diff options
author | Jan Schmidt <jan@centricular.com> | 2015-09-03 20:56:55 +1000 |
---|---|---|
committer | Jan Schmidt <jan@centricular.com> | 2015-09-05 23:44:51 +1000 |
commit | fe4ed1d1dfbbc858865a59a470331264c6015f4c (patch) | |
tree | 72667a40970a140373d040523dd52bcdbb63f447 /gst/rtsp | |
parent | 50e9cc7f04da3e431e09bed753dc7badc1e4f930 (diff) |
rtspsrc: Fix SRTP + RTX, auth access, a leak, and an invalid memory access.
In parse_keymgmt(), don't mutate the input string that's been passed
as const, especially since we might need the original value again if
the same key info applies to multiple streams (RTX, for example).
When a resource is 404, and we have auth info - retry with the auth
info the same as if we had receive unauthorised, in case the resource
isn't even visible until credentials are supplied.
Fix a memory leak handling Mikey data.
When generating a random keystring, don't overrun the 30 byte
buffer by generating 32 bytes into it.
Diffstat (limited to 'gst/rtsp')
-rw-r--r-- | gst/rtsp/gstrtspsrc.c | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/gst/rtsp/gstrtspsrc.c b/gst/rtsp/gstrtspsrc.c index 60b0e372e..9e0bf5800 100644 --- a/gst/rtsp/gstrtspsrc.c +++ b/gst/rtsp/gstrtspsrc.c @@ -1858,7 +1858,6 @@ static gboolean parse_keymgmt (const gchar * keymgmt, GstCaps * caps) { gboolean res = FALSE; - gchar *p, *kmpid; gsize size; guchar *data; GstMIKEYMessage *msg; @@ -1866,17 +1865,28 @@ parse_keymgmt (const gchar * keymgmt, GstCaps * caps) const gchar *srtp_cipher; const gchar *srtp_auth; - p = (gchar *) keymgmt; + { + gchar *orig_value; + gchar *p, *kmpid; - SKIP_SPACES (p); - if (*p == '\0') - return FALSE; + p = orig_value = g_strdup (keymgmt); - PARSE_STRING (p, " ", kmpid); - if (!g_str_equal (kmpid, "mikey")) - return FALSE; + SKIP_SPACES (p); + if (*p == '\0') { + g_free (orig_value); + return FALSE; + } + + PARSE_STRING (p, " ", kmpid); + if (kmpid == NULL || !g_str_equal (kmpid, "mikey")) { + g_free (orig_value); + return FALSE; + } + data = g_base64_decode (p, &size); + + g_free (orig_value); /* Don't need this any more */ + } - data = g_base64_decode (p, &size); if (data == NULL) return FALSE; @@ -1984,6 +1994,7 @@ parse_keymgmt (const gchar * keymgmt, GstCaps * caps) gst_buffer_new_wrapped (g_memdup (pkd->key_data, pkd->key_len), pkd->key_len); gst_caps_set_simple (caps, "srtp-key", GST_TYPE_BUFFER, buf, NULL); + gst_buffer_unref (buf); } gst_caps_set_simple (caps, @@ -5940,6 +5951,7 @@ gst_rtspsrc_send (GstRTSPSrc * src, GstRTSPConnection * conn, switch (int_code) { case GST_RTSP_STS_UNAUTHORIZED: + case GST_RTSP_STS_NOT_FOUND: if (gst_rtspsrc_setup_auth (src, response)) { /* Try the request/response again after configuring the auth info * and loop again */ @@ -6335,10 +6347,11 @@ default_srtcp_params (void) GstBuffer *buf; guint8 *key_data; #define KEY_SIZE 30 + guint data_size = GST_ROUND_UP_4 (KEY_SIZE); /* create a random key */ - key_data = g_malloc (KEY_SIZE); - for (i = 0; i < KEY_SIZE; i += 4) + key_data = g_malloc (data_size); + for (i = 0; i < data_size; i += 4) GST_WRITE_UINT32_BE (key_data + i, g_random_int ()); buf = gst_buffer_new_wrapped (key_data, KEY_SIZE); |