projects / platform / upstream / pulseaudio.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d4ca31c) | patch
[upstream] rtp-recv: fix crash on empty UDP packets (CVE-2014-3970) 00/67100/1 accepted/tizen/common/20160426.143035 accepted/tizen/ivi/20160425.231737 accepted/tizen/mobile/20160425.231715 accepted/tizen/tv/20160425.231732 accepted/tizen/wearable/20160425.231725 submit/tizen/20160425.080416
authorSeungbae Shin <seungbae.shin@samsung.com>
Mon, 25 Apr 2016 07:38:29 +0000 (16:38 +0900)
committerSeungbae Shin <seungbae.shin@samsung.com>
Mon, 25 Apr 2016 07:38:29 +0000 (16:38 +0900)
commita7e7a8930082a40f5b0f316c1df138bef0e6dca3
treeebacb6ceff8b9b5677946d6c361f9df351c23ae1tree | snapshot
parentd4ca31c91835a15f9be027977cf381dd5c50d997commit | diff
[upstream] rtp-recv: fix crash on empty UDP packets (CVE-2014-3970)

Patch from:
https://cgit.freedesktop.org/pulseaudio/pulseaudio/commit/?id=26b9d22dd24c17eb118d0205bf7b02b75d435e3c

Original commit msg:
"On FIONREAD returning 0 bytes, we cannot return success, as the caller
(rtpoll_work_cb in module-rtp-recv.c) would then try to
pa_memblock_unref(chunk.memblock) and, because memblock is NULL, trigger
an assertion.

Also we have to read out the possible empty packet from the socket, so
that the kernel doesn't tell us again and again about it.

Change-Id: Ie7d2db03c793640d3e91b29442c186b52e024dff
Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>"
src/modules/rtp/rtp.c diff | blob | history
Domain: Multimedia / Audio FW;