From 9e1135e209d798a6ebee2b415acc8c6535d3befc Mon Sep 17 00:00:00 2001 From: Jan Schmidt Date: Thu, 16 Apr 2015 22:43:54 +1000 Subject: [PATCH] apexsink: Fix buffer overflow, in case anyone ever ports it. Fix a simple buffer overflow - 16 bytes isn't enough to hold the string representation of a gulong on x86_64. I guess the intent was to generate a 32 bit random key, so let's do that. Only matters if anyone ever ports the sink to 1.x https://bugzilla.gnome.org/show_bug.cgi?id=676524 --- ext/apexsink/gstapexraop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/apexsink/gstapexraop.c b/ext/apexsink/gstapexraop.c index 0a78096..af4f573 100644 --- a/ext/apexsink/gstapexraop.c +++ b/ext/apexsink/gstapexraop.c @@ -252,7 +252,7 @@ gst_apexraop_connect (GstApExRAOP * con) { struct asvals { - gulong url_key; + guint32 url_key; guint64 conn_id; guchar challenge[16]; } v; @@ -284,7 +284,7 @@ gst_apexraop_connect (GstApExRAOP * con) return GST_RTSP_STS_DESTINATION_UNREACHABLE; RAND_bytes (randbuf.buf, sizeof (randbuf)); - sprintf ((gchar *) conn->url_abspath, "%lu", randbuf.v.url_key); + sprintf ((gchar *) conn->url_abspath, "%u", randbuf.v.url_key); sprintf ((char *) conn->cid, "%16" G_GINT64_MODIFIER "x", randbuf.v.conn_id); RAND_bytes (conn->aes_ky, AES_BLOCK_SIZE); -- 2.7.4