[vlc-commits] MMS: fix Stack overflow

Jean-Baptiste Kempf git at videolan.org
Fri Mar 16 01:26:17 CET 2012 

vlc/vlc-1.1 | branch: master | Jean-Baptiste Kempf <jb at videolan.org> | Thu Mar 15 17:59:33 2012 +0100| [4780f904d02696bb0f2be14055fd89cba17a5b5e] | committer: Jean-Baptiste Kempf

MMS: fix Stack overflow

SA-1201
(cherry picked from commit 3a57afee14a7f00fd6ff0cccb90a60923ccf766d)
(cherry picked from commit f5cb63575c65be2719ed8f2cad0e4dff7f288872)

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.1.git/?a=commit;h=4780f904d02696bb0f2be14055fd89cba17a5b5e
---

 modules/access/mms/mmstu.c |   34 ++++++++++++++++++++++++++--------
 1 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c
index 655038f..7388eb6 100644
--- a/modules/access/mms/mmstu.c
+++ b/modules/access/mms/mmstu.c
@@ -455,7 +455,7 @@ static int MMSOpen( access_t  *p_access, vlc_url_t *p_url, int  i_proto )
     int           b_udp = ( i_proto == MMS_PROTO_UDP ) ? 1 : 0;
 
     var_buffer_t buffer;
-    char         tmp[4096];
+    char         *tmp;
     uint16_t     *p;
     int          i_server_version;
     int          i_tool_version;
@@ -531,11 +531,18 @@ static int MMSOpen( access_t  *p_access, vlc_url_t *p_url, int  i_proto )
     var_buffer_initwrite( &buffer, 0 );
     var_buffer_add16( &buffer, 0x001c );
     var_buffer_add16( &buffer, 0x0003 );
-    sprintf( tmp,
+    if( asprintf( &tmp,
              "NSPlayer/7.0.0.1956; {"GUID_FMT"}; Host: %s",
              GUID_PRINT( p_sys->guid ),
-             p_url->psz_host );
+             p_url->psz_host ) < 0 )
+    {
+        var_buffer_free( &buffer );
+        net_Close( p_sys->i_handle_tcp );
+        return VLC_ENOMEM;
+    }
+
     var_buffer_addUTF16( &buffer, tmp );
+    free( tmp );
 
     mms_CommandSend( p_access,
                      0x01,          /* connexion request */
@@ -588,17 +595,28 @@ static int MMSOpen( access_t  *p_access, vlc_url_t *p_url, int  i_proto )
     var_buffer_add32( &buffer, 0x00000002 );
     if( b_udp )
     {
-        sprintf( tmp,
-                 "\\\\%s\\UDP\\%d",
-                 p_sys->sz_bind_addr,
-                 7000 ); // FIXME
+        if( asprintf( &tmp,
+                    "\\\\%s\\UDP\\%d",
+                    p_sys->sz_bind_addr,
+                    7000 ) < 0) // FIXME
+        {
+            var_buffer_free( &buffer );
+            MMSClose( p_access );
+            return VLC_EGENERIC;
+        }
     }
     else
     {
-        sprintf( tmp, "\\\\192.168.0.1\\TCP\\1242"  );
+        if( asprintf( &tmp, "\\\\192.168.0.1\\TCP\\1242" ) < 0 )
+        {
+            var_buffer_free( &buffer );
+            MMSClose( p_access );
+            return VLC_EGENERIC;
+        }
     }
     var_buffer_addUTF16( &buffer, tmp );
     var_buffer_add16( &buffer, '0' );
+    free( tmp );
 
     mms_CommandSend( p_access,
                      0x02,          /* connexion request */

More information about the vlc-commits mailing list