Le decadi 10 prairial, an CCXXIII, Stephan Holljes a écrit :
> From 33a479200b9a941d0783d941c6ea68f8b85cc4de Mon Sep 17 00:00:00 2001
> From: Stephan Holljes <klaxa1...@googlemail.com>
> Date: Fri, 29 May 2015 16:47:11 +0200
> Subject: [PATCH] lavf/http: Parse and set HTTP method when listening on
> HTTP(S)
>
> Signed-off-by: Stephan Holljes <klaxa1...@googlemail.com>
> ---
> libavformat/http.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/libavformat/http.c b/libavformat/http.c
> index 4f6716a..c73734f 100644
> --- a/libavformat/http.c
> +++ b/libavformat/http.c
> @@ -556,6 +556,12 @@ static int process_line(URLContext *h, char *line, int
> line_count,
>
> p = line;
> if (line_count == 0) {
> + if (s->listen) {
> + while (!av_isspace(*p))
> + p++;
> + if (!(s->method = av_strndup(line, p - line)))
> + return AVERROR(ENOMEM);If method is already set, it overwrites it and therefore the old value leaks. > + } > while (!av_isspace(*p) && *p != '\0') > p++; > while (av_isspace(*p)) It looks like there is client code after the if clause, it should probably not be executed for the server side. A malicious request could even get check_http_code() to return an error. Regards, -- Nicolas George
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
