On Fri, May 29, 2015 at 7:10 PM, Nicolas George <geo...@nsup.org> wrote:
> Le decadi 10 prairial, an CCXXIII, Stephan Holljes a écrit :
>> From 33a479200b9a941d0783d941c6ea68f8b85cc4de Mon Sep 17 00:00:00 2001
>> From: Stephan Holljes <klaxa1...@googlemail.com>
>> Date: Fri, 29 May 2015 16:47:11 +0200
>> Subject: [PATCH] lavf/http: Parse and set HTTP method when listening on
>> HTTP(S)
>>
>> Signed-off-by: Stephan Holljes <klaxa1...@googlemail.com>
>> ---
>> libavformat/http.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/libavformat/http.c b/libavformat/http.c
>> index 4f6716a..c73734f 100644
>> --- a/libavformat/http.c
>> +++ b/libavformat/http.c
>> @@ -556,6 +556,12 @@ static int process_line(URLContext *h, char *line, int
>> line_count,
>>
>> p = line;
>> if (line_count == 0) {
>> + if (s->listen) {
>> + while (!av_isspace(*p))
>> + p++;
>> + if (!(s->method = av_strndup(line, p - line)))
>> + return AVERROR(ENOMEM);
>
> If method is already set, it overwrites it and therefore the old value
> leaks.
Should method be reassigned or should the set value be kept? As far as
I can tell the only way to set method is by specifying it as an option
in the command line.
I don't think overwriting specific values set by the user is good.
Maybe output a warning?
>
>> + }
>> while (!av_isspace(*p) && *p != '\0')
>> p++;
>> while (av_isspace(*p))
>
> It looks like there is client code after the if clause, it should probably
> not be executed for the server side. A malicious request could even get
> check_http_code() to return an error.
Indeed, I could reproduce this by listening on http and sending a
malformed request that got parsed as an error code.
>
> Regards,
>
> --
> Nicolas George
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
