This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new 99e1ecca36 avformat/icecast: reject CR/LF in metadata header values
99e1ecca36 is described below
commit 99e1ecca36455689c0c417a02ca36cd5b6e2346d
Author: Franciszek Kalinowski <[email protected]>
AuthorDate: Tue May 19 09:43:54 2026 +0200
Commit: Marvin Scholz <[email protected]>
CommitDate: Thu May 21 18:05:39 2026 +0000
avformat/icecast: reject CR/LF in metadata header values
Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz
Smigielski.
---
libavformat/icecast.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/icecast.c b/libavformat/icecast.c
index 3146d7f384..323d330e42 100644
--- a/libavformat/icecast.c
+++ b/libavformat/icecast.c
@@ -70,8 +70,14 @@ static const AVOption options[] = {
static void cat_header(AVBPrint *bp, const char key[], const char value[])
{
- if (NOT_EMPTY(value))
+ if (NOT_EMPTY(value)) {
+ if (strpbrk(value, "\r\n")) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Refusing to send '%s' header: value contains CR/LF\n",
key);
+ return;
+ }
av_bprintf(bp, "%s: %s\r\n", key, value);
+ }
}
static int icecast_close(URLContext *h)
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
