From be037e0dc8ffd67529e023d3ce8cd61a9ee2bcfb Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Wed, 10 Feb 2010 16:05:29 +0100 Subject: [PATCH] rtsp: fail gracefully on bad Content-Length headers Be careful when allocating the amount of bytes specified in the Content-Length because it can be an insanely huge value. Try to allocate the memory but fail gracefully with a nice error when the allocation failed. --- gst-libs/gst/rtsp/gstrtspconnection.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c index c78da0b1c5..3548beb9f2 100644 --- a/gst-libs/gst/rtsp/gstrtspconnection.c +++ b/gst-libs/gst/rtsp/gstrtspconnection.c @@ -1906,7 +1906,13 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message, GST_RTSP_HDR_X_SESSIONCOOKIE, NULL, 0) != GST_RTSP_OK)) { /* there is, prepare to read the body */ builder->body_len = atol (hdrval); - builder->body_data = g_malloc (builder->body_len + 1); + builder->body_data = g_try_malloc (builder->body_len + 1); + /* we can't do much here, we need the length to know how many bytes + * we need to read next and when allocation fails, something is + * probably wrong with the length. */ + if (builder->body_data == NULL) + goto invalid_body_len; + builder->body_data[builder->body_len] = '\0'; builder->offset = 0; builder->state = STATE_DATA_BODY; @@ -1999,6 +2005,13 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message, } done: return res; + + /* ERRORS */ +invalid_body_len: + { + GST_DEBUG ("could not allocate body"); + return GST_RTSP_ERROR; + } } /**