http: avoid out of bound accesses on broken Set-Cookie headers
It's trivial to craft a HTTP response that will make the code for skipping trailing whitespace access and possibly overwrite bytes outside of the memory allocation. Why this can happen is blindingly obvious: it accesses cstr[strlen(cstr)-1] without checking whether the string is empty.
This commit is contained in:
wm4
parent
39c1d170a3
commit
c0687acbf6
1 changed files with 3 additions and 0 deletions
|
|
@ -750,6 +750,9 @@ static int parse_set_cookie(const char *set_cookie, AVDictionary **dict)
|
|||
{
|
||||
char *param, *next_param, *cstr, *back;
|
||||
|
||||
if (!set_cookie[0])
|
||||
return 0;
|
||||
|
||||
if (!(cstr = av_strdup(set_cookie)))
|
||||
return AVERROR(EINVAL);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue