summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Schmidt <jan@centricular.com>2015-04-16 22:43:54 +1000
committerJan Schmidt <jan@centricular.com>2015-04-16 22:45:31 +1000
commit9e1135e209d798a6ebee2b415acc8c6535d3befc (patch)
tree4e0706ab02b7505279408b99bbcc7e4f79f149f0
parentd84d803431c834cd30b8878da82409d29f56443f (diff)
apexsink: Fix buffer overflow, in case anyone ever ports it.
Fix a simple buffer overflow - 16 bytes isn't enough to hold the string representation of a gulong on x86_64. I guess the intent was to generate a 32 bit random key, so let's do that. Only matters if anyone ever ports the sink to 1.x https://bugzilla.gnome.org/show_bug.cgi?id=676524
-rw-r--r--ext/apexsink/gstapexraop.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/apexsink/gstapexraop.c b/ext/apexsink/gstapexraop.c
index 0a780961c..af4f573c0 100644
--- a/ext/apexsink/gstapexraop.c
+++ b/ext/apexsink/gstapexraop.c
@@ -252,7 +252,7 @@ gst_apexraop_connect (GstApExRAOP * con)
{
struct asvals
{
- gulong url_key;
+ guint32 url_key;
guint64 conn_id;
guchar challenge[16];
} v;
@@ -284,7 +284,7 @@ gst_apexraop_connect (GstApExRAOP * con)
return GST_RTSP_STS_DESTINATION_UNREACHABLE;
RAND_bytes (randbuf.buf, sizeof (randbuf));
- sprintf ((gchar *) conn->url_abspath, "%lu", randbuf.v.url_key);
+ sprintf ((gchar *) conn->url_abspath, "%u", randbuf.v.url_key);
sprintf ((char *) conn->cid, "%16" G_GINT64_MODIFIER "x", randbuf.v.conn_id);
RAND_bytes (conn->aes_ky, AES_BLOCK_SIZE);