[FFmpeg-devel] AVRandomState usage in ffserver/RTP/RTSP

Stefano Sabatini stefano.sabatini-lala
Mon Jan 19 00:18:04 CET 2009


On date Tuesday 2009-01-06 22:50:44 +0100, Stefano Sabatini encoded:
> On date Monday 2009-01-05 13:30:40 -0800, Baptiste Coudurier encoded:
> > Hi,
> > 
> > Michael Niedermayer wrote:
> > > On Mon, Jan 05, 2009 at 05:32:50PM +0100, Stefano Sabatini wrote:
> > >> On date Monday 2009-01-05 17:00:50 +0100, Michael Niedermayer
> > >> encoded:
> > >>> On Mon, Jan 05, 2009 at 02:44:34AM +0100, Stefano Sabatini wrote:
> > >>>  [...]
> > >>>> Index: ffmpeg/ffserver.c 
> > >>>> ===================================================================
> > >>>>  --- ffmpeg.orig/ffserver.c	2009-01-05 02:40:48.000000000 +0100
> > >>>>  +++ ffmpeg/ffserver.c	2009-01-05 02:41:00.000000000 +0100 @@
> > >>>> -4483,7 +4483,7 @@
> > >>>> 
> > >>>> unsetenv("http_proxy");             /* Kill the http_proxy */
> > >>>> 
> > >>>> -    av_init_random(av_gettime() + (getpid() << 16),
> > >>>> &random_state); +    av_random_init(&random_state, av_gettime()
> > >>>> + (getpid() << 16));
> > >>>> 
> > >>>> memset(&sigact, 0, sizeof(sigact)); sigact.sa_handler =
> > >>>> handle_child_exit;
> > >>> do we really have to export the pid and starttime to an attacker?
> > >>> 
> > >> Would be this more acceptable?
> > > 
> > > open /dev/random/ read into the seed if either fails use 0. thats
> > > IMHO ... iam not ffserver maintainer, and dont even know why ffserver
> > >  needs random numbers.
> 
> This will fail if /dev/random is not accessible, in that case every
> RTP stream will have the same session id, and this is troublesome.
> 
> > Apparently ffserver needs random data for RTSP/RTP session id. Not
> > really sure if random is really needed, more probably unique number,
> > IIRC this was discussed before but Im not RTSP/RTP expert.
> 
> From RFC 1889:
> | Synchronization source (SSRC): The source of a stream of RTP packets,
> |        identified by a 32-bit numeric SSRC identifier carried in the
> |        RTP header so as not to be dependent upon the network address.
> |        All packets from a synchronization source form part of the same
> |        timing and sequence number space, so a receiver groups packets
> |        by synchronization source for playback. Examples of
> |        synchronization sources include the sender of a stream of
> |        packets derived from a signal source such as a microphone or a
> |        camera, or an RTP mixer (see below). A synchronization source
> |        may change its data format, e.g., audio encoding, over time. The
> |        SSRC identifier is a randomly chosen value meant to be globally
> |        unique within a particular RTP session (see Section 8). A
> |        participant need not use the same SSRC identifier for all the
> |        RTP sessions in a multimedia session; the binding of the SSRC
> |        identifiers is provided through RTCP (see Section 6.4.1).  If a
> |        participant generates multiple streams in one RTP session, for
> |        example from separate video cameras, each must be identified as
> |        a different SSRC.
> 
> While I'm not an RTP/RTSP expert too I think the patch attached makes
> ffserver not provide useful informations to an eventual attacker, or
> at least improves the current behaviour.
> 
> Regards.
> -- 
> FFmpeg = Faboulous & Fostering Mortal Pitiless Efficient Gem

> Index: ffmpeg/ffserver.c
> ===================================================================
> --- ffmpeg.orig/ffserver.c	2009-01-05 17:24:43.000000000 +0100
> +++ ffmpeg/ffserver.c	2009-01-05 17:31:35.000000000 +0100
> @@ -4468,6 +4468,7 @@
>  int main(int argc, char **argv)
>  {
>      struct sigaction sigact;
> +    struct timeval tv;
>  
>      av_register_all();
>  
> @@ -4483,7 +4484,8 @@
>  
>      unsetenv("http_proxy");             /* Kill the http_proxy */
>  
> -    av_random_init(&random_state, av_gettime() + (getpid() << 16));
> +    gettimeofday(&tv, NULL);
> +    av_random_init(&random_state, tv.tv_usec);
>  
>      memset(&sigact, 0, sizeof(sigact));
>      sigact.sa_handler = handle_child_exit;

Ping?

Regards.
-- 
FFmpeg = Foolish & Fundamental MultiPurpose Elastic Game




More information about the ffmpeg-devel mailing list