[vlc-devel] [PATCH] Stop realm variable in modules/access/http.c from being freed too early.

Rémi Denis-Courmont remi at remlab.net
Thu May 7 17:38:30 CEST 2020 

	Hi,

Le torstaina 7. toukokuuta 2020, 18.27.05 EEST Aaron Wyatt via vlc-devel a 
écrit :
> Fix to stop the realm variable in modules/access/http.c from being freed
> before credentials are stored using the keystore module. (Prevents
> keystore modules from creating multiple entries with keys based on junk
> data.)
> 
> Aaron
> 
> ---
>   modules/access/http.c | 11 ++++++++++-
>   1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/modules/access/http.c b/modules/access/http.c
> index 4384e2b0a3..b4645c0f4e 100644
> --- a/modules/access/http.c
> +++ b/modules/access/http.c
> @@ -142,6 +142,7 @@ static int Open( vlc_object_t *p_this )
>       char *psz;
>       int ret = VLC_EGENERIC;
>       vlc_credential credential;
> +    char *psz_realm;
>        access_sys_t *p_sys = vlc_obj_malloc( p_this, sizeof(*p_sys) );
>       if( unlikely(p_sys == NULL) )
> @@ -166,6 +167,7 @@ static int Open( vlc_object_t *p_this )
>       p_sys->offset = 0;
>       p_sys->size = 0;
>       p_access->p_sys = p_sys;
> +    psz_realm = NULL;
>        if( vlc_UrlParse( &p_sys->url, psz_url ) || p_sys->url.psz_host
> == NULL )
>       {
> @@ -298,7 +300,10 @@ connect:
>           msg_Dbg( p_access, "authentication failed for realm %s",
>                    p_sys->auth.psz_realm );
>   -        credential.psz_realm = p_sys->auth.psz_realm;
> +        free( psz_realm );
> +        psz_realm = malloc( strlen( p_sys->auth.psz_realm ) + 1 );
> +        strcpy( psz_realm, p_sys->auth.psz_realm );
> +        credential.psz_realm = psz_realm;

strdup()

>           credential.psz_authtype = p_sys->auth.psz_nonce  ? "Digest" :
> "Basic";
>            if( vlc_credential_get( &credential, p_access, NULL, NULL,
> @@ -339,6 +344,8 @@ connect:
>       p_access->pf_control = Control;
>       p_access->pf_seek = Seek;
>   +    free( psz_realm );
> +    psz_realm = NULL;
>       vlc_credential_clean( &credential );
>        return VLC_SUCCESS;
> @@ -347,6 +354,8 @@ disconnect:
>       Disconnect( p_access );
>    error:
> +    free( psz_realm );
> +    psz_realm = NULL;
>       vlc_credential_clean( &credential );
>       vlc_UrlClean( &p_sys->url );
>       if( p_sys->b_proxy )


-- 
Реми Дёни-Курмон
http://www.remlab.net/

More information about the vlc-devel mailing list