vlc | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Fri Feb 1 10:04:46 2019 +0100| [9383ba42056f8742956671b16082d930237060fc] | committer: Hugo Beauzée-Luyssen
rist: Fix potential buffer overflow https://hackerone.com/reports/489102 > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=9383ba42056f8742956671b16082d930237060fc --- modules/access/rist.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/access/rist.c b/modules/access/rist.c index e06828c88a..0c0d49eae7 100644 --- a/modules/access/rist.c +++ b/modules/access/rist.c @@ -529,10 +529,11 @@ static void rtcp_input(stream_t *p_access, struct rist_flow *flow, uint8_t *buf_ return; /* Check for changes in source IP address or port */ int8_t name_length = rtcp_sdes_get_name_length(buf); - if (name_length > bytes_left) + if (name_length > bytes_left || name_length <= 0 || + (size_t)name_length > sizeof(new_sender_name)) { /* check for a sane number of bytes */ - msg_Err(p_access, "Malformed SDES packet, wrong cname len %u, got a " \ + msg_Err(p_access, "Malformed SDES packet, wrong cname len %d, got a " \ "buffer of %u bytes.", name_length, bytes_left); return; } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
