summaryrefslogtreecommitdiff
path: root/src/input/libreal/real.c
diff options
context:
space:
mode:
authorMiguel Freitas <miguelfreitas@users.sourceforge.net>2004-12-15 12:53:35 +0000
committerMiguel Freitas <miguelfreitas@users.sourceforge.net>2004-12-15 12:53:35 +0000
commit1e6e2911be09c130a46af24935b8a10f429448d4 (patch)
tree43a539aa5cf742376b673a9badf50b37edb99e6e /src/input/libreal/real.c
parent72a000110b9843b3e66b811b1369fe92fee2cb3b (diff)
downloadxine-lib-1e6e2911be09c130a46af24935b8a10f429448d4.tar.gz
xine-lib-1e6e2911be09c130a46af24935b8a10f429448d4.tar.bz2
Multiple security vulnerabilities fixed on PNM and Real RTSP clients
(thanks iDEFENSE for reporting these) CVS patchset: 7258 CVS date: 2004/12/15 12:53:35
Diffstat (limited to 'src/input/libreal/real.c')
-rw-r--r--src/input/libreal/real.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/input/libreal/real.c b/src/input/libreal/real.c
index 17e470462..2e455ce02 100644
--- a/src/input/libreal/real.c
+++ b/src/input/libreal/real.c
@@ -17,7 +17,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
- * $Id: real.c,v 1.19 2004/09/08 15:09:30 miguelfreitas Exp $
+ * $Id: real.c,v 1.20 2004/12/15 12:53:46 miguelfreitas Exp $
*
* special functions for real streams.
* adopted from joschkas real tools.
@@ -604,6 +604,8 @@ int real_get_rdt_chunk(rtsp_t *rtsp_session, unsigned char **buffer) {
return (n <= 0) ? 0 : n+12;
}
+//! maximum size of the rtsp description, must be < INT_MAX
+#define MAX_DESC_BUF (20 * 1024 * 1024)
rmff_header_t *real_setup_and_get_header(rtsp_t *rtsp_session, uint32_t bandwidth) {
char *description=NULL;
@@ -652,6 +654,13 @@ rmff_header_t *real_setup_and_get_header(rtsp_t *rtsp_session, uint32_t bandwid
else
size=atoi(rtsp_search_answers(rtsp_session,"Content-length"));
+ if (size > MAX_DESC_BUF) {
+ printf("real: Content-length for description too big (> %uMB)!\n",
+ MAX_DESC_BUF/(1024*1024) );
+ xine_buffer_free(buf);
+ return NULL;
+ }
+
if (!rtsp_search_answers(rtsp_session,"ETag"))
lprintf("real: got no ETag!\n");
else
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 12:01:43 +0000