This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.1 in repository ffmpeg.
commit cb112ece1c02e76529fed162487fa627ad4fa3a7 Author: Franciszek Kalinowski <[email protected]> AuthorDate: Tue May 19 09:43:54 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue Jun 16 06:01:29 2026 +0200 avformat/icecast: reject CR/LF in metadata header values Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz Smigielski. (cherry picked from commit 99e1ecca36455689c0c417a02ca36cd5b6e2346d) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/icecast.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/icecast.c b/libavformat/icecast.c index 3146d7f384..323d330e42 100644 --- a/libavformat/icecast.c +++ b/libavformat/icecast.c @@ -70,8 +70,14 @@ static const AVOption options[] = { static void cat_header(AVBPrint *bp, const char key[], const char value[]) { - if (NOT_EMPTY(value)) + if (NOT_EMPTY(value)) { + if (strpbrk(value, "\r\n")) { + av_log(NULL, AV_LOG_ERROR, + "Refusing to send '%s' header: value contains CR/LF\n", key); + return; + } av_bprintf(bp, "%s: %s\r\n", key, value); + } } static int icecast_close(URLContext *h) _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
