[FFmpeg-devel] Correctly fill the SSRC field in RTP packets
Tue Mar 25 18:27:53 CET 2008
On Tue, Mar 25, 2008 at 01:58:47PM +0100, Luca Abeni wrote:
> Hi all,
> I've just realized that the RTP muxer currently fills the
> SSRC field in RTP packets with 0, generating multiple RTP
> streams with the same SSRC. Unless I misread RFC3550, this
> is not ok, since different streams in the same session
> should have different SSRCs.
> The attached patch fills the SSRC field using the address
> of the AVFormatContext, so that different streams in the
> same session will have different SSRCs. I am posting the
> patch instead of directly committing it because I do not
> know if using the AVFormatContext address could be a problem
> for security, or if there is some other drawback. If noone
> objects, I'll commit the patch in 2 or 3 days.
> @@ -60,7 +60,7 @@
> s->base_timestamp = 0; /* FIXME: was random(), what should this be? */
> s->timestamp = s->base_timestamp;
> s->cur_timestamp = 0;
> - s->ssrc = 0; /* FIXME: was random(), what should this be? */
> + s->ssrc = (int)s;
you are leaking information VERY usefull for an exploit.
and no whatever_random_number_generator(seed=(int)s) is equally bad for the
exact same reason.
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
It is not what we do, but why we do it that matters.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
More information about the ffmpeg-devel