2c8260b4ae
- MMS: Fix stack overflow. SA-1201 - RealRTSP: Fix heap overflows. SA-1202 - ty: Fix out of bound read on corrupt files. - Avoid char conversion in strchr(). - Fix surrogate detection. from Brad (maintainer)
71 lines
2.2 KiB
Plaintext
71 lines
2.2 KiB
Plaintext
$OpenBSD: patch-modules_access_mms_mmstu_c,v 1.5 2012/03/21 08:27:29 ajacoutot Exp $
|
|
|
|
Fix stack overflow. SA-1201
|
|
|
|
--- modules/access/mms/mmstu.c.orig Tue Jul 12 14:11:24 2011
|
|
+++ modules/access/mms/mmstu.c Tue Mar 20 16:31:17 2012
|
|
@@ -455,7 +455,7 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_
|
|
int b_udp = ( i_proto == MMS_PROTO_UDP ) ? 1 : 0;
|
|
|
|
var_buffer_t buffer;
|
|
- char tmp[4096];
|
|
+ char *tmp;
|
|
uint16_t *p;
|
|
int i_server_version;
|
|
int i_tool_version;
|
|
@@ -531,11 +531,18 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_
|
|
var_buffer_initwrite( &buffer, 0 );
|
|
var_buffer_add16( &buffer, 0x001c );
|
|
var_buffer_add16( &buffer, 0x0003 );
|
|
- sprintf( tmp,
|
|
+ if( asprintf( &tmp,
|
|
"NSPlayer/7.0.0.1956; {"GUID_FMT"}; Host: %s",
|
|
GUID_PRINT( p_sys->guid ),
|
|
- p_url->psz_host );
|
|
+ p_url->psz_host ) < 0 )
|
|
+ {
|
|
+ var_buffer_free( &buffer );
|
|
+ net_Close( p_sys->i_handle_tcp );
|
|
+ return VLC_ENOMEM;
|
|
+ }
|
|
+
|
|
var_buffer_addUTF16( &buffer, tmp );
|
|
+ free( tmp );
|
|
|
|
mms_CommandSend( p_access,
|
|
0x01, /* connexion request */
|
|
@@ -588,17 +595,28 @@ static int MMSOpen( access_t *p_access, vlc_url_t *p_
|
|
var_buffer_add32( &buffer, 0x00000002 );
|
|
if( b_udp )
|
|
{
|
|
- sprintf( tmp,
|
|
- "\\\\%s\\UDP\\%d",
|
|
- p_sys->sz_bind_addr,
|
|
- 7000 ); // FIXME
|
|
+ if( asprintf( &tmp,
|
|
+ "\\\\%s\\UDP\\%d",
|
|
+ p_sys->sz_bind_addr,
|
|
+ 7000 ) < 0) // FIXME
|
|
+ {
|
|
+ var_buffer_free( &buffer );
|
|
+ MMSClose( p_access );
|
|
+ return VLC_EGENERIC;
|
|
+ }
|
|
}
|
|
else
|
|
{
|
|
- sprintf( tmp, "\\\\192.168.0.1\\TCP\\1242" );
|
|
+ if( asprintf( &tmp, "\\\\192.168.0.1\\TCP\\1242" ) < 0 )
|
|
+ {
|
|
+ var_buffer_free( &buffer );
|
|
+ MMSClose( p_access );
|
|
+ return VLC_EGENERIC;
|
|
+ }
|
|
}
|
|
var_buffer_addUTF16( &buffer, tmp );
|
|
var_buffer_add16( &buffer, '0' );
|
|
+ free( tmp );
|
|
|
|
mms_CommandSend( p_access,
|
|
0x02, /* connexion request */
|