Merge pull request #16802 from WinMin/development

fix stack overflow vulnerability
This commit is contained in:
Theo Arends 2022-10-12 19:31:16 +02:00 committed by GitHub
commit d0ee5776e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions

View File

@ -1,6 +1,7 @@
#include "CRtspSession.h"
#include <stdio.h>
#include <time.h>
#include <string.h>
CRtspSession::CRtspSession(SOCKET aRtspClient, CStreamer * aStreamer) : m_RtspClient(aRtspClient),m_Streamer(aStreamer)
{
@ -47,6 +48,8 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize
char * TmpPtr;
char CP[128]; //static char CP[1024];
char * pCP;
int Length;
ClientPortPtr = strstr(CurRequest,"client_port");
if (ClientPortPtr != nullptr)
@ -55,7 +58,12 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize
if (TmpPtr != nullptr)
{
TmpPtr[0] = 0x00;
strcpy(CP,ClientPortPtr);
Length = strlen(ClientPortPtr);
if (Length > 128)
{
Length = 128;
}
strncpy(CP,ClientPortPtr, Length);
pCP = strstr(CP,"=");
if (pCP != nullptr)
{