Google Git
Sign in
coral / mtk-gst-plugins-base / a6f8cbfb6e8e1764b397dbcd08888c54b426bdf2
commita6f8cbfb6e8e1764b397dbcd08888c54b426bdf2[log] [tgz]
authorTobias Ronge <tobiasr@axis.com>Thu Mar 14 10:12:27 2019 +0100
committerJonas Larsson <ljonas@google.com>Tue Nov 17 12:35:52 2020 -0800
treea94b65bb3ce6cb4f8c2552e9b41e8adf63617c1f
parent384ff7d0268c71e76f7328a9ca6dfe96e4a3ab23 [diff]
gstrtspconnection: Security loophole making heap overflow

The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
1 file changed
tree: a94b65bb3ce6cb4f8c2552e9b41e8adf63617c1f
  1. docs/
  2. ext/
  3. gst/
  4. gst-libs/
  5. hooks/
  6. m4/
  7. pkgconfig/
  8. po/
  9. sys/
  10. tests/
  11. tools/
  12. common
  13. .gitignore
  14. .gitmodules
  15. AUTHORS
  16. autogen.sh
  17. ChangeLog
  18. configure.ac
  19. COPYING
  20. COPYING.LIB
  21. gst-plugins-base.doap
  22. MAINTAINERS
  23. Makefile.am
  24. meson.build
  25. meson_options.txt
  26. NEWS
  27. README
  28. README.static-linking
  29. RELEASE
  30. REQUIREMENTS