[FFmpeg-trac] #9499(avformat:new): The libamqp.c file has a plaintext password, and the amqp network protocol has security problems.
FFmpeg
trac at avcodec.org
Sat Nov 6 10:51:27 EET 2021
#9499: The libamqp.c file has a plaintext password, and the amqp network protocol
has security problems.
-------------------------------------+-------------------------------------
Reporter: wujian | Type: defect
Status: new | Priority: normal
Component: avformat | Version:
Keywords: amqp | unspecified
network protocol security | Blocked By:
problems |
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
How to reproduce:
{{{
if (!password || *password == '\0')
'''password = "guest";'''
password_decoded = ff_urldecode(password, 0);
if (!password_decoded)
return AVERROR(ENOMEM);
user = credentials;
if (*user == '\0')
'''user = "guest";'''
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9499>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list