Commit 5718e348 authored by Luca Barbato's avatar Luca Barbato

rtmp: Do not misuse memcmp

CC: libav-stable@libav.org
parent 205a4502
...@@ -525,3 +525,36 @@ void ff_rtmp_packet_dump(void *ctx, RTMPPacket *p) ...@@ -525,3 +525,36 @@ void ff_rtmp_packet_dump(void *ctx, RTMPPacket *p)
av_log(ctx, AV_LOG_DEBUG, "\n"); av_log(ctx, AV_LOG_DEBUG, "\n");
} }
} }
int ff_amf_match_string(const uint8_t *data, int size, const char *str)
{
int len = strlen(str);
int amf_len, type;
if (size < 1)
return 0;
type = *data++;
if (type != AMF_DATA_TYPE_LONG_STRING &&
type != AMF_DATA_TYPE_STRING)
return 0;
if (type == AMF_DATA_TYPE_LONG_STRING) {
if ((size -= 4 + 1) < 0)
return 0;
amf_len = bytestream_get_be32(&data);
} else {
if ((size -= 2 + 1) < 0)
return 0;
amf_len = bytestream_get_be16(&data);
}
if (amf_len > size)
return 0;
if (amf_len != len)
return 0;
return !memcmp(data, str, len);
}
...@@ -282,6 +282,13 @@ int ff_amf_read_string(GetByteContext *gbc, uint8_t *str, ...@@ -282,6 +282,13 @@ int ff_amf_read_string(GetByteContext *gbc, uint8_t *str,
*/ */
int ff_amf_read_null(GetByteContext *gbc); int ff_amf_read_null(GetByteContext *gbc);
/**
* Match AMF string with a NULL-terminated string.
*
* @return 0 if the strings do not match.
*/
int ff_amf_match_string(const uint8_t *data, int size, const char *str);
/** @} */ // AMF funcs /** @} */ // AMF funcs
......
...@@ -1909,7 +1909,7 @@ static int handle_invoke_result(URLContext *s, RTMPPacket *pkt) ...@@ -1909,7 +1909,7 @@ static int handle_invoke_result(URLContext *s, RTMPPacket *pkt)
return ret; return ret;
} }
if (!memcmp(tracked_method, "connect", 7)) { if (!strcmp(tracked_method, "connect")) {
if (!rt->is_input) { if (!rt->is_input) {
if ((ret = gen_release_stream(s, rt)) < 0) if ((ret = gen_release_stream(s, rt)) < 0)
goto fail; goto fail;
...@@ -1935,7 +1935,7 @@ static int handle_invoke_result(URLContext *s, RTMPPacket *pkt) ...@@ -1935,7 +1935,7 @@ static int handle_invoke_result(URLContext *s, RTMPPacket *pkt)
goto fail; goto fail;
} }
} }
} else if (!memcmp(tracked_method, "createStream", 12)) { } else if (!strcmp(tracked_method, "createStream")) {
//extract a number from the result //extract a number from the result
if (pkt->data[10] || pkt->data[19] != 5 || pkt->data[20]) { if (pkt->data[10] || pkt->data[19] != 5 || pkt->data[20]) {
av_log(s, AV_LOG_WARNING, "Unexpected reply on connect()\n"); av_log(s, AV_LOG_WARNING, "Unexpected reply on connect()\n");
...@@ -1998,23 +1998,23 @@ static int handle_invoke(URLContext *s, RTMPPacket *pkt) ...@@ -1998,23 +1998,23 @@ static int handle_invoke(URLContext *s, RTMPPacket *pkt)
int ret = 0; int ret = 0;
//TODO: check for the messages sent for wrong state? //TODO: check for the messages sent for wrong state?
if (!memcmp(pkt->data, "\002\000\006_error", 9)) { if (ff_amf_match_string(pkt->data, pkt->size, "_error")) {
if ((ret = handle_invoke_error(s, pkt)) < 0) if ((ret = handle_invoke_error(s, pkt)) < 0)
return ret; return ret;
} else if (!memcmp(pkt->data, "\002\000\007_result", 10)) { } else if (ff_amf_match_string(pkt->data, pkt->size, "_result")) {
if ((ret = handle_invoke_result(s, pkt)) < 0) if ((ret = handle_invoke_result(s, pkt)) < 0)
return ret; return ret;
} else if (!memcmp(pkt->data, "\002\000\010onStatus", 11)) { } else if (ff_amf_match_string(pkt->data, pkt->size, "onStatus")) {
if ((ret = handle_invoke_status(s, pkt)) < 0) if ((ret = handle_invoke_status(s, pkt)) < 0)
return ret; return ret;
} else if (!memcmp(pkt->data, "\002\000\010onBWDone", 11)) { } else if (ff_amf_match_string(pkt->data, pkt->size, "onBWDone")) {
if ((ret = gen_check_bw(s, rt)) < 0) if ((ret = gen_check_bw(s, rt)) < 0)
return ret; return ret;
} else if (!memcmp(pkt->data, "\002\000\015releaseStream", 16) || } else if (ff_amf_match_string(pkt->data, pkt->size, "releaseStream") ||
!memcmp(pkt->data, "\002\000\011FCPublish", 12) || ff_amf_match_string(pkt->data, pkt->size, "FCPublish") ||
!memcmp(pkt->data, "\002\000\007publish", 10) || ff_amf_match_string(pkt->data, pkt->size, "publish") ||
!memcmp(pkt->data, "\002\000\010_checkbw", 11) || ff_amf_match_string(pkt->data, pkt->size, "_checkbw") ||
!memcmp(pkt->data, "\002\000\014createStream", 15)) { ff_amf_match_string(pkt->data, pkt->size, "createStream")) {
if ((ret = send_invoke_response(s, pkt)) < 0) if ((ret = send_invoke_response(s, pkt)) < 0)
return ret; return ret;
} }
...@@ -2210,7 +2210,8 @@ static int get_packet(URLContext *s, int for_header) ...@@ -2210,7 +2210,8 @@ static int get_packet(URLContext *s, int for_header)
continue; continue;
} }
if (rpkt.type == RTMP_PT_VIDEO || rpkt.type == RTMP_PT_AUDIO || if (rpkt.type == RTMP_PT_VIDEO || rpkt.type == RTMP_PT_AUDIO ||
(rpkt.type == RTMP_PT_NOTIFY && !memcmp("\002\000\012onMetaData", rpkt.data, 13))) { (rpkt.type == RTMP_PT_NOTIFY &&
ff_amf_match_string(rpkt.data, rpkt.size, "onMetaData"))) {
ts = rpkt.timestamp; ts = rpkt.timestamp;
// generate packet header and put data into buffer for FLV demuxer // generate packet header and put data into buffer for FLV demuxer
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment