[FFmpeg-devel] [PATCH] avformat/hlsenc: fix CID 1405135

Rodger Combs rodger.combs at gmail.com
Wed Apr 26 09:11:56 EEST 2017


> On Apr 25, 2017, at 18:47, Steven Liu <lq at chinaffmpeg.org> wrote:
> 
> CID: 1405135

I have no idea what this message is supposed to mean.

> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavformat/hlsenc.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
> index 3ec0f330fb..b7aafb73da 100644
> --- a/libavformat/hlsenc.c
> +++ b/libavformat/hlsenc.c
> @@ -394,11 +394,11 @@ static int do_encrypt(AVFormatContext *s)
>     av_strlcat(hls->key_basename, ".key", len);
> 
>     if (hls->key_url) {
> -        strncpy(hls->key_file, hls->key_url, sizeof(hls->key_file));
> -        strncpy(hls->key_uri, hls->key_url, sizeof(hls->key_uri));
> +        av_strlcpy(hls->key_file, hls->key_url, strlen(hls->key_url));
> +        av_strlcpy(hls->key_uri, hls->key_url, strlen(hls->key_url));

Changing this to av_strlcpy makes sense, but using strlen() here replaces a DoS vulnerability with a memory-corruption one. Use sizeof() like the original code in all 4 cases.

>     } else {
> -        strncpy(hls->key_file, hls->key_basename, sizeof(hls->key_file));
> -        strncpy(hls->key_uri, hls->key_basename, sizeof(hls->key_uri));
> +        av_strlcpy(hls->key_file, hls->key_basename, strlen(hls->key_basename));
> +        av_strlcpy(hls->key_uri, hls->key_basename, strlen(hls->key_basename));
>     }
> 
>     if (!*hls->iv_string) {
> -- 
> 2.11.0 (Apple Git-81)
> 
> 
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel



More information about the ffmpeg-devel mailing list