[FFmpeg-devel] [PATCH] change the order of params for av_init_random()

Stefano Sabatini stefano.sabatini-lala
Mon Jan 5 17:32:50 CET 2009


On date Monday 2009-01-05 17:00:50 +0100, Michael Niedermayer encoded:
> On Mon, Jan 05, 2009 at 02:44:34AM +0100, Stefano Sabatini wrote:
> [...]
> > Index: ffmpeg/ffserver.c
> > ===================================================================
> > --- ffmpeg.orig/ffserver.c	2009-01-05 02:40:48.000000000 +0100
> > +++ ffmpeg/ffserver.c	2009-01-05 02:41:00.000000000 +0100
> > @@ -4483,7 +4483,7 @@
> >  
> >      unsetenv("http_proxy");             /* Kill the http_proxy */
> >  
> > -    av_init_random(av_gettime() + (getpid() << 16), &random_state);
> > +    av_random_init(&random_state, av_gettime() + (getpid() << 16));
> >  
> >      memset(&sigact, 0, sizeof(sigact));
> >      sigact.sa_handler = handle_child_exit;
> 
> do we really have to export the pid and starttime to an attacker?

Would be this more acceptable?

Regards.
-- 
FFmpeg = Foolish Frightening Marvellous Patchable Enhanced Gargoyle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: attack-proof-ffserver.patch
Type: text/x-diff
Size: 681 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090105/f0151616/attachment.patch>



More information about the ffmpeg-devel mailing list