[FFmpeg-devel] Correctly fill the SSRC field in RTP packets

Michael Niedermayer michaelni
Tue Mar 25 18:27:53 CET 2008


On Tue, Mar 25, 2008 at 01:58:47PM +0100, Luca Abeni wrote:
> Hi all,
>
> I've just realized that the RTP muxer currently fills the
> SSRC field in RTP packets with 0, generating multiple RTP
> streams with the same SSRC. Unless I misread RFC3550, this
> is not ok, since different streams in the same session
> should have different SSRCs.
>
> The attached patch fills the SSRC field using the address
> of the AVFormatContext, so that different streams in the
> same session will have different SSRCs. I am posting the
> patch instead of directly committing it because I do not
> know if using the AVFormatContext address could be a problem
> for security, or if there is some other drawback. If noone
> objects, I'll commit the patch in 2 or 3 days.
[...]
> @@ -60,7 +60,7 @@
>      s->base_timestamp = 0; /* FIXME: was random(), what should this be? */
>      s->timestamp = s->base_timestamp;
>      s->cur_timestamp = 0;
> -    s->ssrc = 0; /* FIXME: was random(), what should this be? */
> +    s->ssrc = (int)s;

NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!
insanity ...
you are leaking information VERY usefull for an exploit.
and no whatever_random_number_generator(seed=(int)s) is equally bad for the
exact same reason.


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is not what we do, but why we do it that matters.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080325/a56cd01e/attachment.pgp>



More information about the ffmpeg-devel mailing list