[vlc-commits] rist: Fix potential buffer overflow
Hugo Beauzée-Luyssen
git at videolan.org
Thu May 23 17:20:38 CEST 2019
vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Fri Feb 1 10:04:46 2019 +0100| [9383ba42056f8742956671b16082d930237060fc] | committer: Hugo Beauzée-Luyssen
rist: Fix potential buffer overflow
https://hackerone.com/reports/489102
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=9383ba42056f8742956671b16082d930237060fc
---
modules/access/rist.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/modules/access/rist.c b/modules/access/rist.c
index e06828c88a..0c0d49eae7 100644
--- a/modules/access/rist.c
+++ b/modules/access/rist.c
@@ -529,10 +529,11 @@ static void rtcp_input(stream_t *p_access, struct rist_flow *flow, uint8_t *buf_
return;
/* Check for changes in source IP address or port */
int8_t name_length = rtcp_sdes_get_name_length(buf);
- if (name_length > bytes_left)
+ if (name_length > bytes_left || name_length <= 0 ||
+ (size_t)name_length > sizeof(new_sender_name))
{
/* check for a sane number of bytes */
- msg_Err(p_access, "Malformed SDES packet, wrong cname len %u, got a " \
+ msg_Err(p_access, "Malformed SDES packet, wrong cname len %d, got a " \
"buffer of %u bytes.", name_length, bytes_left);
return;
}
More information about the vlc-commits
mailing list