[vlc-commits] MMS: fix Stack overflow
Jean-Baptiste Kempf
git at videolan.org
Fri Mar 16 01:26:17 CET 2012
vlc/vlc-1.1 | branch: master | Jean-Baptiste Kempf <jb at videolan.org> | Thu Mar 15 17:59:33 2012 +0100| [4780f904d02696bb0f2be14055fd89cba17a5b5e] | committer: Jean-Baptiste Kempf
MMS: fix Stack overflow
SA-1201
(cherry picked from commit 3a57afee14a7f00fd6ff0cccb90a60923ccf766d)
(cherry picked from commit f5cb63575c65be2719ed8f2cad0e4dff7f288872)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.1.git/?a=commit;h=4780f904d02696bb0f2be14055fd89cba17a5b5e
---
modules/access/mms/mmstu.c | 34 ++++++++++++++++++++++++++--------
1 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c
index 655038f..7388eb6 100644
--- a/modules/access/mms/mmstu.c
+++ b/modules/access/mms/mmstu.c
@@ -455,7 +455,7 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
int b_udp = ( i_proto == MMS_PROTO_UDP ) ? 1 : 0;
var_buffer_t buffer;
- char tmp[4096];
+ char *tmp;
uint16_t *p;
int i_server_version;
int i_tool_version;
@@ -531,11 +531,18 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
var_buffer_initwrite( &buffer, 0 );
var_buffer_add16( &buffer, 0x001c );
var_buffer_add16( &buffer, 0x0003 );
- sprintf( tmp,
+ if( asprintf( &tmp,
"NSPlayer/7.0.0.1956; {"GUID_FMT"}; Host: %s",
GUID_PRINT( p_sys->guid ),
- p_url->psz_host );
+ p_url->psz_host ) < 0 )
+ {
+ var_buffer_free( &buffer );
+ net_Close( p_sys->i_handle_tcp );
+ return VLC_ENOMEM;
+ }
+
var_buffer_addUTF16( &buffer, tmp );
+ free( tmp );
mms_CommandSend( p_access,
0x01, /* connexion request */
@@ -588,17 +595,28 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
var_buffer_add32( &buffer, 0x00000002 );
if( b_udp )
{
- sprintf( tmp,
- "\\\\%s\\UDP\\%d",
- p_sys->sz_bind_addr,
- 7000 ); // FIXME
+ if( asprintf( &tmp,
+ "\\\\%s\\UDP\\%d",
+ p_sys->sz_bind_addr,
+ 7000 ) < 0) // FIXME
+ {
+ var_buffer_free( &buffer );
+ MMSClose( p_access );
+ return VLC_EGENERIC;
+ }
}
else
{
- sprintf( tmp, "\\\\192.168.0.1\\TCP\\1242" );
+ if( asprintf( &tmp, "\\\\192.168.0.1\\TCP\\1242" ) < 0 )
+ {
+ var_buffer_free( &buffer );
+ MMSClose( p_access );
+ return VLC_EGENERIC;
+ }
}
var_buffer_addUTF16( &buffer, tmp );
var_buffer_add16( &buffer, '0' );
+ free( tmp );
mms_CommandSend( p_access,
0x02, /* connexion request */
More information about the vlc-commits
mailing list