eden-emu/FFmpeg
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

http: avoid out of bound accesses on broken Set-Cookie headers

Browse source 
It's trivial to craft a HTTP response that will make the code for
skipping trailing whitespace access and possibly overwrite bytes outside
of the memory allocation. Why this can happen is blindingly obvious: it
accesses cstr[strlen(cstr)-1] without checking whether the string is
empty.
This commit is contained in:
wm4 2018-03-08 04:47:40 +01:00
parent 39c1d170a3
commit c0687acbf6
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
libavformat/http.c
View file

@ -750,6 +750,9 @@ static int parse_set_cookie(const char *set_cookie, AVDictionary **dict)
{ {
char *param, *next_param, *cstr, *back; char *param, *next_param, *cstr, *back;
if (!set_cookie[0])
return 0;
if (!(cstr = av_strdup(set_cookie))) if (!(cstr = av_strdup(set_cookie)))
return AVERROR(EINVAL); return AVERROR(EINVAL);