Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
gstreamer-plugins-base
CVE-2019-9928.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-9928.patch of Package gstreamer-plugins-base
From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001 From: Tobias Ronge <tobiasr@axis.com> Date: Thu, 14 Mar 2019 10:12:27 +0100 Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow The former code allowed an attacker to create a heap overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. With this change, the parser will never go beyond 512 bytes. --- gst-libs/gst/rtsp/gstrtspconnection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c index a6755bedd..c0429064a 100644 --- a/gst-libs/gst/rtsp/gstrtspconnection.c +++ b/gst-libs/gst/rtsp/gstrtspconnection.c @@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message, maxlen = sizeof (conn->session_id) - 1; /* the sessionid can have attributes marked with ; * Make sure we strip them */ - for (i = 0; session_id[i] != '\0'; i++) { + for (i = 0; i < maxlen && session_id[i] != '\0'; i++) { if (session_id[i] == ';') { maxlen = i; /* parse timeout */ -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor