rtmpproto: Check APP_MAX_LENGTH
authorMichael Niedermayer <michaelni@gmx.at>
Sat, 23 Feb 2013 15:58:01 +0000 (16:58 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Sat, 23 Feb 2013 16:18:22 +0000 (17:18 +0100)
Fixes Ticket2292

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavformat/rtmpproto.c

index 6f03dd9..fa661ee 100644 (file)
@@ -2367,16 +2367,20 @@ reconnect:
             fname = strchr(p + 1, '/');
             if (!fname || (c && c < fname)) {
                 fname = p + 1;
-                av_strlcpy(rt->app, path + 1, p - path);
+                av_strlcpy(rt->app, path + 1, FFMIN(p - path, APP_MAX_LENGTH));
             } else {
                 fname++;
-                av_strlcpy(rt->app, path + 1, fname - path - 1);
+                av_strlcpy(rt->app, path + 1, FFMIN(fname - path - 1, APP_MAX_LENGTH));
             }
         }
     }
 
     if (old_app) {
         // The name of application has been defined by the user, override it.
+        if (strlen(old_app) >= APP_MAX_LENGTH) {
+            ret = AVERROR(EINVAL);
+            goto fail;
+        }
         av_free(rt->app);
         rt->app = old_app;
     }