[FFmpeg-devel] Correctly fill the SSRC field in RTP packets

Luca Abeni lucabe72
Wed Mar 26 08:23:10 CET 2008


Hi Michael,

Michael Niedermayer wrote:
[...]
>>> @@ -60,7 +60,7 @@
>>>      s->base_timestamp = 0; /* FIXME: was random(), what should this be? */
>>>      s->timestamp = s->base_timestamp;
>>>      s->cur_timestamp = 0;
>>> -    s->ssrc = 0; /* FIXME: was random(), what should this be? */
>>> +    s->ssrc = (int)s;
>> NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!
>> insanity ...
>> you are leaking information VERY usefull for an exploit.
>> and no whatever_random_number_generator(seed=(int)s) is equally bad for the
>> exact same reason.
> 
> To explain why exactly this is bad, think of grsec which amongth other things
> randomizes the location of the heap...
[...]

Ok, thanks for the explanation. I feared that this was a security leak, but
I could not see where the problem was. I obviously withdraw the patch (Reimar
already convinced me that it is not a good idea).

If it will turn out that setting SSRC to 0 causes some real problems, I'll
try a different approach.



			Thanks,
				Luca




More information about the ffmpeg-devel mailing list