[vlc-devel] [PATCH] M3u & pls demux: Check the size of each file line to prevent flooding the playlist.
Rafaël Carré
funman at videolan.org
Wed Apr 24 13:18:24 CEST 2013
Hello,
Le 24/04/2013 13:09, Adrien Maglo a écrit :
> Hello,
>
>
> The exploit attached to the ticket #7361 shows that it is possible to
> freeze VLC with a corrupted playlist file containing very long lines.
> VLC indeed outputs to the logs a message giving the name of the media,
> which is extremely long. This is not a security issue but as logging is
> a costly operation, outputting this message takes a lot of time and
> freezes VLC.
>
> The attached patch proposes to set a maximum line length for the M3U and
> PLS playlist format. It therefore prevent the playlist from being
> flooded using these demux.
>
>
> -- MagSoft
>
>
> 0001-M3u-pls-demux-Check-the-size-of-each-file-line-to-pr.patch
>
>
> From a86408bef4c58408a3eee4c916babca373b21794 Mon Sep 17 00:00:00 2001
> From: Adrien Maglo <magsoft at videolan.org>
> Date: Wed, 24 Apr 2013 12:48:25 +0200
> Subject: [PATCH] M3u & pls demux: Check the size of each file line to prevent
> flooding the playlist.
>
> This commit fixes the ticket #7361.
> ---
> modules/demux/playlist/m3u.c | 8 ++++++++
> modules/demux/playlist/pls.c | 9 ++++++++-
> 2 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/modules/demux/playlist/m3u.c b/modules/demux/playlist/m3u.c
> index 8519488..2c8849d 100644
> --- a/modules/demux/playlist/m3u.c
> +++ b/modules/demux/playlist/m3u.c
> @@ -157,6 +157,10 @@ void Close_M3U( vlc_object_t *p_this )
> }
>
>
> +/* Magic number. There is no official specification of the maximum line size
> + for the m3u playlist format. */
> +#define MAX_M3U_LINE_SIZE 1024
1024 seems too low.
PATH_MAX seems to be 4096 on linux, and browsers are said to accept up
to 2048 bytes long URLs according to some experiment which can be found
on Stack Overflow.
More information about the vlc-devel
mailing list