[vlc-commits] access: mmstu: check command length before parsing
Francois Cartegnie
git at videolan.org
Mon Dec 28 23:35:53 CET 2015
vlc/vlc-2.2 | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Mon Dec 28 13:53:44 2015 +0100| [113ba636d6b419687001af95511f925e3838517d] | committer: Jean-Baptiste Kempf
access: mmstu: check command length before parsing
(cherry picked from commit 377b93ef0b09c7be6b6cb53228d195c916f19b61)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=113ba636d6b419687001af95511f925e3838517d
---
modules/access/mms/mmstu.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c
index 4db45ee..2c4e40e 100644
--- a/modules/access/mms/mmstu.c
+++ b/modules/access/mms/mmstu.c
@@ -542,7 +542,7 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
buffer.p_data,
buffer.i_data );
- if( mms_CommandRead( p_access, 0x01, 0 ) < 0 )
+ if( mms_CommandRead( p_access, 0x01, 0 ) < 0 || p_sys->i_cmd < MMS_CMD_HEADERSIZE + 48 )
{
var_buffer_free( &buffer );
MMSClose( p_access );
@@ -681,6 +681,13 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_url, int i_proto )
return( -1 );
}
+ if( p_sys->i_cmd < MMS_CMD_HEADERSIZE + 64 )
+ {
+ var_buffer_free( &buffer );
+ MMSClose( p_access );
+ return VLC_EBADVAR;
+ }
+
/* 1 for file ok, 2 for authen ok */
switch( GetDWLE( p_sys->p_cmd + MMS_CMD_HEADERSIZE ) )
{
More information about the vlc-commits
mailing list