vlc/vlc-3.0 | branch: master | Romain Vimont <ro...@videolabs.io> | Mon Jun 29 14:28:45 2020 +0200| [d9454acb5349957553a1553805be74e690a787b3] | committer: Hugo Beauzée-Luyssen
network: fix possible buffer overflow The function vlc_tls_GetLine() forgot to truncate the string if a line sent by the server did not end with `\r\n`. As a consequence, it returned a non-NUL-terminated string. (cherry picked from commit 746bdbb122c05c114b5a0bcb58e8e573964fbdad) Signed-off-by: Hugo Beauzée-Luyssen <h...@beauzee.fr> > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=d9454acb5349957553a1553805be74e690a787b3 --- src/network/tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/network/tls.c b/src/network/tls.c index 56e04d6ce7..e054f3f59f 100644 --- a/src/network/tls.c +++ b/src/network/tls.c @@ -329,6 +329,8 @@ char *vlc_tls_GetLine(vlc_tls_t *session) if (linelen >= 2 && line[linelen - 2] == '\r') line[linelen - 2] = '\0'; + else + line[linelen - 1] = '\0'; return line; error: _______________________________________________ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits