[vlc-commits] access: mmstu: check command length before parsing
Francois Cartegnie
git at videolan.org
Mon Dec 28 14:07:25 CET 2015
vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Mon Dec 28 13:53:44 2015 +0100| [377b93ef0b09c7be6b6cb53228d195c916f19b61] | committer: Francois Cartegnie
access: mmstu: check command length before parsing
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=377b93ef0b09c7be6b6cb53228d195c916f19b61
---
modules/access/mms/mmstu.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c
index f41c1b4..37d7766 100644
--- a/modules/access/mms/mmstu.c
+++ b/modules/access/mms/mmstu.c
@@ -543,7 +543,7 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
buffer.p_data,
buffer.i_data );
- if( mms_CommandRead( p_access, 0x01, 0 ) < 0 )
+ if( mms_CommandRead( p_access, 0x01, 0 ) < 0 || p_sys->i_cmd < MMS_CMD_HEADERSIZE + 48 )
{
var_buffer_free( &buffer );
MMSClose( p_access );
@@ -682,6 +682,13 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
return( -1 );
}
+ if( p_sys->i_cmd < MMS_CMD_HEADERSIZE + 64 )
+ {
+ var_buffer_free( &buffer );
+ MMSClose( p_access );
+ return VLC_EBADVAR;
+ }
+
/* 1 for file ok, 2 for authen ok */
switch( GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE ) )
{
More information about the vlc-commits
mailing list