[vlc-commits] ftp: fix scan string injection
Rémi Denis-Courmont
git at videolan.org
Thu Sep 15 13:12:28 CEST 2016
vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Thu Sep 15 14:11:42 2016 +0300| [620c9cef9d7c237eb3bbb87a7456b9295cdf0629] | committer: Rémi Denis-Courmont
ftp: fix scan string injection
(cherry picked from commit 09a26099cfd8d708d40127d4faa64ade01f36775)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=620c9cef9d7c237eb3bbb87a7456b9295cdf0629
---
modules/access/ftp.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/modules/access/ftp.c b/modules/access/ftp.c
index ce3cc79..54a2aa4 100644
--- a/modules/access/ftp.c
+++ b/modules/access/ftp.c
@@ -939,10 +939,7 @@ static int ftp_StartStream( vlc_object_t *p_access, access_sys_t *p_sys,
if( *psz_ip )
{
- char psz_fmt[7] = "(|||%u";
- psz_fmt[1] = psz_fmt[2] = psz_fmt[3] = psz_parser[1];
-
- if( sscanf( psz_parser, psz_fmt, &i_port ) < 1 )
+ if( sscanf( psz_parser, "(%*3c%u", &i_port ) < 1 )
{
free( psz_arg );
msg_Err( p_access, "cannot parse passive mode response" );
More information about the vlc-commits
mailing list