[vlc-commits] ftp: fix scan string injection
Rémi Denis-Courmont
git at videolan.org
Thu Sep 15 13:12:06 CEST 2016
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Thu Sep 15 14:11:42 2016 +0300| [09a26099cfd8d708d40127d4faa64ade01f36775] | committer: Rémi Denis-Courmont
ftp: fix scan string injection
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=09a26099cfd8d708d40127d4faa64ade01f36775
---
modules/access/ftp.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/modules/access/ftp.c b/modules/access/ftp.c
index ba2859d..c30fa46 100644
--- a/modules/access/ftp.c
+++ b/modules/access/ftp.c
@@ -1078,10 +1078,7 @@ static int ftp_StartStream( vlc_object_t *p_access, access_sys_t *p_sys,
if( *psz_ip )
{
- char psz_fmt[7] = "(|||%u";
- psz_fmt[1] = psz_fmt[2] = psz_fmt[3] = psz_parser[1];
-
- if( sscanf( psz_parser, psz_fmt, &i_port ) < 1 )
+ if( sscanf( psz_parser, "(%*3c%u", &i_port ) < 1 )
{
free( psz_arg );
msg_Err( p_access, "cannot parse passive mode response" );
More information about the vlc-commits
mailing list