From 066878da4d4762a9b6cb169fdf353e804d735cfd Mon Sep 17 00:00:00 2001 From: swing Date: Thu, 13 Oct 2022 00:40:17 +0800 Subject: [PATCH] fix stack overflow vulnerability --- lib/libesp32/rtsp/CRtspSession.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/libesp32/rtsp/CRtspSession.cpp b/lib/libesp32/rtsp/CRtspSession.cpp index a14610038..7462e8f89 100755 --- a/lib/libesp32/rtsp/CRtspSession.cpp +++ b/lib/libesp32/rtsp/CRtspSession.cpp @@ -1,6 +1,7 @@ #include "CRtspSession.h" #include #include +#include CRtspSession::CRtspSession(SOCKET aRtspClient, CStreamer * aStreamer) : m_RtspClient(aRtspClient),m_Streamer(aStreamer) { @@ -47,6 +48,8 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize char * TmpPtr; char CP[128]; //static char CP[1024]; char * pCP; + int Length; + ClientPortPtr = strstr(CurRequest,"client_port"); if (ClientPortPtr != nullptr) @@ -55,7 +58,12 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize if (TmpPtr != nullptr) { TmpPtr[0] = 0x00; - strcpy(CP,ClientPortPtr); + Length = strlen(ClientPortPtr); + if (Length > 128) + { + Length = 128; + } + strncpy(CP,ClientPortPtr, Length); pCP = strstr(CP,"="); if (pCP != nullptr) {