[vlc-commits] realrtsp: Fixed crash when 'RealChallenge1' is missing from initial server reply

[Filip Roséen]

vlc/vlc-2.2 | branch: master | Filip Roséen <filip at atch.se> | Thu Feb 25 10:12:28 2016 +0100| [b9a17ae0c4e7c637f86f9eb8f973e699179ad64e] | committer: Jean-Baptiste Kempf

realrtsp: Fixed crash when 'RealChallenge1' is missing from initial server reply

The module would crash if the remote server did not include `RealChallenge1` in
the headers of the initial reply after establishing a connection. The below is a
sample testcase:

% nc -l -p 8080 <<EOF
> RTSP/1.0 200 OK
> Server: Real
>
> EOF

Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
(cherry picked from commit af2281d5d2a5cc9234700e794821ba2d02991b6e)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=b9a17ae0c4e7c637f86f9eb8f973e699179ad64e
---

 modules/access/rtsp/real.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/access/rtsp/real.c b/modules/access/rtsp/real.c
index 0cec65c..0b7d5cc 100644
--- a/modules/access/rtsp/real.c
+++ b/modules/access/rtsp/real.c
@@ -622,10 +622,17 @@ rmff_header_t  *real_setup_and_get_header(rtsp_client_t *rtsp_session, int bandw
   char *mrl=rtsp_get_mrl(rtsp_session);
   unsigned int size;
   int status;
+  char *p_data;
 
   /* get challenge */
-  challenge1=strdup(rtsp_search_answers(rtsp_session,"RealChallenge1"));
-  msg_Dbg(p_access, "Challenge1: %s", challenge1);
+  if (NULL == (p_data = rtsp_search_answers(rtsp_session, "RealChallenge1"))) {
+    msg_Warn(p_access, "server did not reply with RealChallenge1, aborting!");
+    return NULL;
+
+  } else {
+    challenge1 = strdup(p_data);
+    msg_Dbg(p_access, "Challenge1: %s", challenge1);
+  }
 
   sprintf(buf, "Bandwidth: %u", bandwidth);