[vlc-commits] realrtsp: fixed crash on missing ETag + log levels

Filip Roséen git at videolan.org
Fri Feb 26 17:48:45 CET 2016 

vlc | branch: master | Filip Roséen <filip at atch.se> | Thu Feb 25 10:12:30 2016 +0100| [1831e930bd3052b06f6912b91370cd7b5178730e] | committer: Jean-Baptiste Kempf

realrtsp: fixed crash on missing ETag + log levels

If the remote server does not include the `ETag` header when in the
response to the DESCRIBE request, the module would crash due to usage of
`strlen(session_id)` later on, where `session_id` would be  `NULL`.

% netcat -l -p 8080 <<EOF
> RTSP/1.0 200 OK
> CSeq: 1
> Server: Real
> RealChallenge1: foobar
>
> RTSP/1.0 200 OK
> CSeq: 2
> Content-Length: 10
>
> helloworld
EOF

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=1831e930bd3052b06f6912b91370cd7b5178730e
---

 modules/access/rtsp/real.c |   15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/modules/access/rtsp/real.c b/modules/access/rtsp/real.c
index 53ad3bc..ee60509 100644
--- a/modules/access/rtsp/real.c
+++ b/modules/access/rtsp/real.c
@@ -648,9 +648,9 @@ rmff_header_t  *real_setup_and_get_header(rtsp_client_t *rtsp_session, int bandw
 
   status=rtsp_request_describe(rtsp_session,NULL);
   if ( status<200 || status>299 ) {
-    msg_Dbg (p_access, "server returned status code %d", status);
+    msg_Warn (p_access, "server returned status code %d", status);
     if ((p_data = rtsp_search_answers(rtsp_session, "Alert"))) {
-      msg_Dbg(p_access, "server replied with a message: '%s'", p_data);
+      msg_Warn(p_access, "server replied with a message: '%s'", p_data);
     }
     rtsp_send_ok( rtsp_session );
     free( challenge1 );
@@ -672,10 +672,13 @@ rmff_header_t  *real_setup_and_get_header(rtsp_client_t *rtsp_session, int bandw
     goto error;
   }
 
-  if (!rtsp_search_answers(rtsp_session,"ETag"))
-    msg_Warn (p_access, "server reply missing ETag");
-  else
-    session_id=strdup(rtsp_search_answers(rtsp_session,"ETag"));
+  if (NULL == (p_data = rtsp_search_answers(rtsp_session, "ETag"))) {
+    msg_Warn(p_access, "ETag missing from server response, aborting!");
+    goto error;
+
+  } else {
+    session_id = strdup(p_data);
+  }
 
   msg_Dbg(p_access, "Stream description size: %u", size);

More information about the vlc-commits mailing list