[FFmpeg-cvslog] rtmpproto: Check APP_MAX_LENGTH

Michael Niedermayer git at videolan.org
Sat Feb 23 17:19:20 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Feb 23 16:58:01 2013 +0100| [02ac3398eb52679301028c2fd3ebad1b6261b4da] | committer: Michael Niedermayer

rtmpproto: Check APP_MAX_LENGTH

Fixes Ticket2292

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=02ac3398eb52679301028c2fd3ebad1b6261b4da
---

 libavformat/rtmpproto.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c
index 6f03dd9..fa661ee 100644
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -2367,16 +2367,20 @@ reconnect:
             fname = strchr(p + 1, '/');
             if (!fname || (c && c < fname)) {
                 fname = p + 1;
-                av_strlcpy(rt->app, path + 1, p - path);
+                av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
             } else {
                 fname++;
-                av_strlcpy(rt->app, path + 1, fname - path - 1);
+                av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
             }
         }
     }
 
     if (old_app) {
         // The name of application has been defined by the user, override it.
+        if (strlen(old_app) >= APP_MAX_LENGTH) {
+            ret = AVERROR(EINVAL);
+            goto fail;
+        }
         av_free(rt->app);
         rt->app = old_app;
     }



More information about the ffmpeg-cvslog mailing list