[FFmpeg-trac] #9499(avformat:new): The libamqp.c file has a plaintext password, and the amqp network protocol has security problems.
FFmpeg
trac at avcodec.org
Sat Nov 6 10:56:49 EET 2021
#9499: The libamqp.c file has a plaintext password, and the amqp network protocol
has security problems.
-------------------------------------+-------------------------------------
Reporter: wujian | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: avformat
Version: unspecified | Resolution:
Keywords: amqp | Blocked By:
network protocol security |
problems |
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Description changed by wujian:
Old description:
> Summary of the bug:
> How to reproduce:
> {{{
> if (!password || *password == '\0')
> '''password = "guest";'''
>
> password_decoded = ff_urldecode(password, 0);
> if (!password_decoded)
> return AVERROR(ENOMEM);
>
> user = credentials;
> if (*user == '\0')
> '''user = "guest";'''
> }}}
> Patches should be submitted to the ffmpeg-devel mailing list and not this
> bug tracker.
New description:
Summary of the bug:
How to reproduce:
{{{
if (!password || *password == '\0')
password = "guest";
password_decoded = ff_urldecode(password, 0);
if (!password_decoded)
return AVERROR(ENOMEM);
user = credentials;
if (*user == '\0')
user = "guest";
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
--
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9499#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list