projects / platform / upstream / gst-plugins-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e939af) | patch
gstrtspconnection: Security loophole making heap overflow
authorTobias Ronge <tobiasr@axis.com>
Thu, 14 Mar 2019 09:12:27 +0000 (10:12 +0100)
committerTobias Ronge <tobiasr@axis.com>
Thu, 14 Mar 2019 09:24:30 +0000 (10:24 +0100)
commitf672277509705c4034bc92a141eefee4524d15aa
tree9aa1d90a1f16f259fc9af0956357670dda3d3077tree | snapshot
parent2e939afd73a74113cda92eb65859cdf40080c830commit | diff
gstrtspconnection: Security loophole making heap overflow

The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
gst-libs/gst/rtsp/gstrtspconnection.c diff | blob | history
Domain: Multimedia / Media Common;