail.com
Wed Apr 26 09:11:56 EEST 2017
> On Apr 25, 2017, at 18:47, Steven Liu <lq at chinaffmpeg.org> wrote:
>
> CID: 1405135
I have no idea what this message is supposed to mean.
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavformat/hlsenc.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
> index 3ec0f330fb..b7aafb73da 100644
> --- a/libavformat/hlsenc.c
> +++ b/libavformat/hlsenc.c
> @@ -394,11 +394,11 @@ static int do_encrypt(AVFormatContext *s)
> av_strlcat(hls->key_basename, ".key", len);
>
> if (hls->key_url) {
> - strncpy(hls->key_file, hls->key_url, sizeof(hls->key_file));
> - strncpy(hls->key_uri, hls->key_url, sizeof(hls->key_uri));
> + av_strlcpy(hls->key_file, hls->key_url, strlen(hls->key_url));
> + av_strlcpy(hls->key_uri, hls->key_url, strlen(hls->key_url));
Changing this to av_strlcpy makes sense, but using strlen() here replaces a DoS vulnerability with a memory-corruption one. Use sizeof() like the original code in all 4 cases.
> } else {
> - strncpy(hls->key_file, hls->key_basename, sizeof(hls->key_file));
> - strncpy(hls->key_uri, hls->key_basename, sizeof(hls->key_uri));
> + av_strlcpy(hls->key_file, hls->key_basename, strlen(hls->key_basename));
> + av_strlcpy(hls->key_uri, hls->key_basename, strlen(hls->key_basename));
> }
>
> if (!*hls->iv_string) {
> --
> 2.11.0 (Apple Git-81)
>
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
More information about the ffmpeg-devel
mailing list