rtmpproto: Check the buffer sizes when copying app/playpath strings

As pointed out by Reimar Döffinger. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st>

rtmpproto: Check the buffer sizes when copying app/playpath strings
As pointed out by Reimar Döffinger. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st>
0bacfa8d · Martin Storsjö · 7ce3bd96 · 0bacfa8d
Commit 0bacfa8d authored May 08, 2014 by Martin Storsjö
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 4 deletions

rtmpproto.c libavformat/rtmpproto.c +5 -4

No files found.
--- a/libavformat/rtmpproto.c
+++ b/libavformat/rtmpproto.c
@@ -2484,12 +2484,13 @@ reconnect:
    if (qmark && strstr(qmark, "slist=")) {
        char* amp;
        // After slist we have the playpath, before the params, the app
-        av_strlcpy(rt->app, path + 1, qmark - path);
+        av_strlcpy(rt->app, path + 1, FFMIN(qmark - path, APP_MAX_LENGTH));
        fname = strstr(path, "slist=") + 6;
        // Strip any further query parameters from fname
        amp = strchr(fname, '&');
        if (amp) {
-            av_strlcpy(fname_buffer, fname, amp - fname + 1);
+            av_strlcpy(fname_buffer, fname, FFMIN(amp - fname + 1,
+                                                  sizeof(fname_buffer)));
            fname = fname_buffer;
        }
    } else if (!strncmp(path, "/ondemand/", 10)) {
@@ -2507,10 +2508,10 @@ reconnect:
            fname = strchr(p + 1, '/');
            if (!fname || (c && c < fname)) {
                fname = p + 1;
-                av_strlcpy(rt->app, path + 1, p - path);
+                av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
            } else {
                fname++;
-                av_strlcpy(rt->app, path + 1, fname - path - 1);
+                av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
            }
        }
    }