[vlc-commits] network: fix possible buffer overflow
vlc/vlc-3.0 | branch: master | Romain Vimont | Mon Jun 29 14:28:45 2020 +0200| [d9454acb5349957553a1553805be74e690a787b3] | committer: Hugo Beauzée-Luyssen network: fix possible buffer overflow The function vlc_tls_GetLine() forgot to truncate the string if a line sent by the server did not end with `\r\n`. As a consequence, it returned a non-NUL-terminated string. (cherry picked from commit 746bdbb122c05c114b5a0bcb58e8e573964fbdad) Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=d9454acb5349957553a1553805be74e690a787b3 --- src/network/tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/network/tls.c b/src/network/tls.c index 56e04d6ce7..e054f3f59f 100644 --- a/src/network/tls.c +++ b/src/network/tls.c @@ -329,6 +329,8 @@ char *vlc_tls_GetLine(vlc_tls_t *session) if (linelen >= 2 && line[linelen - 2] == '\r') line[linelen - 2] = '\0'; +else +line[linelen - 1] = '\0'; return line; error: ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] network: fix possible buffer overflow
vlc | branch: master | Romain Vimont | Mon Jun 29 14:28:45 2020 +0200| [746bdbb122c05c114b5a0bcb58e8e573964fbdad] | committer: Hugo Beauzée-Luyssen network: fix possible buffer overflow The function vlc_tls_GetLine() forgot to truncate the string if a line sent by the server did not end with `\r\n`. As a consequence, it returned a non-NUL-terminated string. Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=746bdbb122c05c114b5a0bcb58e8e573964fbdad --- src/network/stream.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/network/stream.c b/src/network/stream.c index 9d241e4f54..0990c6190f 100644 --- a/src/network/stream.c +++ b/src/network/stream.c @@ -154,6 +154,8 @@ char *vlc_tls_GetLine(vlc_tls_t *session) if (linelen >= 2 && line[linelen - 2] == '\r') line[linelen - 2] = '\0'; +else +line[linelen - 1] = '\0'; return line; error: ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
