[FFmpeg-devel] [PATCH] RTSP-MS 4/15: blocksize detection

Michael Niedermayer michaelni
Tue Jan 6 16:18:26 CET 2009


On Mon, Jan 05, 2009 at 11:57:24PM -0500, Ronald S. Bultje wrote:
> Hi,
> 
> attached patch parses the "Blocksize" field in the RTSP reply header
> in response to each SETUP request (one per m= line in the SDP). This
> is the maximum amount of data contained in a single RTP packet
> transmitted by the server, and can be larger than
> RTP_MAX_PACKET_LENGTH (it's one of those things where it's not 100%
> RTP-compliant). I'm parsing it, taking the max Blocksize value and
> then the max between this "max. blocksize value" and
> RTP_MAX_PACKET_LENGTH to determine the buffer size for reading
> individual RTP packets.
> 
> Ronald

> Index: ffmpeg-svn/libavformat/rtsp.c
> ===================================================================
> --- ffmpeg-svn.orig/libavformat/rtsp.c	2009-01-05 19:58:10.000000000 -0500
> +++ ffmpeg-svn/libavformat/rtsp.c	2009-01-05 19:58:14.000000000 -0500
> @@ -691,6 +691,10 @@
>      } else if (av_stristart(p, "Server:", &p)) {
>          skip_spaces(&p);
>          av_strlcpy(reply->server, p, sizeof(reply->server));
> +    } else if (av_stristart(p, "Blocksize:", &p)) {
> +        int blocksize = strtol(p, NULL, 10);
> +        if (blocksize > reply->max_blocksize)
> +            reply->max_blocksize = blocksize;
>      }
>  }
>  
> @@ -1035,6 +1039,8 @@
>      if (rt->server_type == RTSP_SERVER_REAL)
>          rt->need_subscription = 1;
>  
> +    s->packet_size = FFMAX(reply->max_blocksize, RTP_MAX_PACKET_LENGTH);
> +
>      return 0;
>  
>  fail:
> @@ -1299,7 +1305,7 @@
>      RTSPState *rt = s->priv_data;
>      RTSPStream *rtsp_st;
>      int ret, len;
> -    uint8_t buf[RTP_MAX_PACKET_LENGTH];
> +    uint8_t buf[s->packet_size];

this might be exploitable
packet_size can be set to an arbitrary large value, the stack is not
that large ...


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090106/4723de59/attachment.pgp>



More information about the ffmpeg-devel mailing list