PR #23505 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23505 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23505.patch
When ffmpeg whip client takes up dtls_active role when using gnutls, it tries to connect to the server over udp and intermittently crashes. This is because s->host is NULL, and ffmpeg is in ice controlling mode. The gnutls api - gnutls_server_name_set() crashes if the hostname is NULL. This commit assigns valid value to s->host in such scenarios. Signed-off-by: Aditya Banavi <[email protected]> (cherry picked from commit 28b92b9b2e7abeb70b0aa050138e6e4b7cc26aed) The upstream fix calls ff_tls_parse_host(), which was introduced after this branch point by commit df3511db5bdf; its host-parsing is inlined here rather than backporting that refactor. Signed-off-by: Michael Niedermayer <[email protected]> >From bd15ed2a05a500d9088be060c12d655dbc3dc49c Mon Sep 17 00:00:00 2001 From: Aditya Banavi <[email protected]> Date: Tue, 16 Jun 2026 06:33:07 +0200 Subject: [PATCH] avformat/tls_gnutls:fix crash when connecting to peer When ffmpeg whip client takes up dtls_active role when using gnutls, it tries to connect to the server over udp and intermittently crashes. This is because s->host is NULL, and ffmpeg is in ice controlling mode. The gnutls api - gnutls_server_name_set() crashes if the hostname is NULL. This commit assigns valid value to s->host in such scenarios. Signed-off-by: Aditya Banavi <[email protected]> (cherry picked from commit 28b92b9b2e7abeb70b0aa050138e6e4b7cc26aed) The upstream fix calls ff_tls_parse_host(), which was introduced after this branch point by commit df3511db5bdf; its host-parsing is inlined here rather than backporting that refactor. Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/tls_gnutls.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/libavformat/tls_gnutls.c b/libavformat/tls_gnutls.c index 778ca9cf40..9bb272a308 100644 --- a/libavformat/tls_gnutls.c +++ b/libavformat/tls_gnutls.c @@ -31,6 +31,7 @@ #include "url.h" #include "tls.h" #include "libavutil/intreadwrite.h" +#include "libavutil/mem.h" #include "libavutil/opt.h" #include "libavutil/thread.h" #include "libavutil/random_seed.h" @@ -538,6 +539,21 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op if (!s->external_sock) { if ((ret = ff_tls_open_underlying(s, h, uri, options)) < 0) goto fail; + } else if (!s->host) { + /* With an external socket ff_tls_open_underlying() is skipped, so the + * host (used for SNI below) is never parsed. Parse it here to avoid + * passing a NULL s->host to gnutls_server_name_set(), which crashes. */ + struct addrinfo hints = { .ai_flags = AI_NUMERICHOST }, *ai = NULL; + av_url_split(NULL, 0, NULL, 0, s->underlying_host, sizeof(s->underlying_host), + NULL, NULL, 0, uri); + if (!getaddrinfo(s->underlying_host, NULL, &hints, &ai)) { + s->numerichost = 1; + freeaddrinfo(ai); + } + if (!(s->host = av_strdup(s->underlying_host))) { + ret = AVERROR(ENOMEM); + goto fail; + } } if (s->is_dtls) -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
