[FFmpeg-devel] [PATCH] ffserver: local OOB write with custom program name

Michael Niedermayer michael at niedermayer.cc
Sun Jan 8 04:43:11 EET 2017


On Fri, Jan 06, 2017 at 11:33:16PM +0100, Tobias Stoeckmann wrote:
> When the command line for children is created, it is assumed that
> my_program_name always ends with "ffserver", which doesn't have to
> be true if ffserver is called through a symbolic link.
> 
> In such a case, it could be that not enough space for "ffmpeg" is
> available at the end, leading to a buffer overflow.
> 
> One example would be:
> 
> $ ln -s /usr/bin/ffserver ~/f; ~/f
> 
> As this is only a local buffer overflow, i.e. is based on a weird
> program call, this has NO security impact.
> ---
>  ffserver.c | 20 +++++++++++---------
>  1 file changed, 11 insertions(+), 9 deletions(-)

applied

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The misfortune of the wise is better than the prosperity of the fool.
-- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170108/ac593192/attachment.sig>


More information about the ffmpeg-devel mailing list